CVE-2025-58185
published 2025-10-29CVE-2025-58185: Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion.
PriorityP429medium5.3CVSS 3.1
AVNACLPRNUINSUCNINAL
EPSS
0.53%
40.6th percentile
Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion.
Affected
25 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | golang-1.15 | < golang-1.24 1.24.8-1 (forky) | golang-1.24 1.24.8-1 (forky) |
| debian | golang-1.19 | < golang-1.24 1.24.8-1 (forky) | golang-1.24 1.24.8-1 (forky) |
| debian | golang-1.24 | < golang-1.24 1.24.8-1 (forky) | golang-1.24 1.24.8-1 (forky) |
| debian | golang-1.25 | < golang-1.24 1.24.8-1 (forky) | golang-1.24 1.24.8-1 (forky) |
| github.com | opentofu_opentofu | >= 0 < 1.10.7 | 1.10.7 |
| go_standard_library | encoding_asn1 | < 1.24.8 | 1.24.8 |
| go_standard_library | encoding_asn1 | >= 1.25.0 < 1.25.2 | 1.25.2 |
| golang | go | < 1.24.8 | 1.24.8 |
| golang | go | >= 1.25.0 < 1.25.2 | 1.25.2 |
| msrc | azl3_gcc_13.2.0-7_on_azure_linux_3.0 | — | — |
| msrc | azl3_golang_1.23.12-1_on_azure_linux_3.0 | — | — |
| msrc | azl3_golang_1.25.3-1_on_azure_linux_3.0 | — | — |
| msrc | azl3_golang_1.25.5-1_on_azure_linux_3.0 | — | — |
| msrc | azl3_golang_1.25.6-1_on_azure_linux_3.0 | — | — |
| msrc | azl3_python-tensorboard_2.16.2-6_on_azure_linux_3.0 | — | — |
| msrc | azl3_tensorflow_2.16.1-9_on_azure_linux_3.0 | — | — |
| msrc | cbl2_gcc_11.2.0-8_on_cbl_mariner_2.0 | — | — |
| msrc | cbl2_golang_1.18.8-10_on_cbl_mariner_2.0 | — | — |
| msrc | cbl2_golang_1.22.7-5_on_cbl_mariner_2.0 | — | — |
| msrc | cbl2_msft-golang_1.24.11-1_on_cbl_mariner_2.0 | — | — |
| msrc | cbl2_msft-golang_1.24.12-1_on_cbl_mariner_2.0 | — | — |
| msrc | cbl2_msft-golang_1.24.8-1_on_cbl_mariner_2.0 | — | — |
| msrc | cbl2_msft-golang_1.24.9-1_on_cbl_mariner_2.0 | — | — |
| msrc | cbl2_python-tensorboard_2.11.0-3_on_cbl_mariner_2.0 | — | — |
| msrc | cbl2_tensorflow_2.11.1-2_on_cbl_mariner_2.0 | — | — |
CVSS provenance
nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
ghsa4.3MEDIUM
osv5.3MEDIUM
vendor_msrc7.5HIGH
vendor_debian5.3MEDIUM
vendor_redhat5.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
OpenTofu affected denials of service in "tofu init" with maliciously-crafted module package responses
ghsa·2025-11-06·CVSS 4.3
[MEDIUM] CWE-1395 OpenTofu affected denials of service in "tofu init" with maliciously-crafted module package responses
OpenTofu affected denials of service in "tofu init" with maliciously-crafted module package responses
### Impact
Unauthenticated denial of service.
### Summary
When installing module packages from attacker-controlled sources, `tofu init` may use unbounded memory, cause high CPU usage, or crash when encountering maliciously-crafted TLS certificate chains or tar archives.
Those who depend on modules or providers served from untrusted third-party servers may experience denial of service due to `tofu init` failing to complete successfully. In the case of unbounded memory usage or high CPU usage, other processes running on the same computer as OpenTofu may also fail or have their performance degraded due to the depletion of shared system resources.
