2407251 – (CVE-2025-58185) CVE-2025-58185 encoding/asn1: Parsing DER payload can cause memory exhaustion in encoding/asn1

Bug 2407251 (CVE-2025-58185) - CVE-2025-58185 encoding/asn1: Parsing DER payload can cause memory exhaustion in encoding/asn1

Summary: CVE-2025-58185 encoding/asn1: Parsing DER payload can cause memory exhaustion...

Keywords:
Status:	NEW
Alias:	CVE-2025-58185
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2409854 2409855 2409856 2409857 2409858 2409859 2409860 2409861 2409862 2409863 2409864 2409865 2409866 2409867 2409868 2409869 2409870 2409871 2409872 2409873 2409874 2409875 2409876 2409877 2409878 2409879 2409880 2409881 2409883 2409884 2409885 2409886 2409887 2409888 2409889 2409890 2409891 2409892 2409893 2409894 2409895 2409896 2409897 2409898 2409899 2409900 2409901 2409902 2409903 2409904 2409905 2409906 2409907 2409908 2409909 2409910 2409911 2409912 2409913 2409914 2409915 2409916 2409917 2409918 2409919 2409920 2409921 2409922 2409923 2409924 2409925 2409926 2409927 2409928 2409929 2409930 2409931 2409932 2409933 2409934 2409935 2409936 2409937 2409938 2409939 2409940 2409941 2409942 2409943 2409944 2409945 2409947 2409948 2409950 2409951 2409952 2409953 2409955 2409956 2409957 2409958 2409959 2409960 2409961 2409962 2409963 2409964 2409965 2409966 2409967 2409968 2409969 2409970 2409971 2409972 2409973 2409974 2409975 2409976 2409977 2409978 2409979 2409980 2409981 2409982 2409983 2409984 2409985 2409986 2409987 2409988 2409989 2409990 2409991 2409993 2409994 2409995 2409996 2409997 2409998 2409999 2410000 2410001 2410002 2410003 2410004 2410005 2410006 2410007 2410008 2410009 2410010 2410011 2410012 2410013 2410014 2410015 2410016 2410017 2410018 2410019 2410020 2410021 2410022 2410023 2410024 2410025 2410026 2410027 2410028 2410029 2410030 2410031 2410032 2410033 2410034 2410035 2410036 2410037 2410038 2410039 2410040 2410041 2410042 2410043 2410044 2410045 2410046 2410047 2410048 2410049 2410050 2410051 2410052 2410053 2410054 2410055 2410056 2410057 2410058 2410059 2410060 2410061 2410062 2410063 2410064 2410065 2410066 2410067 2410068 2410069 2410070 2410071 2410072 2410073 2410074 2410075 2410076 2410077 2410078 2410079 2410080 2410081 2410082 2410083 2410084 2410085 2410086 2410087 2410088 2410089 2410090 2410091 2410092 2410093 2410094 2410095 2410096 2410097 2410098 2410099 2410100 2410101 2410102 2410103 2410104 2410105 2410106 2410107 2410108 2410109 2410110 2410111 2410112 2410113 2410114 2410115 2410116 2410117 2410118 2410119 2410120 2410121 2410122 2410123 2410124 2410125 2410126 2410127 2410128 2410129 2410130 2410131 2410132 2410133 2410134 2410135 2410136 2410137 2410138 2410139 2410140 2410141 2410142 2410143 2410144 2410145 2410146 2410147 2410148 2410149 2410150 2410151 2410152 2410153 2410154 2410155 2410156 2410157 2410158 2410159 2410160 2410161 2410162 2410163 2410164 2410165 2410166 2410167 2410168 2410169 2410170 2410171 2410172 2410173 2410174 2410175 2410176 2410177 2410178 2410179 2410180 2410181 2410182 2410183 2410184 2410185 2410186 2410187 2410188 2410189 2410190 2410191 2410192 2410193 2410194 2410195 2410196 2410197 2410198 2410199 2410200 2410201 2410202 2410203 2410204 2410205 2410206 2410207 2410208 2410209 2410210 2410211 2410212 2410213 2410215 2410216 2410217 2410218 2410219 2410220 2410221 2410222 2410223 2410224 2410225 2410226 2410227 2410228 2410229 2410230 2410231 2410232 2410233 2410234 2410235 2410236 2410237 2410238 2410239 2410240 2410241 2410242 2410243 2410244 2410245 2410247 2410248 2410250 2410251 2410252 2410253 2410254 2410255 2410256 2410257 2410258 2410259 2410260 2410261 2410262 2410263 2410264 2410265 2410267 2410268 2410269 2410270 2410271 2410272 2410273 2410274 2410275 2410276 2410277 2410279 2410280 2410281 2410282 2410283 2410284 2410285 2410286 2410287 2410288 2410289 2410290 2410291 2410292 2410293 2410294 2410295 2410296 2410297 2410298 2410299 2410300 2410301 2410302 2410303 2410304 2410305 2410306 2410307 2410308 