CVE-2025-61723

Опубликовано: 29 окт. 2025

Источник: debian

EPSS Низкий

Описание

The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
golang-1.25	fixed	1.25.2-1		package
golang-1.24	fixed	1.24.8-1		package
golang-1.24	no-dsa		trixie	package
golang-1.23	removed			package
golang-1.19	removed			package
golang-1.19	no-dsa		bookworm	package
golang-1.15	removed			package
golang-1.15	postponed		bullseye	package

Примечания

https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI/m/qZN5nc-mBgAJ
https://github.com/golang/go/issues/75676
https://github.com/golang/go/commit/90f72bd5001d0278949fab0b7a40f7d8c712979b (go1.25.2)
https://github.com/golang/go/commit/74d4d836b91318a8764b94bc2b4b66ff599eb5f2 (go1.24.8)

EPSS

Процентиль: 22%

0.0007

Низкий

Связанные уязвимости

CVE-2025-61723

CVSS3: 7.5

ubuntu

27 дней назад

[encoding/pem: quadratic complexity when parsing some invalid inputs]

CVE-2025-61723

CVSS3: 7.5

nvd

7 дней назад

The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs.

CVE-2025-61723

msrc

6 дней назад

Quadratic complexity when parsing some invalid inputs in encoding/pem

GHSA-hjx7-fpxx-mj48

CVSS3: 6.5

github

7 дней назад

The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs.

SUSE-SU-2025:3682-1

suse-cvrf

16 дней назад

Security update for go1.24

EPSS

Процентиль: 22%

0.0007

Низкий