These vulnerabilities **do not** permit
OSV
OpenTofu affected denials of service in "tofu init" with maliciously-crafted module package responses
osv·2025-11-06·CVSS 4.3
[MEDIUM] OpenTofu affected denials of service in "tofu init" with maliciously-crafted module package responses
OpenTofu affected denials of service in "tofu init" with maliciously-crafted module package responses
### Impact
Unauthenticated denial of service.
### Summary
When installing module packages from attacker-controlled sources, `tofu init` may use unbounded memory, cause high CPU usage, or crash when encountering maliciously-crafted TLS certificate chains or tar archives.
Those who depend on modules or providers served from untrusted third-party servers may experience denial of service due to `tofu init` failing to complete successfully. In the case of unbounded memory usage or high CPU usage, other processes running on the same computer as OpenTofu may also fail or have their performance degraded due to the depletion of shared system resources.
These vulnerabilities **do not** permit
GHSA
GHSA-jwmf-chvc-rf92: Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion
ghsa_unreviewed·2025-10-30
CVE-2025-58185 [MEDIUM] CWE-770 GHSA-jwmf-chvc-rf92: Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion
Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion.
OSV
Parsing DER payload can cause memory exhaustion in encoding/asn1
osv·2025-10-29
CVE-2025-58185 Parsing DER payload can cause memory exhaustion in encoding/asn1
Parsing DER payload can cause memory exhaustion in encoding/asn1
Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion.
OSV
CVE-2025-58185: Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion
osv·2025-10-29·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185: Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion
Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion.
Red Hat
encoding/asn1: Parsing DER payload can cause memory exhaustion in encoding/asn1
vendor_redhat·2025-10-29·CVSS 5.3
CVE-2025-58185 [MEDIUM] CWE-770 encoding/asn1: Parsing DER payload can cause memory exhaustion in encoding/asn1
encoding/asn1: Parsing DER payload can cause memory exhaustion in encoding/asn1
Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion.
A memory exhaustion flaw has been discovered in the golang encoding/asn1 module. Within parseSequenceOf, reflect.MakeSlice is being used to pre-allocate a slice that is needed in order to fully validate the given DER payload. The size of the slice allocated are also multiple times larger than the input DER. As a result, a malicious actor can craft a big empty DER payload, resulting in an unnecessary large allocation of memories. This can be a way to cause memory exhaustion.
Mitigation: Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product
Microsoft
Parsing DER payload can cause memory exhaustion in encoding/asn1
vendor_msrc·2025-10-14·CVSS 7.5
CVE-2025-58185 [MEDIUM] Parsing DER payload can cause memory exhaustion in encoding/asn1
Parsing DER payload can cause memory exhaustion in encoding/asn1
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to additional products is identified, we will update the CVE to reflect this.
Mariner: Mariner
Go: Go
Customer Action Required: Yes
Debian
CVE-2025-58185: golang-1.15 - Parsing a maliciously crafted DER payload could allocate large amounts of memory...
vendor_debian·2025·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185: golang-1.15 - Parsing a maliciously crafted DER payload could allocate large amounts of memory...
Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion.
