Vulnerability Report: GO-2025-3421
standard library- CVE-2025-22865
- Affects: crypto/x509
- Published: Jan 28, 2025
- Modified: Jan 30, 2025
Using ParsePKCS1PrivateKey to parse a RSA key that is missing the CRT values would panic when verifying that the key is well formed.
Affected Packages
-
PathGo VersionsSymbols
-
from go1.24.0-0 before go1.24.0-rc.2
Aliases
References
- https://go.dev/cl/643098
- https://go.dev/issue/71216
- https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ
- https://vuln.go.dev/ID/GO-2025-3421.json
Credits
- Philippe Antoine (Catena cyber)
Feedback
See anything missing or incorrect?
Suggest an edit to this report.