2410309 2410310 2410311 2410312 2410313 2410314 2410315 2410316 2410317 2410318 2410319 2410320 2410321 2410322 2410323 2410324 2410325 2410326 2410327 2410328 2410329 2410330 2410331 2410332 2410333 2410334 2410335 2410336 2410337 2410338 2410339 2410340 2410341 2410342 2410343 2410344 2410345 2410346 2410347 2410348 2410349 2410350 2410351 2410352 2410353 2410354 2410355 2410356 2410357 2410358 2410359 2410360 2410361 2410362 2410363 2410364 2410365 2410366 2410367 2410368 2410369 2410370 2410371 2410372 2410373 2410374 2410375 2410376 2410377 2410378 2410379 2410380 2410381 2410382 2410383 2410384 2410385 2410386 2410387 2410388 2410389 2410390 2410391 2410392 2410393 2410394 2410395 2410396 2410397 2410398 2410399 2410400 2410401 2410402 2410403 2410404 2410405 2410406 2410407 2410408 2410409 2410410 2410411 2410412 2410413 2410414 2410415 2410416 2410417 2410418 2410419 2410420 2410421 2410422 2410423 2410424 2410425 2410426 2410427 2410428 2410429 2410430 2410431 2410432 2410433 2410434 2410435 2410436 2410437 2410438 2410439 2410440 2410441 2410442 2410443 2410444 2410445 2410446 2410447 2410448 2410449 2410450 2410451 2410452 2410453 2410454 2410455 2410456 2410457 2410458 2410459 2410460 2410461 2410462 2410463 2410464 2410465 2410466 2410467 2410468 2410470 2410471 2410472 2410473 2410474 2410475 2410476 2410477 2410478 2410479 2410481 2410482 2410483 2410484 2410485 2410486 2410487 2410488 2410489 2410491 2410492 2410493 2410494 2410495 2410496 2410497 2410498 2410499 2410501 2410502 2410503 2410504 2410505 2410506 2410507 2410508 2410509 2410510 2410511 2410512 2410513 2410514 2410515 2410516 2410517 2410518 2410519 2410520 2410521 2410522 2410523 2410524 2410526 2410527 2410528 2410530 2410531 2410532 2410533 2410534 2410535 2410536 2410537 2410538 2410539 2410540 2410541 2410542 2410543 2410544 2410545 2410546 2410548 2410549 2410550 2410551 2410552 2410553 2410554 2410555 2410556 2410558 2410559 2410560 2410561 2410562 2410563 2410564 2410565 2410566 2410567 2410568 2410569 2410570 2410571 2410572 2410573 2410574 2410575 2410576 2410577 2410578 2410579 2410580 2410581 2410582 2410583 2410584 2410585 2410586 2410587 2410588 2410589 2410590 2410591 2410592 2410593 2410594 2410595 2410596 2410597 2410598 2410601 2410602 2410603 2410604 2410605 2410606 2410607 2410608 2410609 2410610 2410611 2410612 2410613 2410614 2410615 2410616 2410617 2410618 2410619 2410620 2410621 2410622 2410623 2410624 2410625 2410626 2410627 2410628 2410629 2410630 2410631 2410632 2410633 2410634 2410635 2410636 2410637 2410638 2410639 2410640 2410641 2410642 2410643 2410644 2410645 2410646 2410647 2410648 2410649 2410650 2410651 2410652 2410653 2410654 2410655 2410656 2410657 2410658 2410659 2410660 2410661 2410662 2410663 2410664 2410665 2410666 2410667 2410668 2410669 2410670 2410671 2410672 2410673 2410674 2410675 2410676 2410677 2410678 2410679 2410680 2410681 2410682 2410683 2410684 2410685 2410686 2410687 2410688 2410689 2410690 2410691 2410692 2410693 2410694 2410695 2410696 2410697 2410698 2410699 2410700 2410701 2410702 2410703 2410704 2410705 2410706 2410707 2410708 2410709 2410710 2410711 2410712 2410713 2410714 2410715 2410716 2410717 2410718 2410719 2410720 2410721 2410722 2410723 2410724 2410725 2410726 2410727 2410728 2410729 2410730 2410732 2410733 2410734 2410735 2410736 2410737 2410738 2410739 2410740 2410741 2410742 2410743 2410744 2410745 2410746 2410747 2410748 2410750 2410751 2410752 2410753 2410754 2410755 2410756 2410757 2410758 2410759 2410760 2410761 2410762 2410763 2410764 2410765 2410766 2410767 2410768 2410769 2410771 2410772 2410773 2410774 2410775 2410776 2410777 2410778 2410779 2410780 2410782 2410783 2410784 2410785 2410786 2410788 2410789 2410790 2410791 2410792 2410793 2410794 2410795 2410796 2410797 2409992 2410214 2410246 2410249 2410266 2410278 2410469 2410490 2410500 2410525 2410529 2410547 2410557 2410599 2410600 2410731 2410749 2410770 2410781 2410787
Blocks:
TreeView+	depends on / blocked