Scope: local
bullseye: open
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2025-58185 caddy: Parsing DER payload can cause memory exhaustion in encoding/asn1 [epel-10]
bugzilla·2026-06-12·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 caddy: Parsing DER payload can cause memory exhaustion in encoding/asn1 [epel-10]
CVE-2025-58185 caddy: Parsing DER payload can cause memory exhaustion in encoding/asn1 [epel-10]
+++ This bug was initially created as a clone of Bug #2409921 +++
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Bugzilla
CVE-2025-58185 caddy: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-43]
bugzilla·2026-06-12·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 caddy: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-43]
CVE-2025-58185 caddy: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-43]
+++ This bug was initially created as a clone of Bug #2409921 +++
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Bugzilla
CVE-2025-58185 golang-github-edoardottt-lit-bb-hack-tools: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 golang-github-edoardottt-lit-bb-hack-tools: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 golang-github-edoardottt-lit-bb-hack-tools: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 202
Bugzilla
CVE-2025-58185 matterbridge: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 matterbridge: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 matterbridge: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy
Bugzilla
CVE-2025-58185 golang-github-cloudflare-redoctober: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 golang-github-cloudflare-redoctober: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 golang-github-cloudflare-redoctober: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13
Bugzilla
CVE-2025-58185 golang-github-uber-athenadriver: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 golang-github-uber-athenadriver: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 golang-github-uber-athenadriver: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It
Bugzilla
CVE-2025-58185 fluent-bit: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 fluent-bit: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 fluent-bit: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy t
Bugzilla
CVE-2025-58185 golang-github-google-pprof: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 golang-github-google-pprof: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 golang-github-google-pprof: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is F
Bugzilla
CVE-2025-58185 golang-github-geertjohan-rice: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 golang-github-geertjohan-rice: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 golang-github-geertjohan-rice: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It i
Bugzilla
CVE-2025-58185 golang-oras: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 golang-oras: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 golang-oras: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy
Bugzilla
CVE-2025-58185 gopls: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 gopls: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 gopls: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to clo
Bugzilla
CVE-2025-58185 etcd: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 etcd: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 etcd: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to clos
Bugzilla
CVE-2025-58185 gvisor-tap-vsock: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 gvisor-tap-vsock: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 gvisor-tap-vsock: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
gvisor-tap-vsock does not use the asn1 module directly, but could be using it through one of its vendored dependency. A rebuild will be needed for the other CVEs, which will fix
Bugzilla
CVE-2025-58185 golang-github-tdewolff-minify: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 golang-github-tdewolff-minify: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 golang-github-tdewolff-minify: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It i
Bugzilla
CVE-2025-58185 golang-k8s-kube-aggregator: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 golang-k8s-kube-aggregator: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 golang-k8s-kube-aggregator: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is F
Bugzilla
CVE-2025-58185 podman: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 podman: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 podman: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to cl
Bugzilla
CVE-2025-58185 golang-github-spyzhov-ajson: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 golang-github-spyzhov-ajson: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 golang-github-spyzhov-ajson: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is
Bugzilla
CVE-2025-58185 yggdrasil: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 yggdrasil: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 yggdrasil: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to
Bugzilla
CVE-2025-58185 transifex-client: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 transifex-client: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 transifex-client: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's po
Bugzilla
CVE-2025-58185 golang-github-eclipse-paho-mqtt: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 golang-github-eclipse-paho-mqtt: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 golang-github-eclipse-paho-mqtt: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It
Bugzilla
CVE-2025-58185 kubernetes1.30: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 kubernetes1.30: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 kubernetes1.30: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's poli
Bugzilla
CVE-2025-58185 golang-github-haproxytech-client-native: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 golang-github-haproxytech-client-native: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 golang-github-haproxytech-client-native: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-0
Bugzilla
CVE-2025-58185 reg: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 reg: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 reg: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close
Bugzilla
CVE-2025-58185 vhs: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 vhs: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 vhs: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
FEDORA-2026-795b0d0367 (vhs-0.9.0-2.fc42) has been submitted as an update to Fedora 42.
