Описание
The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| golang-1.25 | fixed | 1.25.2-1 | package | |
| golang-1.24 | fixed | 1.24.8-1 | package | |
| golang-1.24 | no-dsa | trixie | package | |
| golang-1.23 | removed | package | ||
| golang-1.19 | removed | package | ||
| golang-1.19 | no-dsa | bookworm | package | |
| golang-1.15 | removed | package | ||
| golang-1.15 | postponed | bullseye | package |
Примечания
https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI/m/qZN5nc-mBgAJ
https://github.com/golang/go/issues/75676
https://github.com/golang/go/commit/90f72bd5001d0278949fab0b7a40f7d8c712979b (go1.25.2)
https://github.com/golang/go/commit/74d4d836b91318a8764b94bc2b4b66ff599eb5f2 (go1.24.8)
Связанные уязвимости
The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs.
The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs.
Quadratic complexity when parsing some invalid inputs in encoding/pem
The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs.
Уязвимость языка программирования Go, связанная с недостаточной проверкой входных данных, позволяющая нарушителю оказать воздействие на доступность защищаемой информации