Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2025-22865

Опубликовано: 28 янв. 2025
Источник: redhat
CVSS3: 7.5

Описание

Using ParsePKCS1PrivateKey to parse a RSA key that is missing the CRT values would panic when verifying that the key is well formed.

A flaw was found in the crypto/x509 golang library. When using ParsePKCS1PrivateKey to parse an RSA key missing the CRT values, causes a panic when verifying the key is well formed.

Отчет

This vulnerability affects only the Go 1.24 release candidates. Red Hat products do not utilize Go 1.24, except Red Hat Ceph Storage 8 which includes a Grafana container that uses Go 1.24 and is therefore affected by this issue.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Assisted Installer for Red Hat OpenShift Container Platform 2rhai-tech-preview/assisted-installer-rhel8Not affected
Cryostat 3cryostat-tech-preview/cryostat-storage-rhel8Not affected
Deployment Validation Operatordeployment-validation-operator-containerNot affected
Fence Agents Remediation Operatorfence-agents-remediation-operator-containerNot affected
Kube Descheduler Operatorkube-descheduler-operator/descheduler-rhel9Not affected
Logging Subsystem for Red Hat OpenShiftopenshift-logging/logging-loki-rhel9Not affected
Logical Volume Manager Storagelvms4/topolvm-rhel9Not affected
Machine Deletion Remediation Operatormachine-deletion-remediation-operator-containerNot affected
Migration Toolkit for Applications 7mta/mta-cli-rhel9Not affected
Migration Toolkit for Containersrhmtc/openshift-migration-registry-rhel8Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-228
https://bugzilla.redhat.com/show_bug.cgi?id=2342464crypto/x509: ParsePKCS1PrivateKey panic with partial keys in crypto/x509

7.5 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2025-22865

CVSS3: 7.5
ubuntu
11 месяцев назад

Using ParsePKCS1PrivateKey to parse a RSA key that is missing the CRT values would panic when verifying that the key is well formed.

nvd логотип

CVE-2025-22865

CVSS3: 7.5
nvd
11 месяцев назад

Using ParsePKCS1PrivateKey to parse a RSA key that is missing the CRT values would panic when verifying that the key is well formed.

debian логотип

CVE-2025-22865

CVSS3: 7.5
debian
11 месяцев назад

Using ParsePKCS1PrivateKey to parse a RSA key that is missing the CRT ...

github логотип

GHSA-v7qx-rccr-23xm

CVSS3: 7.5
github
11 месяцев назад

Using ParsePKCS1PrivateKey to parse a RSA key that is missing the CRT values would panic when verifying that the key is well formed.

fstec логотип

BDU:2025-01439

CVSS3: 7.5
fstec
12 месяцев назад

Уязвимость функции ParsePKCS1PrivateKey библиотеки crypto/x509 языка программирования Go, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

7.5 High

CVSS3

Уязвимость CVE-2025-22865