crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation

A flaw was found in Go's crypto/x509 package. A remote attacker could exploit this by presenting a specially crafted certificate chain containing a large number of policy mappings. This inefficient validation process consumes excessive resources, which can lead to a denial of service DoS for...

BIT-GOLANG-2026-32280 Unexpected work during chain building in crypto/x509

During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions.Intermediates, which can lead to a denial of service. This affects both direct users of crypto/x509 and users of crypto/tls...

SUSE-SU-2025:4337-1 Security update for go1.24

This update for go1.24 fixes the following issues: go1.24.11 released 2025-12-02 includes two security fixes to the crypto/x509 package, as well as bug fixes to the runtime. bsc1236217 CVE-2025-61727 CVE-2025-61729: go76460 go76445 bsc1254431 security: fix CVE-2025-61729 crypto/x509: excessive...

CVE-2025-22874

CVE-2025-22874 is confirmed in multiple advisories (ALAS/AL2/ECS) tied to Go crypto/X509 verification where Verify with VerifyOptions.KeyUsages containing ExtKeyUsageAny disables policy validation for some certificate chains with policy graphs. Concrete affected packages include amazon-ssm-agent ...

CVE-2025-22865 ParsePKCS1PrivateKey panic with partial keys in crypto/x509

Using ParsePKCS1PrivateKey to parse a RSA key that is missing the CRT values would panic when verifying that the key is well formed...

Updated golang packages fix security vulnerabilities

net/http: sensitive headers incorrectly sent after cross-domain redirect, CVE-2024-45336. crypto/x509: usage of IPv6 zone IDs can bypass URI name constraints, CVE-2024-45341...

Ubuntu: Security Advisory (USN-7111-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

AlmaLinux 8 : container-tools:rhel8 (ALSA-2024:6969)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:6969 advisory. golang: net/http: memory exhaustion in Request.ParseMultipartForm CVE-2023-45290 golang: crypto/x509: Verify panics on certificates with an unknown public...

Moderate: Red Hat Security Advisory: container-tools:rhel8 security update

An update for the container-tools:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

Moderate: container-tools:rhel8 security update

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: golang: net/http: memory exhaustion in Request.ParseMultipartForm CVE-2023-45290 golang: crypto/x509: Verify panics on certificates with an unknown public key algorith...

Moderate: Red Hat Security Advisory: runc security update

An update for runc is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

Moderate: Red Hat Security Advisory: buildah security update

An update for buildah is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

ALSA-2024:6195 Moderate: skopeo security update

The skopeo command lets you inspect images from container image registries, get images and image layers, and use signatures to create and verify files. Security Fixes: golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm CVE-2024-24783 For more details about the...

Moderate: gvisor-tap-vsock security update

A replacement for libslirp and VPNKit, written in pure Go. It is based on the network stack of gVisor and is used to provide networking for podman-machine virtual machines. Compared to libslirp, gvisor-tap-vsock brings a configurable DNS server and dynamic port forwarding. Security Fixes: golang:...

Moderate: skopeo security update

The skopeo command lets you inspect images from container image registries, get images and image layers, and use signatures to create and verify files. Security Fixes: golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm CVE-2024-24783 For more details about the...

RHEL 9 : buildah (RHSA-2024:6189)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:6189 advisory. The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working...

RHEL 9 : gvisor-tap-vsock (RHSA-2024:6187)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:6187 advisory. A replacement for libslirp and VPNKit, written in pure Go. It is based on the network stack of gVisor and is used to provide networking for...

RHEL 9 : podman (RHSA-2024:6194)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:6194 advisory. The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use contain...

ALSA-2024:6188 Moderate: runc security update

The runC tool is a lightweight, portable implementation of the Open Container Format OCF that provides container runtime. Security Fixes: golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm CVE-2024-24783 For more details about the security issues, including th...

Rocky Linux 8 : container-tools:rhel8 (RLSA-2024:5258)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:5258 advisory. golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads CVE-2024-1394 golang: net/http: memory exhaustion in...