Bug 2342464 (CVE-2025-22865)

Summary: CVE-2025-22865 crypto/x509: ParsePKCS1PrivateKey panic with partial keys in crypto/x509
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security DevOps Team <prodsec-dev>
Status: NEW --- QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: aazores, abrianik, akostadi, alcohan, amasferr, amctagga, anjoseph, aoconnor, bdettelb, bniver, brking, cbartlet, chazlett, cmah, crizzo, danken, dhanak, dmayorov, doconnor, drosa, dsimansk, dymurray, eaguilar, ebaron, eglynn, fdeutsch, flucifre, ggrzybek, gkamathe, gmeno, gparvin, haoli, hkataria, ibolton, jaharrin, jajackso, jburrell, jcammara, jcantril, jeder, jforrest, jjoyce, jkoehler, jlledo, jmatthew, jmitchel, jmontleo, jneedle, jolong, jprabhak, jschluet, jwendell, kegrant, kingland, koliveir, kshier, kverlaen, lchilton, lgamliel, lhh, lphiri, lsvaty, mabashia, manissin, matzew, mbenjamin, mbocek, mburns, mgarciac, mhackett, mmakovy, mnovotny, mrunge, njean, nobody, oramraz, owatkins, pahickey, parichar, pbraun, pgaikwad, pgrist, pierdipi, pjindal, rcernich, rfreiman, rguimara, rhaigner, rhuss, rjohnson, rojacob, sakbas, sausingh, sdawley, sfeifer, sfroberg, shvarugh, simaishi, slucidi, smcdonal, smullick, sostapov, sseago, stcannon, stirabos, tasato, teagle, tfister, thason, thavo, tjochec, vereddy, vimartin, whayutin, wtam, yguenane
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in the crypto/x509 golang library. When using ParsePKCS1PrivateKey to parse an RSA key missing the CRT values, causes a panic when verifying the key is well formed.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2342736, 2342737, 2342738, 2342741, 2342742, 2342743, 2342744, 2342745, 2350501    
Bug Blocks:    

Description OSIDB Bzimport 2025-01-28 02:01:18 UTC 
Using ParsePKCS1PrivateKey to parse a RSA key that is missing the CRT values would panic when verifying that the key is well formed.
Comment 10 errata-xmlrpc 2025-07-24 15:22:20 UTC 
This issue has been addressed in the following products:

  Red Hat Ceph Storage 8.1

Via RHSA-2025:11749 https://access.redhat.com/errata/RHSA-2025:11749
Comment 11 errata-xmlrpc 2025-07-28 10:56:11 UTC 
This issue has been addressed in the following products:

  Red Hat Ceph Storage 7.1

Via RHSA-2025:11889 https://access.redhat.com/errata/RHSA-2025:11889