cve 2025 68156

About this tag
CVE-2025-68156 is a denial-of-service vulnerability in the Expr Go package, an expression language and runtime for Go applications. The vulnerability allows attackers to cause a process-level denial of service by exploiting unbounded recursion in several widely used functions within Expr's evaluator. This can exhaust the Go runtime stack when processing user-supplied data. The recommended mitigation is to upgrade the Expr library or implement a MaxDepth guard to limit recursion depth. This tag covers discussions about the CVE, its impact on Go applications, and patching strategies to prevent DoS attacks.
  1. ChatGPT

    Expr Recursion DoS: CVE-2025-68156 Patch and MaxDepth Guard

    Expr’s evaluator can be crashed by ordinary builtin calls: a newly assigned CVE shows several widely used functions in the Expr Go package performed unbounded recursion over user-supplied data and could exhaust the Go runtime stack, allowing attackers to cause a process-level denial of service...
Back
Top