https://bodhi.fedoraproject.org/updates/FEDORA-2026-795b0d0367
Bugzilla
CVE-2025-58185 golang-github-nicksnyder-i18n-2: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 golang-github-nicksnyder-i18n-2: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 golang-github-nicksnyder-i18n-2: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It
Bugzilla
CVE-2025-58185 golang-github-task: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 golang-github-task: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 golang-github-task: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's
Bugzilla
CVE-2025-58185 podman: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-43]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 podman: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-43]
CVE-2025-58185 podman: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-43]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Bugzilla
CVE-2025-58185 apache-cloudstack-cloudmonkey: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 apache-cloudstack-cloudmonkey: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 apache-cloudstack-cloudmonkey: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It i
Bugzilla
CVE-2025-58185 golang-github-redteampentesting-monsoon: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 golang-github-redteampentesting-monsoon: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 golang-github-redteampentesting-monsoon: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-0
Bugzilla
CVE-2025-58185 golang-github-rakyll-statik: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 golang-github-rakyll-statik: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 golang-github-rakyll-statik: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is
Bugzilla
CVE-2025-58185 golang-github-envoyproxy-protoc-gen-validate: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 golang-github-envoyproxy-protoc-gen-validate: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 golang-github-envoyproxy-protoc-gen-validate: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2
Bugzilla
CVE-2025-58185 tailscale: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-43]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 tailscale: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-43]
CVE-2025-58185 tailscale: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-43]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Bugzilla
CVE-2025-58185 reposurgeon: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 reposurgeon: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 reposurgeon: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy
Bugzilla
CVE-2025-58185 suseconnect-ng: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 suseconnect-ng: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 suseconnect-ng: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's poli
Bugzilla
CVE-2025-58185 golang-k8s-apiextensions-apiserver: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 golang-k8s-apiextensions-apiserver: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 golang-k8s-apiextensions-apiserver: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
Bugzilla
CVE-2025-58185 golang-sr-emersion-gqlclient: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 golang-sr-emersion-gqlclient: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 golang-sr-emersion-gqlclient: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is
Bugzilla
CVE-2025-58185 golang-github-gogo-protobuf: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 golang-github-gogo-protobuf: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 golang-github-gogo-protobuf: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is
Bugzilla
CVE-2025-58185 butane: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 butane: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 butane: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to cl
Bugzilla
CVE-2025-58185 golang-github-kyokomi-emoji: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 golang-github-kyokomi-emoji: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 golang-github-kyokomi-emoji: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is
Bugzilla
CVE-2025-58185 golang-k8s-sample-controller: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 golang-k8s-sample-controller: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 golang-k8s-sample-controller: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is
Bugzilla
CVE-2025-58185 golang-github-distribution-3: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 golang-github-distribution-3: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 golang-github-distribution-3: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is
Bugzilla
CVE-2025-58185 golang-x-tools: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 golang-x-tools: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 golang-x-tools: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's poli
Bugzilla
CVE-2025-58185 golang-gvisor: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 golang-gvisor: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 golang-gvisor: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's polic
Bugzilla
CVE-2025-58185 aerc: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 aerc: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 aerc: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to clos
Bugzilla
CVE-2025-58185 golang-github-opencontainers-runtime-tools: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 golang-github-opencontainers-runtime-tools: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 golang-github-opencontainers-runtime-tools: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 202
Bugzilla
CVE-2025-58185 asnmap: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 asnmap: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 asnmap: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to cl
Bugzilla
CVE-2025-58185 golang-x-vuln: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 golang-x-vuln: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 golang-x-vuln: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's polic
Bugzilla
CVE-2025-58185 deepin-pw-check: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 deepin-pw-check: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 deepin-pw-check: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's pol
Bugzilla
CVE-2025-58185 git-lfs: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 git-lfs: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 git-lfs: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to c
Bugzilla
CVE-2025-58185 golang-github-schollz-croc: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 golang-github-schollz-croc: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 golang-github-schollz-croc: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is F
Bugzilla
CVE-2025-58185 golang-x-mod: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 golang-x-mod: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 golang-x-mod: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy
Bugzilla
CVE-2025-58185 syncthing: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 syncthing: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 syncthing: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to
Bugzilla
CVE-2025-58185 gitjacker: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 gitjacker: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 gitjacker: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to
Bugzilla
CVE-2025-58185 opentofu: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 opentofu: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 opentofu: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to
Bugzilla
CVE-2025-58185 golang-github-prometheus-prom2json: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 golang-github-prometheus-prom2json: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 golang-github-prometheus-prom2json: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
Bugzilla
CVE-2025-58185 cri-o: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 cri-o: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 cri-o: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to clo
Bugzilla
CVE-2025-58185 hut: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 hut: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 hut: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close
Bugzilla
CVE-2025-58185 golang-github-letsencrypt-pebble: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 golang-github-letsencrypt-pebble: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 golang-github-letsencrypt-pebble: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
I
Bugzilla
CVE-2025-58185 kubernetes1.29: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 kubernetes1.29: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 kubernetes1.29: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's poli
Bugzilla
CVE-2025-58185 golang-entgo-ent: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 golang-entgo-ent: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 golang-entgo-ent: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's po
Bugzilla
CVE-2025-58185 cri-o1.29: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 cri-o1.29: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 cri-o1.29: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to
Bugzilla
CVE-2025-58185 smtprelay: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 smtprelay: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 smtprelay: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to
Bugzilla
CVE-2025-58185 deepin-api: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 deepin-api: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 deepin-api: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy t
Bugzilla
CVE-2025-58185 trayscale: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-43]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 trayscale: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-43]
CVE-2025-58185 trayscale: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-43]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Bugzilla
CVE-2025-58185 golang-github-projectdiscovery-chaos-client: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 golang-github-projectdiscovery-chaos-client: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 golang-github-projectdiscovery-chaos-client: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 20
Bugzilla
CVE-2025-58185 ceph: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 ceph: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 ceph: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to clos
Bugzilla
CVE-2025-58185 golang-github-facebookincubator-go2chef: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 golang-github-facebookincubator-go2chef: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 golang-github-facebookincubator-go2chef: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-0
Bugzilla
CVE-2025-58185 go-fdo-client: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 go-fdo-client: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 go-fdo-client: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's polic
Bugzilla
CVE-2025-58185 kappanhang: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 kappanhang: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 kappanhang: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy t
Bugzilla
CVE-2025-58185 mlpack: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 mlpack: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 mlpack: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to cl
Bugzilla
CVE-2025-58185 htmltest: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 htmltest: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 htmltest: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to
Bugzilla
CVE-2025-58185 golang-github-markbates-pkger: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 golang-github-markbates-pkger: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 golang-github-markbates-pkger: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It i
Bugzilla
CVE-2025-58185 golang-k8s-kube-openapi: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 golang-k8s-kube-openapi: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 golang-k8s-kube-openapi: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedo
Bugzilla
CVE-2025-58185 buildah: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 buildah: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 buildah: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
FEDORA-2025-3ccd4113df (buildah-1.42.0-3.fc42) has been submitted as an update to Fedora 42.
https://bodhi.fedoraproject.org/updates/FEDORA-2025-3ccd4113df
---
FEDORA-2025-3ccd4113df h
Bugzilla
CVE-2025-58185 golang-x-debug: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 golang-x-debug: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 golang-x-debug: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's poli
Bugzilla
CVE-2025-58185 golang-github-mholt-archiver: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 golang-github-mholt-archiver: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 golang-github-mholt-archiver: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is
Bugzilla
CVE-2025-58185 cri-tools1.34: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 cri-tools1.34: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 cri-tools1.34: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's polic
Bugzilla
CVE-2025-58185 chisel: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 chisel: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 chisel: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to cl
Bugzilla
CVE-2025-58185 glow: Parsing DER payload can cause memory exhaustion in encoding/asn1 [epel-10]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 glow: Parsing DER payload can cause memory exhaustion in encoding/asn1 [epel-10]
CVE-2025-58185 glow: Parsing DER payload can cause memory exhaustion in encoding/asn1 [epel-10]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This package has changed maintainer in Fedora. Reassigning to the new maintainer of this component.
