CVE-2025-61723

Опубликовано: 29 окт. 2025

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs.

Ссылки

https://go.dev/cl/709858
Patch
https://go.dev/issue/75676
Issue Tracking
https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI
Mailing List
Release Notes
https://pkg.go.dev/vuln/GO-2025-4009
Vendor Advisory
http://www.openwall.com/lists/oss-security/2025/10/08/1
Mailing List
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*

Версия до 1.24.8 (исключая)

cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*

Версия от 1.25.0 (включая) до 1.25.2 (исключая)

EPSS

Процентиль: 8%

0.00027

Низкий

7.5 High

CVSS3

Дефекты

CWE-770

Связанные уязвимости

CVE-2025-61723

CVSS3: 7.5

ubuntu

5 месяцев назад

The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs.

CVE-2025-61723

CVSS3: 5.3

redhat

5 месяцев назад

The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs.

CVE-2025-61723

msrc

5 месяцев назад

Quadratic complexity when parsing some invalid inputs in encoding/pem

CVE-2025-61723

CVSS3: 7.5

debian

5 месяцев назад

The processing time for parsing some invalid inputs scales non-linearl ...

GHSA-hjx7-fpxx-mj48

CVSS3: 6.5

github

5 месяцев назад

The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs.

EPSS

Процентиль: 8%

0.00027

Низкий

7.5 High

CVSS3

Дефекты

CWE-770