GCVE - cpe:2.3:a:go_standard_library:net/mail:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:go_standard_library:net/mail:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Go Standard Library (`50bc78d3-15d0-59a4-bc22-a964570e0614`)
Product	Net/Mail (`c8fda7c8-5e7a-57aa-b4da-7ca0a8a1f073`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2026-42499`	vulnerable	2026-06-03 15:25:01.203638	Quadratic string concatenation in consumePhrase in net/mail Pathological inputs could cause DoS through consumePhrase when parsing an email address according to RFC 5322. Published: 2026-05-07T19:41:18.615Z Updated: 2026-05-08T21:29:59.662Z Open on db.gcve.eu Reference links https://go.dev/issue/78987 https://go.dev/cl/771520 https://groups.google.com/g/golang-announce/c/qcCIEXso47M https://pkg.go.dev/vuln/GO-2026-4977	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2026-39820`	vulnerable	2026-06-03 15:22:13.138902	Quadratic string concatentation in consumeComment in net/mail Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations. Published: 2026-05-07T19:41:19.854Z Updated: 2026-05-08T14:27:54.923Z Open on db.gcve.eu Reference links https://go.dev/issue/78566 https://go.dev/cl/759940 https://groups.google.com/g/golang-announce/c/qcCIEXso47M https://pkg.go.dev/vuln/GO-2026-4986	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-61725`	vulnerable	2026-06-03 15:07:57.043534	Excessive CPU consumption in ParseAddress in net/mail The ParseAddress function constructs domain-literal address components through repeated string concatenation. When parsing large domain-literal components, this can cause excessive CPU consumption. Published: 2025-10-29T22:10:12.255Z Updated: 2025-12-09T17:42:06.541Z Open on db.gcve.eu Reference links https://go.dev/cl/709860 https://go.dev/issue/75680 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://pkg.go.dev/vuln/GO-2025-4006	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-24784`	vulnerable	2026-06-03 14:55:05.763438	Comments in display names are incorrectly handled in net/mail The ParseAddressList function incorrectly handles comments (text within parentheses) within display names. Since this is a misalignment with conforming address parsers, it can result in different trust decisions being made by programs using different parsers. Published: 2024-03-05T22:22:32.186Z Updated: 2025-02-13T17:40:24.430Z Open on db.gcve.eu Reference links https://go.dev/issue/65083 https://go.dev/cl/555596 https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg https://pkg.go.dev/vuln/GO-2024-2609 https://security.netapp.com/advisory/ntap-20240329-0007/	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.