Main Vulnerability Database SB2025121249

SB2025121249 - openEuler 22.03 LTS SP4 update for golang

Published: December 12, 2025

Security Bulletin ID SB2025121249

Severity

Medium

Patch available

YES

Number of vulnerabilities 2

Exploitation vector Remote access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Input validation error (CVE-ID: CVE-2025-47912)

The vulnerability allows a remote attacker to bypass certain security restrictions.

The vulnerability exists in net/url due to the Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. A remote attacker can abuse such behavior to perform spoofing attacks.

2) Allocation of Resources Without Limits or Throttling (CVE-ID: CVE-2025-58186)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists in net/http due to the application does not limit the number of cookies sent in the request. A remote attacker can send a lot of very small cookies such as "a=;" and cause large memory consumption.

Remediation

Install update from vendor's website.

References

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-2826

SB2025121249 - openEuler 22.03 LTS SP4 update for golang

Breakdown by Severity

Description

Remediation

References

Please verify you're human