CVE-2025-22868

Опубликовано: 26 фев. 2025

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing.

Ссылки

https://go.dev/cl/652155
Patch
https://go.dev/issue/71490
Issue Tracking
Patch
https://pkg.go.dev/vuln/GO-2025-3488
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:go:jws:*:*:*:*:*:go:*:*

Версия до 0.27.0 (исключая)

EPSS

Процентиль: 30%

0.00112

Низкий

7.5 High

CVSS3

Дефекты

CWE-1286

Связанные уязвимости

CVE-2025-22868

CVSS3: 7.5

ubuntu

около 1 года назад

An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing.

CVE-2025-22868

CVSS3: 7.5

redhat

около 1 года назад

An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing.

CVE-2025-22868

CVSS3: 7.5

msrc

около 1 года назад

Unexpected memory consumption during token parsing in golang.org/x/oauth2

CVE-2025-22868

CVSS3: 7.5

debian

около 1 года назад

An attacker can pass a malicious malformed token which causes unexpect ...

openSUSE-SU-2025:0091-1

suse-cvrf

около 1 года назад

Security update for restic

EPSS

Процентиль: 30%

0.00112

Низкий

7.5 High

CVSS3

Дефекты

CWE-1286