Launch Week Day 1: Announcing Security Design Review
Start for Free
UNKNOWN Go

Quadratic string concatenation in consumePhrase in net/mail

GO-2026-4977 · BIT-golang-2026-42499 · CVE-2026-42499

Published · Modified

Description

Pathological inputs could cause DoS through consumePhrase when parsing an email address according to RFC 5322.

References

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes