Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2025-58185

Опубликовано: 29 окт. 2025
Источник: redhat
CVSS3: 5.3
EPSS Низкий

Описание

Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion.

A memory exhaustion flaw has been discovered in the golang encoding/asn1 module. Within parseSequenceOf, reflect.MakeSlice is being used to pre-allocate a slice that is needed in order to fully validate the given DER payload. The size of the slice allocated are also multiple times larger than the input DER. As a result, a malicious actor can craft a big empty DER payload, resulting in an unnecessary large allocation of memories. This can be a way to cause memory exhaustion.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Assisted Installer for Red Hat OpenShift Container Platform 2rhai/assisted-installer-rhel9Under investigation
Builds for Red Hat OpenShiftopenshift-builds/openshift-builds-waiters-rhel9Under investigation
cert-manager Operator for Red Hat OpenShiftcert-manager/jetstack-cert-manager-rhel9Under investigation
Compliance Operatorcompliance/openshift-compliance-operator-bundleUnder investigation
Confidential Compute Attestationbuild-of-trustee/trustee-rhel9-operatorUnder investigation
Confidential Compute Attestationopenshift-sandboxed-containers/osc-monitor-rhel9Under investigation
Cryostat 4cryostat/cryostat-storage-rhel9Under investigation
Custom Metric Autoscaler operator for Red Hat Openshiftcustom-metrics-autoscaler/custom-metrics-autoscaler-rhel9Under investigation
Deployment Validation Operatordvo/deployment-validation-rhel8-operatorUnder investigation
ExternalDNS Operatoredo/external-dns-rhel8Under investigation

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-770
https://bugzilla.redhat.com/show_bug.cgi?id=2407251encoding/asn1: Parsing DER payload can cause memory exhaustion in encoding/asn1

EPSS

Процентиль: 6%
0.00023
Низкий

5.3 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2025-58185

CVSS3: 5.3
ubuntu
5 месяцев назад

Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion.

nvd логотип

CVE-2025-58185

CVSS3: 5.3
nvd
5 месяцев назад

Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion.

msrc логотип

CVE-2025-58185

msrc
5 месяцев назад

Parsing DER payload can cause memory exhaustion in encoding/asn1

debian логотип

CVE-2025-58185

CVSS3: 5.3
debian
5 месяцев назад

Parsing a maliciously crafted DER payload could allocate large amounts ...

github логотип

GHSA-jwmf-chvc-rf92

CVSS3: 5.3
github
5 месяцев назад

Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion.

EPSS

Процентиль: 6%
0.00023
Низкий

5.3 Medium

CVSS3