ROS-20260209-73-0027

A vulnerability in the encoding/asn1 component of the Go programming language is related to a lack of memory release after an effective lifetime. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

SUSE-SU-2025:21193-1 Security update for go1.24

This update for go1.24 fixes the following issues: Update to go1.24.11. Security issues fixed: - CVE-2025-47912: net/url: insufficient validation of bracketed IPv6 hostnames bsc1251257. - CVE-2025-58183: archive/tar: unbounded allocation when parsing GNU sparse map bsc1251261. - CVE-2025-58185:...

Allocation of Resources Without Limits or Throttling

Overview std/encoding/asn1 is a Go standard library package std/encoding/asn1 Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling. Go Vulnerability Report: Parsing a maliciously crafted DER payload could allocate large amounts of memory, causin...

Amazon Linux 2 : golang, --advisory ALAS2-2025-3042 (ALAS-2025-3042)

The version of golang installed on the remote host is prior to 1.24.8-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-3042 advisory. net/url: insufficient validation of bracketed IPv6 hostnames The Parse function permitted values other than IPv6 addresses...

SUSE-SU-2025:3682-1 Security update for go1.24

This update for go1.24 fixes the following issues: go1.24.9 released 2025-10-13 includes fixes to the crypto/x509 package. bsc1236217 crypto/x509: TLS validation fails for FQDNs with trailing dot go1.24.8 released 2025-10-07 includes security fixes to the archive/tar, crypto/tls, crypto/x509,...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : go1.25 (SUSE-SU-2025:03547-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:03547-1 advisory. go1.25.2 released 2025-10-07 includes security fixes to the archive/tar, crypto/tls, crypto/x50...

Security update for go1.25

This update for go1.25 fixes the following issues: go1.25.2 released 2025-10-07 includes security fixes to the archive/tar, crypto/tls, crypto/x509, encoding/asn1, encoding/pem, net/http, net/mail, net/textproto, and net/url packages, as well as bug fixes to the compiler, the runtime, and the...

PT-2025-42738

Name of the Vulnerable Software and Affected Versions Go versions prior to 1.24.9-alt1 OpenTofu versions =2.10.0 Description The issue is a memory exhaustion flaw in the encoding/asn1 package of the Go programming language. The code pre-allocates memory based on fields within a DER structure befo...