Vulnerability Report: GO-2025-4011
- CVE-2025-58185, CVE-2025-58185
- Affects: encoding/asn1
- Published: Oct 29, 2025
Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion.
Affected Packages
-
PathVersionsSymbols
-
before go1.24.8, from go1.25.0 before go1.25.2
Aliases
References
- https://go.dev/issue/75671
- https://go.dev/cl/709856
- https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI
- https://vuln.go.dev/ID/GO-2025-4011.json
Credits
- Jakub Ciolek
Feedback
See anything missing or incorrect?
Suggest an edit to this report.