Skip to main content

Go crypto/x509 CVE-2026-27145

| EUVDEUVD-2026-34038 MEDIUM
Unchecked Input for Loop Condition (CWE-606)
2026-06-02 Go GHSA-4279-q6mj-392r
6.5
CVSS 3.1 · Vendor: Go
Share

Severity by source

Vendor (Go) PRIMARY
6.5 MEDIUM
AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
SUSE
MEDIUM
qualitative

Primary rating from Vendor (Go).

CVSS VectorVendor: Go

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
High

Lifecycle Timeline

3
Analysis Generated
Jun 04, 2026 - 14:23 vuln.today
CVSS changed
Jun 04, 2026 - 14:22 NVD
6.5 (MEDIUM)
CVE Published
Jun 02, 2026 - 22:01 nvd
UNKNOWN (no severity yet)

DescriptionCVE.org

(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chain, this overhead occurred even for untrusted certificates.

AnalysisAI

Quadratic-complexity denial-of-service in Go's crypto/x509 package allows a network-positioned attacker presenting a certificate with a large DNS Subject Alternative Name list to exhaust CPU on the verifying party. The root cause is that VerifyHostname called strings.Split(host, ".") inside a loop over every DNS SAN entry rather than computing it once, scaling work as O(SANs × hostname_labels). Critically, x509.Verify performs hostname validation before chain building, meaning even untrusted, self-signed certificates trigger the expensive computation - no valid CA-issued certificate is required. No public exploit is identified at time of analysis, and EPSS is 0.00%, consistent with a newly-disclosed algorithmic complexity issue without weaponized tooling.

Technical ContextAI

The affected component is the crypto/x509 package in the Go standard library (CPE: cpe:2.3:a:go_standard_library:crypto/x509:*:*:*:*:*:*:*:*). The VerifyHostname method iterates over all DNS SAN entries in a certificate and, for each entry, calls matchHostnames which internally invokes strings.Split(host, ".") to decompose the hostname into labels. Because this split was performed inside the loop rather than being hoisted out and cached before iteration, the work grows proportionally to both the number of SAN entries and the number of dot-separated labels in the hostname - producing quadratic worst-case complexity. CWE is listed as N/A in the source data, but the vulnerability class maps to CWE-407 (Inefficient Algorithmic Complexity). The design flaw was identified via Go issue tracker reference https://go.dev/issue/79694 and fixed in changelist https://go.dev/cl/783621, which hoists the split computation outside the loop.

RemediationAI

Upgrade to Go 1.25.11 or Go 1.26.4 - these are the vendor-released patched versions per EUVD-2026-34038 and the Go vulnerability database entry GO-2026-5037 (https://pkg.go.dev/vuln/GO-2026-5037). The upstream fix (https://go.dev/cl/783621) hoists the strings.Split call outside the SAN loop, reducing complexity from quadratic to linear. If an immediate upgrade is not feasible, compensating controls include: restricting inbound TLS connections to trusted certificate authorities only using tls.Config.ClientCAs and tls.Config.ClientAuth = tls.RequireAndVerifyClientCert (trades off blocking anonymous client cert abuse but does not help where the attacker controls a server), deploying rate limiting and connection throttling at the load balancer or proxy layer to constrain the rate at which TLS handshakes can be initiated from a single source (reduces DoS impact but does not eliminate it), and using a TLS termination proxy that performs certificate processing before forwarding to the Go application (isolates the vulnerable code path at the cost of added infrastructure complexity). These workarounds carry operational trade-offs and are not substitutes for patching.

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
openSUSE Tumbleweed Fixed
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS Affected
SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS Affected
SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS Affected
SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS Affected

Share

CVE-2026-27145 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy