Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2025-58188

Опубликовано: 29 окт. 2025
Источник: debian
EPSS Низкий

Описание

Validating certificate chains which contain DSA public keys can cause programs to panic, due to a interface cast that assumes they implement the Equal method. This affects programs which validate arbitrary certificate chains.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
golang-1.25fixed1.25.2-1package
golang-1.24fixed1.24.8-1package
golang-1.24no-dsatrixiepackage
golang-1.23removedpackage
golang-1.19removedpackage
golang-1.19no-dsabookwormpackage
golang-1.15removedpackage
golang-1.15postponedbullseyepackage

Примечания

  • https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI/m/qZN5nc-mBgAJ

  • https://github.com/golang/go/issues/75675

  • https://github.com/golang/go/commit/930ce220d052d632f0d84df5850c812a77b70175 (go1.25.2)

  • https://github.com/golang/go/commit/f9f198ab05e3282cbf6b13251d47d9141981e401 (go1.24.8)

EPSS

Процентиль: 8%
0.00031
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2025-58188

CVSS3: 7.5
ubuntu
27 дней назад

[crypto/x509: panic when validating certificates with DSA public keys]

nvd логотип

CVE-2025-58188

CVSS3: 7.5
nvd
7 дней назад

Validating certificate chains which contain DSA public keys can cause programs to panic, due to a interface cast that assumes they implement the Equal method. This affects programs which validate arbitrary certificate chains.

msrc логотип

CVE-2025-58188

msrc
6 дней назад

Panic when validating certificates with DSA public keys in crypto/x509

github логотип

GHSA-7wwx-xj66-r44x

CVSS3: 7.5
github
7 дней назад

Validating certificate chains which contain DSA public keys can cause programs to panic, due to a interface cast that assumes they implement the Equal method. This affects programs which validate arbitrary certificate chains.

suse-cvrf логотип

SUSE-SU-2025:3682-1

suse-cvrf
16 дней назад

Security update for go1.24

EPSS

Процентиль: 8%
0.00031
Низкий