You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
recursion dos
About this tag
The recursion dos tag covers denial-of-service vulnerabilities caused by unbounded recursion in software, particularly in the Expr Go package. A recent thread discusses CVE-2025-68156, where builtin functions in Expr's evaluator could be exploited to exhaust the Go runtime stack, leading to process-level crashes. The content highlights the importance of patching and implementing MaxDepth guards to mitigate such recursion-based DoS attacks. This tag is relevant for developers and IT professionals managing Go applications or expression evaluators, focusing on security updates and defensive coding practices against stack exhaustion.
Expr’s evaluator can be crashed by ordinary builtin calls: a newly assigned CVE shows several widely used functions in the Expr Go package performed unbounded recursion over user-supplied data and could exhaust the Go runtime stack, allowing attackers to cause a process-level denial of service...