Bug 2348366 (CVE-2025-22868) - CVE-2025-22868 golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws
Summary: CVE-2025-22868 golang.org/x/oauth2/jws: Unexpected memory consumption during ...
Keywords:
Status: NEW
Alias: CVE-2025-22868
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On: 2348753 2348754 2348755 2348757 2348773 2348774 2348775 2348776 2348784 2348785 2348786 2348787 2348788 2348789 2348790 2348791 2348792 2348819 2348820 2348821 2348822 2348823 2348824 2348825 2348826 2348827 2348828 2348829 2348830 2348831 2348834 2348835 2348837 2348838 2348839 2350677 2348756 2348793 2348794 2348795 2348796 2348797 2348798 2348799 2348800 2348801 2348802 2348803 2348807 2348809 2348811 2348812 2348813 2348814 2348815 2348816 2348817 2348818 2348832 2348833 2348836 2348840
Blocks:
TreeView+ depends on / blocked
 
Reported: 2025-02-26 04:01 UTC by OSIDB Bzimport
Modified: 2025-05-20 17:18 UTC (History)
112 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2025:3051 0 None None None 2025-03-20 04:38:13 UTC
Red Hat Product Errata RHSA-2025:3053 0 None None None 2025-03-20 04:56:05 UTC
Red Hat Product Errata RHSA-2025:3172 0 None None None 2025-03-25 19:59:19 UTC
Red Hat Product Errata RHSA-2025:3335 0 None None None 2025-03-27 14:57:06 UTC
Red Hat Product Errata RHSA-2025:3498 0 None None None 2025-04-01 21:01:26 UTC
Red Hat Product Errata RHSA-2025:3503 0 None None None 2025-04-02 04:03:44 UTC
Red Hat Product Errata RHSA-2025:3593 0 None None None 2025-04-03 13:35:15 UTC
Red Hat Product Errata RHSA-2025:3720 0 None None None 2025-04-08 23:27:29 UTC
Red Hat Product Errata RHSA-2025:3790 0 None None None 2025-04-17 04:04:11 UTC
Red Hat Product Errata RHSA-2025:3863 0 None None None 2025-04-14 18:00:58 UTC
Red Hat Product Errata RHSA-2025:3932 0 None None None 2025-04-15 21:50:37 UTC
Red Hat Product Errata RHSA-2025:3959 0 None None None 2025-04-16 18:10:29 UTC
Red Hat Product Errata RHSA-2025:3987 0 None None None 2025-04-17 17:19:59 UTC
Red Hat Product Errata RHSA-2025:4002 0 None None None 2025-04-17 22:09:56 UTC
Red Hat Product Errata RHSA-2025:4250 0 None None None 2025-04-28 16:11:08 UTC
Red Hat Product Errata RHSA-2025:4473 0 None None None 2025-05-05 23:34:37 UTC
Red Hat Product Errata RHSA-2025:4511 0 None None None 2025-05-06 07:15:41 UTC
Red Hat Product Errata RHSA-2025:4605 0 None None None 2025-05-07 01:12:11 UTC
Red Hat Product Errata RHSA-2025:4810 0 None None None 2025-05-12 15:06:41 UTC
Red Hat Product Errata RHSA-2025:7407 0 None None None 2025-05-13 11:53:18 UTC
Red Hat Product Errata RHSA-2025:7479 0 None None None 2025-05-13 15:57:45 UTC
Red Hat Product Errata RHSA-2025:7616 0 None None None 2025-05-14 14:49:39 UTC
Red Hat Product Errata RHSA-2025:7863 0 None None None 2025-05-20 17:18:27 UTC

Description OSIDB Bzimport 2025-02-26 04:01:06 UTC 
An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing.
Comment 6 errata-xmlrpc 2025-03-20 04:38:08 UTC 
This issue has been addressed in the following products:

  gatekeeper 3.17 for RHEL 9

Via RHSA-2025:3051 https://access.redhat.com/errata/RHSA-2025:3051
Comment 7 errata-xmlrpc 2025-03-20 04:55:58 UTC 
This issue has been addressed in the following products:

  gatekeeper 3.15 for RHEL 9

Via RHSA-2025:3053 https://access.redhat.com/errata/RHSA-2025:3053
Comment 8 errata-xmlrpc 2025-03-25 19:59:12 UTC 
This issue has been addressed in the following products:

