ALT-PU-2026-1175-4

Package mimir updated to version 3.0.2-alt1 for branch c10f2 in task 404903.

Уязвимость функции HostnameError.Error() пакета crypto/x509 языка программирования Go, позволяющая нарушителю вызвать отказ в обслуживании

Severity: HIGH (7.5)Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Severity: HIGH (7.8)Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

References:

CVE-2025-61729

Уязвимость языка программирования Go, связанная с недостатками процедуры авторизации, позволяющая нарушителю оказать воздействие на конфиденциальность и целостность защищаемой информации

Severity: MEDIUM (6.5)Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Severity: MEDIUM (6.4)Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N

References:

CVE-2025-61727

An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not prevent a leaf certificate from claiming the SAN *.example.com.

Severity: MEDIUM (6.5)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

References:

Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption.

Severity: HIGH (7.5)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

OpenTofu incorrectly validates excluded subdomain constraint in conjunction with TLS certificates containing wildcard SANs

Severity: MEDIUM (5.9)Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N

References:

Version: 2.1.2

Package mimir update in c10f2 on 2026-01-12

ALT-PU-2026-1175-4

Closed vulnerabilities

BDU:2025-16242

BDU:2026-00268

CVE-2025-61727

CVE-2025-61729

GHSA-mjcp-gpgx-ggcg