| Summary: |
CVE-2025-61723 encoding/pem: Quadratic complexity when parsing some invalid inputs in encoding/pem |
| Product: |
[Other] Security Response
|
Reporter: |
OSIDB Bzimport <bzimport> |
| Component: |
vulnerability | Assignee: |
Product Security DevOps Team <prodsec-dev> |
| Status: |
NEW
---
|
QA Contact: |
|
| Severity: |
medium
|
Docs Contact: |
|
| Priority: |
medium
|
|
|
| Version: |
unspecified | CC: |
abarbaro, abrianik, adistefa, akostadi, akoudelk, alcohan, amasferr, amctagga, anjoseph, anpicker, ansmith, anthomas, aoconnor, asatyam, bdettelb, bniver, bparees, brainfor, chfoley, ckandaga, cmah, crizzo, dhanak, diagrawa, dmayorov, doconnor, drosa, dsimansk, dymurray, ebaron, eglynn, ehelms, fdeutsch, flucifre, ggainey, ggrzybek, gmeno, gparvin, haoli, hasun, hkataria, ibolton, jaharrin, jajackso, jbalunas, jburrell, jcammara, jcantril, jchui, jeder, jfula, jhe, jjoyce, jkoehler, jlledo, jmatthew, jmitchel, jmontleo, jneedle, jowilson, jprabhak, jschluet, jscholz, juwatts, kegrant, kingland, koliveir, kshier, ktsao, kverlaen, lball, lbragsta, lchilton, ldai, lgamliel, lhh, lphiri, lsharar, lsvaty, lucarval, mabashia, manissin, matzew, mbenjamin, mbocek, mburns, mgarciac, mhackett, mhulan, mnovotny, mrunge, mwringe, nboldt, ngough, nmoumoul, nyancey, ometelka, oramraz, osousa, owatkins, pahickey, pantinor, parichar, pbraun, pcreech, peholase, pgaikwad, pgrist, pjindal, psrna, ptisnovs, pvasanth, rchan, rfreiman, rhaigner, rjohnson, rojacob, sabiswas, sakbas, sausingh, sdawley, sfeifer, shvarugh, simaishi, slucidi, smallamp, smcdonal, smullick, sostapov, sseago, stcannon, stirabos, swoodman, syedriko, tasato, teagle, tfister, thason, thavo, tmalecek, tsedmik, vereddy, veshanka, vimartin, vkareh, wenshen, whayutin, wtam, xdharmai, xiyuan, yguenane
|
| Target Milestone: |
--- | Keywords: |
Security |
| Target Release: |
--- | |
|
| Hardware: |
All | |
|
| OS: |
Linux | |
|
| Whiteboard: |
|
|
Fixed In Version:
|
|
Doc Type:
|
---
|
|---|
|
Doc Text:
|
A potential denial of service flaw has been discovered in the golang encoding/pem module. Due to the design of the PEM parsing function, the processing time for some
inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs and may result in an unresponsive program should an attacker exploit it.
|
Story Points:
|
---
|
|---|
|
Clone Of:
|
|
Environment:
|
|
|---|
|
Last Closed:
|
|
Type:
|
---
|
|---|
|
Regression:
|
---
|
Mount Type:
|
---
|
|---|
|
Documentation:
|
---
|
CRM:
|
|
|---|
|
Verified Versions:
|
|
Category:
|
---
|
|---|
|
oVirt Team:
|
---
|
RHEL 7.3 requirements from Atomic Host:
|
|
|---|
|
Cloudforms Team:
|
---
|
Target Upstream Version:
|
|
|---|
|
Embargoed:
|
|
| |
|---|
| Bug Depends On: |
2408909, 2408910, 2408911, 2408912, 2408913, 2408914, 2408916, 2408918, 2408920, 2408922, 2408924, 2408926, 2408928, 2408929, 2408930, 2408931, 2408932, 2408933, 2408934, 2408935, 2408936, 2408937, 2408938, 2408939, 2408940, 2408941, 2408942, 2408943, 2408944, 2408945, 2408946, 2408947, 2408948, 2408949, 2408950, 2408951, 2408952, 2408953, 2408954, 2408955, 2408956, 2408957, 2408958, 2408959, 2408960, 2408961, 2408962, 2408963, 2408964, 2408965, 2408966, 2408967, 2408968, 2408969, 2408970, 2408971, 2408972, 2408973, 2408974, 2408975, 2408976, 2408977, 2408978, 2408979, 2408980, 2408982, 2408983, 2408984, 2408985, 2408986, 2408988, 2408989, 2408990, 2408991, 2408992, 2408993, 2408994, 2408995, 2408996, 2408997, 2408998, 2408999, 2409000, 2409001, 2409002, 2409003, 2409004, 2409005, 2409006, 2409007, 2409008, 2409009, 2409010, 2409011, 2409012, 2409013, 2409014, 2409015, 2409016, 2409017, 2409018, 2409019, 2409020, 2409021, 2409022, 2409023, 2409024, 2409025, 2409026, 2409027, 2409028, 2409029, 2409030, 2409031, 2409032, 2409033, 2409034, 2409035, 2409036, 2409037, 2409038, 2409039, 2409040, 2409041, 2409042, 2409043, 2409044, 2409045, 2409046, 2409047, 2409048, 2409049, 2409050, 2409051, 2409052, 2409053, 2409054, 2409055, 2409056, 2409057, 2409058, 2409059, 2409060, 2409061, 2409062, 2409063, 2409064, 2409065, 2409066, 2409067, 2409068, 2409069, 2409070, 2409071, 2409072, 2409073, 2409074, 2409075, 2409076, 2409077, 2409078, 2409079, 2409080, 2409081, 2409082, 2409083, 2409084, 2409085, 2409086, 2409087, 2409088, 2409089, 2409090, 2409091, 2409092, 2409093, 2409094, 2409095, 2409096, 2409097, 2409098, 2409099, 2409100, 2409101, 2409102, 2409103, 2409104, 2409105, 2409106, 2409107, 2409108, 2409109, 2409110, 2409111, 2409112, 2409113, 2409114, 2409115, 2409116, 2409118, 2409119, 2409120, 2409121, 2409122, 2409123, 2409124, 2409125, 2409126, 2409127, 2409128, 2409129, 2409130, 2409131, 2409132, 2409133, 2409134, 2409135, 2409136, 2409137, 2409138, 2409139, 2409140, 2409141, 2409142, 2409143, 2409144, 2409145, 2409146, 2409147, 2409148, 2409149, 2409150, 2409151, 2409152, 2409153, 2409154, 2409155, 2409156, 2409157, 2409158, 2409159, 2409160, 2409161, 2409162, 2409163, 2409164, 2409165, 2409166, 2409167, 2409168, 2409169, 2409170, 2409171, 2409172, 2409173, 2409174, 2409175, 2409176, 2409177, 2409178, 2409179, 2409180, 2409181, 2409182, 2409183, 2409184, 2409185, 2409186, 2409187, 2409188, 2409189, 2409190, 2409191, 2409192, 2409193, 2409194, 2409195, 2409196, 2409197, 2409198, 2409199, 2409200, 2409201, 2409202, 2409203, 2409204, 2409205, 2409206, 2409207, 2409208, 2409209, 2409210, 2409211, 2409212, 2409213, 2409214, 2409215, 2409216, 2409217, 2409218, 2409219, 2409220, 2409221, 2409222, 2409223, 2409224, 2409225, 2409226, 2409227, 2409228, 2409229, 2409230, 2409231, 2409232, 2409233, 2409234, 2409235, 2409236, 2409237, 2409238, 2409239, 2409240, 2409242, 2409243, 2409244, 2409245, 2409246, 2409247, 2409248, 2409250, 2409251, 2409252, 2409253, 2409254, 2409255, 2409256, 2409257, 2409258, 2409262, 2409276, 2409277, 2409278, 2409279, 2409280, 2409281, 2409282, 2409283, 2409284, 2409285, 2409286, 2409287, 2409288, 2409289, 2409290, 2409291, 2409292, 2409293, 2409294, 2409295, 2409296, 2409297, 2409298, 2409299, 2409300, 2409301, 2409302, 2409303, 2409304, 2409305, 2409306, 2409307, 2409308, 2409309, 2409310, 2409311, 2409312, 2409313, 2409315, 2409316, 2409317, 2409318, 2409319, 2409320, 2409321, 2409322, 2409323, 2409324, 2409325, 2409326, 2409327, 2409328, 2409329, 2409330, 2409331, 2409332, 2409333, 2409334, 2409335, 2409336, 2409337, 2409338, 2409339, 2409340, 2409341, 2409342, 2409344, 2409345, 2409346, 2409347, 2409349, 2409350, 2409351, 2409352, 2409353, 2409354, 2409355, 2409356, 2409357, 2409358, 2409359, 2409360, 2409361, 2409362, 2409363, 2409364, 2409365, 2409366, 2409367, 2409368, 2409369, 2409370, 2409371, 2409372, 2409373, 2409374, 2409375, 2409376, 2409377, 2409378, 2409379, 2409380, 2409382, 2409383, 2409384, 2409385, 2409386, 2409387, 2409388, 2409389, 2409390, 2409391, 2409392, 2409393, 2409394, 2409395, 2409396, 2409397, 2409398, 2409399, 2409400, 2409401, 2409402, 2409403, 2409404, 2409405, 2409406, 2409407, 2409408, 2409409, 2409410, 2409411, 2409412, 2409413, 2409414, 2409415, 2409416, 2409417, 2409418, 2409419, 2409420, 2409421, 2409422, 2409423, 2409424, 2409425, 2409426, 2409427, 2409428, 2409429, 2409430, 2409431, 2409432, 2409433, 2409434, 2409435, 2409436, 2409437, 2409438, 2409439, 2409440, 2409441, 2409442, 2409443, 2409444, 2409445, 