Bug 2418462 (CVE-2025-61729) - CVE-2025-61729 crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate
Summary: CVE-2025-61729 crypto/x509: golang: Denial of Service due to excessive resour...
Keywords:
Status: NEW
Alias: CVE-2025-61729
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On: 2424641 2424642 2424643 2424644 2424645 2424646 2424648 2424649 2424626 2424627 2424628 2424629 2424630 2424631 2424632 2424633 2424634 2424635 2424636 2424637 2424638 2424639 2424640 2424647
Blocks:
TreeView+ depends on / blocked
 
Reported: 2025-12-02 20:02 UTC by OSIDB Bzimport
Modified: 2026-02-18 13:37 UTC (History)
180 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2026:0921 0 None None None 2026-01-21 09:47:09 UTC
Red Hat Product Errata RHSA-2026:0922 0 None None None 2026-01-21 09:31:05 UTC
Red Hat Product Errata RHSA-2026:0923 0 None None None 2026-01-21 12:06:21 UTC
Red Hat Product Errata RHSA-2026:1249 0 None None None 2026-01-26 19:36:21 UTC
Red Hat Product Errata RHSA-2026:1344 0 None None None 2026-01-27 11:31:33 UTC
Red Hat Product Errata RHSA-2026:1497 0 None None None 2026-01-28 15:23:37 UTC
Red Hat Product Errata RHSA-2026:1506 0 None None None 2026-01-28 17:23:09 UTC
Red Hat Product Errata RHSA-2026:1518 0 None None None 2026-01-28 23:19:46 UTC
Red Hat Product Errata RHSA-2026:1715 0 None None None 2026-02-02 13:06:28 UTC
Red Hat Product Errata RHSA-2026:1813 0 None None None 2026-02-03 14:51:39 UTC
Red Hat Product Errata RHSA-2026:1814 0 None None None 2026-02-03 12:25:51 UTC
Red Hat Product Errata RHSA-2026:1845 0 None None None 2026-02-03 16:03:27 UTC
Red Hat Product Errata RHSA-2026:1907 0 None None None 2026-02-04 11:44:00 UTC
Red Hat Product Errata RHSA-2026:1908 0 None None None 2026-02-04 16:05:44 UTC
Red Hat Product Errata RHSA-2026:2124 0 None None None 2026-02-05 14:49:07 UTC
Red Hat Product Errata RHSA-2026:2217 0 None None None 2026-02-09 01:23:55 UTC
Red Hat Product Errata RHSA-2026:2218 0 None None None 2026-02-09 01:49:56 UTC
Red Hat Product Errata RHSA-2026:2219 0 None None None 2026-02-09 01:40:21 UTC
Red Hat Product Errata RHSA-2026:2223 0 None None None 2026-02-09 01:32:41 UTC
Red Hat Product Errata RHSA-2026:2265 0 None None None 2026-02-09 05:52:38 UTC
Red Hat Product Errata RHSA-2026:2320 0 None None None 2026-02-09 11:05:31 UTC
Red Hat Product Errata RHSA-2026:2323 0 None None None 2026-02-09 11:44:35 UTC
Red Hat Product Errata RHSA-2026:2334 0 None None None 2026-02-09 12:41:46 UTC
Red Hat Product Errata RHSA-2026:2441 0 None None None 2026-02-10 13:40:19 UTC
Red Hat Product Errata RHSA-2026:2769 0 None None None 2026-02-17 00:51:33 UTC
Red Hat Product Errata RHSA-2026:2914 0 None None None 2026-02-18 11:26:34 UTC
Red Hat Product Errata RHSA-2026:2920 0 None None None 2026-02-18 12:49:47 UTC

Description OSIDB Bzimport 2025-12-02 20:02:17 UTC 
Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption.
Comment 5 errata-xmlrpc 2026-01-21 09:30:56 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2026:0922 https://access.redhat.com/errata/RHSA-2026:0922
Comment 6 errata-xmlrpc 2026-01-21 09:47:00 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2026:0921 https://access.redhat.com/errata/RHSA-2026:0921
Comment 7 errata-xmlrpc 2026-01-21 12:06:11 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2026:0923 https://access.redhat.com/errata/RHSA-2026:0923
Comment 9 errata-xmlrpc 2026-01-26 19:36:09 UTC 
This issue has been addressed in the following products:

  Red Hat Ansible Automation Platform 2.6 for RHEL 9
  Red Hat Ansible Automation Platform 2.6 for RHEL 10