Reported:	2025-10-29 23:01 UTC by OSIDB Bzimport
Modified:	2025-11-05 11:55 UTC (History)
CC List:	151 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2025-10-29 23:01:49 UTC

Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion.

Comment 1 Debarshi Ray 2025-11-05 11:55:28 UTC

This is fixed in Go versions 1.25.2:
https://github.com/golang/go/commit/e0f655bf3f96410f90756f49532bc6a1851855ca

... and 1.24.8:
https://github.com/golang/go/commit/5c3d61c886f7ecfce9a6d6d3c97e6d5a8afb17d1

Note You need to log in before you can comment on or make changes to this bug.

abarbaro
abrianik
adistefa
akostadi
akoudelk
alcohan
amasferr
amctagga
anjoseph
anpicker
ansmith
anthomas
aoconnor
asatyam
bdettelb
bniver
bparees
brainfor
chfoley
ckandaga
cmah
crizzo
debarshir
dhanak
diagrawa
dmayorov
doconnor
drosa
dsimansk
dymurray
ebaron
eglynn
ehelms
fdeutsch
flucifre
ggainey
ggrzybek
gmeno
gparvin
haoli
hasun
hkataria
ibolton
jaharrin
jajackso
jbalunas
jburrell
jcammara
jcantril
jchui
jeder
jfula
jhe
jjoyce
jkoehler
jlledo
jmatthew
jmitchel
jmontleo
jneedle
jowilson
jprabhak
jschluet
jscholz
juwatts
kegrant
kingland
koliveir
kshier
ktsao
kverlaen
lball
lbragsta
lchilton
ldai
lgamliel
lhh
lphiri
lsharar
lsvaty
lucarval
mabashia
manissin
matzew
mbenjamin
mbocek
mburns
mgarciac
mhackett
mhulan
mnovotny
mrunge
mwringe
nboldt
ngough
nmoumoul
nyancey
ometelka
oramraz
osousa
owatkins
pahickey
pantinor
parichar
pbraun
pcreech
peholase
pgaikwad
pgrist
pjindal
psrna
ptisnovs
pvasanth
rchan
rfreiman
rhaigner
rjohnson
rojacob
sabiswas
sakbas
sausingh
sdawley
sfeifer
shvarugh
simaishi
slucidi
smallamp
smcdonal
smullick
sostapov
sseago
stcannon
stirabos
swoodman
syedriko
tasato
teagle
tfister
thason
thavo
tmalecek
tsedmik
vereddy
veshanka
vimartin
wenshen
whayutin
wtam
xdharmai
xiyuan
yguenane