  Red Hat Advanced Cluster Management for Kubernetes 2.13 for RHEL 9

Via RHSA-2025:3172 https://access.redhat.com/errata/RHSA-2025:3172
Comment 9 errata-xmlrpc 2025-03-27 14:57:00 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2025:3335 https://access.redhat.com/errata/RHSA-2025:3335
Comment 10 errata-xmlrpc 2025-04-01 21:01:21 UTC 
This issue has been addressed in the following products:

  multicluster-globalhub 1.2 for RHEL 9

Via RHSA-2025:3498 https://access.redhat.com/errata/RHSA-2025:3498
Comment 11 errata-xmlrpc 2025-04-02 04:03:38 UTC 
This issue has been addressed in the following products:

  Cryostat 4 on RHEL 9

Via RHSA-2025:3503 https://access.redhat.com/errata/RHSA-2025:3503
Comment 12 errata-xmlrpc 2025-04-03 13:35:08 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.4 Extended Update Support

Via RHSA-2025:3593 https://access.redhat.com/errata/RHSA-2025:3593
Comment 14 errata-xmlrpc 2025-04-08 23:27:22 UTC 
This issue has been addressed in the following products:

  multicluster engine for Kubernetes 2.8 for RHEL 9
  multicluster engine for Kubernetes 2.8 for RHEL 8

Via RHSA-2025:3720 https://access.redhat.com/errata/RHSA-2025:3720
Comment 15 errata-xmlrpc 2025-04-14 18:00:51 UTC 
This issue has been addressed in the following products:

  multicluster-globalhub 1.3 for RHEL 9

Via RHSA-2025:3863 https://access.redhat.com/errata/RHSA-2025:3863
Comment 16 errata-xmlrpc 2025-04-15 21:50:30 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Dev Spaces 3 Containers

Via RHSA-2025:3932 https://access.redhat.com/errata/RHSA-2025:3932
Comment 17 errata-xmlrpc 2025-04-16 18:10:21 UTC 
This issue has been addressed in the following products:

  Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9

Via RHSA-2025:3959 https://access.redhat.com/errata/RHSA-2025:3959
Comment 18 errata-xmlrpc 2025-04-17 04:04:05 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.15

Via RHSA-2025:3790 https://access.redhat.com/errata/RHSA-2025:3790
Comment 19 errata-xmlrpc 2025-04-17 17:19:52 UTC 
This issue has been addressed in the following products:

  multicluster engine for Kubernetes 2.7 for RHEL 9
  multicluster engine for Kubernetes 2.7 for RHEL 8

Via RHSA-2025:3987 https://access.redhat.com/errata/RHSA-2025:3987
Comment 20 errata-xmlrpc 2025-04-17 22:09:50 UTC 
This issue has been addressed in the following products:

  Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9

Via RHSA-2025:4002 https://access.redhat.com/errata/RHSA-2025:4002
Comment 22 errata-xmlrpc 2025-04-28 16:11:00 UTC 
This issue has been addressed in the following products:

  Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9

Via RHSA-2025:4250 https://access.redhat.com/errata/RHSA-2025:4250
Comment 24 errata-xmlrpc 2025-05-05 23:34:29 UTC 
This issue has been addressed in the following products:

  multicluster engine for Kubernetes 2.5 for RHEL 9
  multicluster engine for Kubernetes 2.5 for RHEL 8

Via RHSA-2025:4473 https://access.redhat.com/errata/RHSA-2025:4473
Comment 25 errata-xmlrpc 2025-05-06 07:15:32 UTC 
This issue has been addressed in the following products:

  RHODF-4.18-RHEL-9

Via RHSA-2025:4511 https://access.redhat.com/errata/RHSA-2025:4511
Comment 27 errata-xmlrpc 2025-05-07 01:12:02 UTC 
This issue has been addressed in the following products:

  multicluster engine for Kubernetes 2.6 for RHEL 8
  multicluster engine for Kubernetes 2.6 for RHEL 9

Via RHSA-2025:4605 https://access.redhat.com/errata/RHSA-2025:4605
Comment 28 errata-xmlrpc 2025-05-12 15:06:31 UTC 
This issue has been addressed in the following products:

  Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9

Via RHSA-2025:4810 https://access.redhat.com/errata/RHSA-2025:4810
Comment 29 errata-xmlrpc 2025-05-13 11:53:10 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2025:7407 https://access.redhat.com/errata/RHSA-2025:7407
Comment 30 errata-xmlrpc 2025-05-13 15:57:37 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2025:7479 https://access.redhat.com/errata/RHSA-2025:7479
Comment 31 errata-xmlrpc 2025-05-14 14:49:31 UTC 
This issue has been addressed in the following products:

  RHODF-4.18-RHEL-9

Via RHSA-2025:7616 https://access.redhat.com/errata/RHSA-2025:7616
Comment 33 errata-xmlrpc 2025-05-20 17:18:18 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.18

Via RHSA-2025:7863 https://access.redhat.com/errata/RHSA-2025:7863
Note You need to log in before you can comment on or make changes to this bug.