Via RHSA-2026:1249 https://access.redhat.com/errata/RHSA-2026:1249
Comment 10 errata-xmlrpc 2026-01-27 11:31:22 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2026:1344 https://access.redhat.com/errata/RHSA-2026:1344
Comment 11 errata-xmlrpc 2026-01-28 15:23:25 UTC 
This issue has been addressed in the following products:

  Red Hat Ansible Automation Platform 2.4 for RHEL 8
  Red Hat Ansible Automation Platform 2.4 for RHEL 9

Via RHSA-2026:1497 https://access.redhat.com/errata/RHSA-2026:1497
Comment 12 errata-xmlrpc 2026-01-28 17:22:57 UTC 
This issue has been addressed in the following products:

  Red Hat Ansible Automation Platform 2.5 for RHEL 9
  Red Hat Ansible Automation Platform 2.5 for RHEL 8

Via RHSA-2026:1506 https://access.redhat.com/errata/RHSA-2026:1506
Comment 13 errata-xmlrpc 2026-01-28 23:19:34 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2026:1518 https://access.redhat.com/errata/RHSA-2026:1518
Comment 14 errata-xmlrpc 2026-02-02 13:06:17 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2026:1715 https://access.redhat.com/errata/RHSA-2026:1715
Comment 15 errata-xmlrpc 2026-02-03 12:25:40 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10.0 Extended Update Support

Via RHSA-2026:1814 https://access.redhat.com/errata/RHSA-2026:1814
Comment 16 errata-xmlrpc 2026-02-03 14:51:26 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.6 Extended Update Support

Via RHSA-2026:1813 https://access.redhat.com/errata/RHSA-2026:1813
Comment 17 errata-xmlrpc 2026-02-03 16:03:14 UTC 
This issue has been addressed in the following products:

  Cryostat 4 on RHEL 9

Via RHSA-2026:1845 https://access.redhat.com/errata/RHSA-2026:1845
Comment 18 errata-xmlrpc 2026-02-04 11:43:47 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2026:1907 https://access.redhat.com/errata/RHSA-2026:1907
Comment 19 errata-xmlrpc 2026-02-04 16:05:31 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2026:1908 https://access.redhat.com/errata/RHSA-2026:1908
Comment 21 errata-xmlrpc 2026-02-05 14:48:56 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2026:2124 https://access.redhat.com/errata/RHSA-2026:2124
Comment 22 errata-xmlrpc 2026-02-09 01:23:42 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On

Via RHSA-2026:2217 https://access.redhat.com/errata/RHSA-2026:2217
Comment 23 errata-xmlrpc 2026-02-09 01:32:29 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support

Via RHSA-2026:2223 https://access.redhat.com/errata/RHSA-2026:2223
Comment 24 errata-xmlrpc 2026-02-09 01:40:10 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions

Via RHSA-2026:2219 https://access.redhat.com/errata/RHSA-2026:2219
Comment 25 errata-xmlrpc 2026-02-09 01:49:43 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.4 Extended Update Support

Via RHSA-2026:2218 https://access.redhat.com/errata/RHSA-2026:2218
Comment 26 errata-xmlrpc 2026-02-09 05:52:27 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10.0 Extended Update Support

Via RHSA-2026:2265 https://access.redhat.com/errata/RHSA-2026:2265
Comment 27 errata-xmlrpc 2026-02-09 11:05:18 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Via RHSA-2026:2320 https://access.redhat.com/errata/RHSA-2026:2320
Comment 28 errata-xmlrpc 2026-02-09 11:44:24 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2026:2323 https://access.redhat.com/errata/RHSA-2026:2323
Comment 29 errata-xmlrpc 2026-02-09 12:41:33 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.6 Telecommunications Update Service

Via RHSA-2026:2334 https://access.redhat.com/errata/RHSA-2026:2334
Comment 30 errata-xmlrpc 2026-02-10 13:40:06 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.8 Telecommunications Update Service

Via RHSA-2026:2441 https://access.redhat.com/errata/RHSA-2026:2441
Comment 31 errata-xmlrpc 2026-02-17 00:51:20 UTC 
This issue has been addressed in the following products:

  Red Hat Ceph Storage 7.1

Via RHSA-2026:2769 https://access.redhat.com/errata/RHSA-2026:2769
Comment 32 errata-xmlrpc 2026-02-18 11:26:23 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2026:2914 https://access.redhat.com/errata/RHSA-2026:2914
Comment 33 errata-xmlrpc 2026-02-18 12:49:34 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2026:2920 https://access.redhat.com/errata/RHSA-2026:2920
Note You need to log in before you can comment on or make changes to this bug.