2409446, 2409447, 2409448, 2409449, 2409450, 2409451, 2409452, 2409453, 2409454, 2409455, 2409456, 2409457, 2409458, 2409459, 2409460, 2409461, 2409462, 2409463, 2409464, 2409465, 2409466, 2409467, 2409468, 2409469, 2409470, 2409471, 2409472, 2409473, 2409474, 2409475, 2409476, 2409477, 2409478, 2409479, 2409480, 2409481, 2409482, 2409483, 2409484, 2409485, 2409486, 2409487, 2409488, 2409489, 2409490, 2409491, 2409492, 2409493, 2409494, 2409495, 2409496, 2409497, 2409498, 2409499, 2409500, 2409501, 2409502, 2409503, 2409504, 2409505, 2409506, 2409507, 2409508, 2409509, 2409510, 2409511, 2409512, 2409513, 2409514, 2409515, 2409517, 2409518, 2409519, 2409520, 2409521, 2409522, 2409523, 2409524, 2409525, 2409526, 2409527, 2409528, 2409529, 2409530, 2409531, 2409532, 2409533, 2409534, 2409535, 2409536, 2409537, 2409538, 2409540, 2409541, 2409542, 2409543, 2409544, 2409545, 2409546, 2409547, 2409548, 2409549, 2409550, 2409551, 2409552, 2409553, 2409554, 2409555, 2409556, 2409557, 2409558, 2409559, 2409560, 2409561, 2409562, 2409563, 2409564, 2409565, 2409566, 2409567, 2409568, 2409569, 2409570, 2409571, 2409572, 2409573, 2409574, 2409575, 2409576, 2409577, 2409578, 2409579, 2409580, 2409581, 2409582, 2409583, 2409584, 2409585, 2409586, 2409587, 2409588, 2409589, 2409590, 2409591, 2409592, 2409593, 2409594, 2409595, 2409597, 2409598, 2409599, 2409600, 2409601, 2409602, 2409603, 2409604, 2409605, 2409606, 2409607, 2409608, 2409609, 2409610, 2409611, 2409612, 2409613, 2409614, 2409615, 2409616, 2409617, 2409618, 2409619, 2409620, 2409621, 2409622, 2409623, 2409624, 2409625, 2409626, 2409627, 2409628, 2409629, 2409630, 2409631, 2409632, 2409633, 2409634, 2409635, 2409636, 2409637, 2409638, 2409639, 2409640, 2409641, 2409642, 2409643, 2409644, 2409645, 2409646, 2409647, 2409648, 2409649, 2409650, 2409651, 2409652, 2409653, 2409654, 2409655, 2409656, 2409657, 2409658, 2409659, 2409660, 2409661, 2409662, 2409663, 2409664, 2409665, 2409666, 2409667, 2409668, 2409669, 2409670, 2409671, 2409672, 2409673, 2409674, 2409675, 2409676, 2409677, 2409678, 2409679, 2409680, 2409681, 2409682, 2409683, 2409684, 2409685, 2409686, 2409687, 2409688, 2409689, 2409690, 2409691, 2409692, 2409693, 2409694, 2409695, 2409696, 2409697, 2409698, 2409699, 2409700, 2409701, 2409702, 2409703, 2409704, 2409705, 2409706, 2409707, 2409708, 2409709, 2409710, 2409711, 2409712, 2409713, 2409714, 2409715, 2409716, 2409717, 2409718, 2409719, 2409720, 2409721, 2409722, 2409723, 2409724, 2409725, 2409726, 2409727, 2409728, 2409729, 2409730, 2409731, 2409733, 2409734, 2409736, 2409737, 2409738, 2409739, 2409740, 2409741, 2409742, 2409743, 2409744, 2409745, 2409746, 2409747, 2409748, 2409749, 2409750, 2409751, 2409752, 2409753, 2409754, 2409755, 2409756, 2409757, 2409758, 2409759, 2409760, 2409761, 2409762, 2409763, 2409764, 2409765, 2409766, 2409767, 2409768, 2409769, 2409770, 2409771, 2409772, 2409773, 2409774, 2409775, 2409776, 2409777, 2409778, 2409779, 2409780, 2409781, 2409782, 2409783, 2409784, 2409785, 2409786, 2409787, 2409788, 2409789, 2409790, 2409791, 2409792, 2409793, 2409794, 2409795, 2409796, 2409797, 2409798, 2409800, 2409801, 2409802, 2409803, 2409804, 2409805, 2409806, 2409807, 2409808, 2409809, 2409810, 2409811, 2409812, 2409813, 2409814, 2409815, 2409816, 2409817, 2409818, 2409819, 2409820, 2409821, 2409822, 2409823, 2409824, 2409825, 2409826, 2409827, 2409828, 2409829, 2409830, 2409831, 2409832, 2409833, 2409834, 2409835, 2409836, 2409837, 2409838, 2409839, 2409840, 2409841, 2409842, 2409843, 2409844, 2409845, 2409846, 2409847, 2409249, 2409314, 2409539, 2409596, 2409799
|
|
|
| Bug Blocks: |
|
|
|