You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
cve 2025 68156
About this tag
CVE-2025-68156 is a denial-of-service vulnerability in the Expr Go package, an expression language and runtime for Go applications. The vulnerability allows attackers to cause a process-level denial of service by exploiting unbounded recursion in several widely used functions within Expr's evaluator. This can exhaust the Go runtime stack when processing user-supplied data. The recommended mitigation is to upgrade the Expr library or implement a MaxDepth guard to limit recursion depth. This tag covers discussions about the CVE, its impact on Go applications, and patching strategies to prevent DoS attacks.
Expr’s evaluator can be crashed by ordinary builtin calls: a newly assigned CVE shows several widely used functions in the Expr Go package performed unbounded recursion over user-supplied data and could exhaust the Go runtime stack, allowing attackers to cause a process-level denial of service...