EulerOS 2.0 SP13 : golang (EulerOS-SA-2026-1209)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse...

OESA-2025-2781 golang security update

. Security Fixes: Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate. This affects programs which validate arbitrary certificate chains.CVE-2025-58187 The processing time for parsing some...

OESA-2025-2748 golang security update

. Security Fixes: Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate. This affects programs which validate arbitrary certificate chains.CVE-2025-58187 The processing time for parsing some...

CVE-2025-63729

CVE-2025-63729 affects Syrotech SY-GPON-1110-WDONT SYRO_3.7L_3.1.02-240517. The vulnerability allows extraction of SSL private key, CA certificate, SSL certificate, and client certificates stored in PEM format in the firmware’s etc folder. Root cause details are not explicitly provided beyond the...

CVE-2025-61723

The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product...

Quadratic complexity when parsing some invalid inputs in encoding/pem

...

EUVD-2025-36736

The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs...

UBUNTU-CVE-2025-61723

The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs...

CVE-2025-61723 Quadratic complexity when parsing some invalid inputs in encoding/pem

The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs...

CVE-2025-61723

CVE-2025-61723 describes a PEM parsing performance issue where processing time for some invalid inputs scales non-linearly with input size. The connected advisory for F5 products confirms this PEM parsing quadratic complexity and notes impact on disk encryption and telemetry exporter configuratio...

SUSE CVE-2025-61723

The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs...

Cert-manager: potential dos when parsing specially crafted pem inputs

...

OESA-2024-2313 openresty-openssl111 security update

Security Fixes: The function PEMreadbioex reads a PEM file from a BIO and parses and decodes the "name" e.g. "CERTIFICATE", any header data and the payload data. If the function succeeds then the "nameout", "header" and "data" arguments are populated with pointers to buffers containing the releva...

gnutls: potential crash during chain building/verification

A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the "certtool --verify-chain" command...

golang: encoding/pem: fix stack overflow in Decode

A buffer overflow flaw was found in Golang's library encoding/pem. This flaw allows an attacker to use a large PEM input more than 5 MB, causing a stack overflow in Decode, which leads to a loss of availability...

Uncontrolled Recursion

Overview std/encoding/pem is a Go standard library package std/encoding/pem Affected versions of this package are vulnerable to Uncontrolled Recursion. Go Vulnerability Report: Stack overflow via a large amount of PEM data via the Decode function. An attacker can cause a stack overflow and...

OESA-2022-1661 golang security update

The Go Programming Language. Security Fixes: Go before 1.16.12 and 1.17.x before 1.17.5 on UNIX allows write operations to an unintended file or unintended network connection as a consequence of erroneous closing of file descriptor 0 after file-descriptor exhaustion.CVE-2021-44717 encoding/pem in...

encoding/pem in Go before 1.17.9 and 1.18.x before 1.18.1 has a Decode stack overflow via a large amount of PEM data.

...

CVE-2017-17138

PEM module of DP300 V500R002C00; IPS Module V500R001C00; V500R001C30; NGFW Module V500R001C00; V500R002C00; NIP6300 V500R001C00; V500R001C30; NIP6600 V500R001C00; V500R001C30; RP200 V500R002C00; V600R006C00; S12700 V200R007C00; V200R007C01; V200R008C00; V200R009C00; V200R010C00; S1700 V200R006C10...

RHEL 5 : curl (RHSA-2010:0273)

Updated curl packages that fix one security issue, various bugs, and add enhancements are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a...