---
FEDORA-EPEL-2026-4deb1b7241 (glow-2.1.2-1.el10_3) has been submitted as an update to
Bugzilla
CVE-2025-58185 golang-github-zmap-zcertificate: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 golang-github-zmap-zcertificate: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 golang-github-zmap-zcertificate: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It
Bugzilla
CVE-2025-58185 golang-github-instrumenta-kubeval: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 golang-github-instrumenta-kubeval: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 golang-github-instrumenta-kubeval: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
Bugzilla
CVE-2025-58185 golang-k8s-sample-apiserver: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 golang-k8s-sample-apiserver: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 golang-k8s-sample-apiserver: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is
Bugzilla
CVE-2025-58185 golang-github-vmware-govmomi: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 golang-github-vmware-govmomi: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 golang-github-vmware-govmomi: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is
Bugzilla
CVE-2025-58185 golang-github-hashicorp-msgpack: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 golang-github-hashicorp-msgpack: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 golang-github-hashicorp-msgpack: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It
Bugzilla
CVE-2025-58185 golang-github-nats-io-jwt-2: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 golang-github-nats-io-jwt-2: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 golang-github-nats-io-jwt-2: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is
Bugzilla
CVE-2025-58185 miller: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 miller: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 miller: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to cl
Bugzilla
CVE-2025-58185 golang-mvdan-xurls: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 golang-mvdan-xurls: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 golang-mvdan-xurls: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's
Bugzilla
CVE-2025-58185 golang-github-grpc-ecosystem-gateway-2: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 golang-github-grpc-ecosystem-gateway-2: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 golang-github-grpc-ecosystem-gateway-2: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05
Bugzilla
CVE-2025-58185 dnsx: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 dnsx: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 dnsx: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to clos
Bugzilla
CVE-2025-58185 geoipupdate: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 geoipupdate: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 geoipupdate: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy
Bugzilla
CVE-2025-58185 golang-etcd-bbolt: Parsing DER payload can cause memory exhaustion in encoding/asn1 [epel-10]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 golang-etcd-bbolt: Parsing DER payload can cause memory exhaustion in encoding/asn1 [epel-10]
CVE-2025-58185 golang-etcd-bbolt: Parsing DER payload can cause memory exhaustion in encoding/asn1 [epel-10]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This package has changed maintainer in Fedora. Reassigning to the new maintainer of this component.
Bugzilla
CVE-2025-58185 golang-github-google-martian: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 golang-github-google-martian: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 golang-github-google-martian: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is
Bugzilla
CVE-2025-58185 clash-meta: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 clash-meta: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 clash-meta: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy t
Bugzilla
CVE-2025-58185 golang-uber-mock: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 golang-uber-mock: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 golang-uber-mock: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's po
Bugzilla
CVE-2025-58185 golang-github-schollz-cli-2: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 golang-github-schollz-cli-2: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 golang-github-schollz-cli-2: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is
Bugzilla
CVE-2025-58185 golang-github-temoto-robotstxt: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 golang-github-temoto-robotstxt: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 golang-github-temoto-robotstxt: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It
Bugzilla
CVE-2025-58185 golang-github-francoispqt-gojay: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 golang-github-francoispqt-gojay: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 golang-github-francoispqt-gojay: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It
Bugzilla
CVE-2025-58185 golang-github-rogpeppe-internal: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 golang-github-rogpeppe-internal: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 golang-github-rogpeppe-internal: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It
Bugzilla
CVE-2025-58185 deepin-daemon: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 deepin-daemon: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 deepin-daemon: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's polic
Bugzilla
CVE-2025-58185 qt5-qtwebengine: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 qt5-qtwebengine: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 qt5-qtwebengine: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's pol
Bugzilla
CVE-2025-58185 golang-x-exp: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 golang-x-exp: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 golang-x-exp: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy
Bugzilla
CVE-2025-58185 ignition: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 ignition: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 ignition: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to
Bugzilla
CVE-2025-58185 golang-github-pdfcpu: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 golang-github-pdfcpu: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 golang-github-pdfcpu: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora'
Bugzilla
CVE-2025-58185 stargz-snapshotter: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 stargz-snapshotter: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 stargz-snapshotter: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's
Bugzilla
CVE-2025-58185 glow: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 glow: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 glow: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
FEDORA-2026-9d0e7df23a (glow-2.1.2-1.fc42) has been submitted as an update to Fedora 42.
https://bodhi.fedoraproject.org/updates/FEDORA-2026-9d0e7df23a
Bugzilla
CVE-2025-58185 yq: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 yq: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 yq: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close
Bugzilla
CVE-2025-58185 vultr: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 vultr: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 vultr: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to clo
Bugzilla
CVE-2025-58185 glow: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-43]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 glow: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-43]
CVE-2025-58185 glow: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-43]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
FEDORA-2026-6d67b00ef1 (glow-2.1.2-1.fc43) has been submitted as an update to Fedora 43.
https://bodhi.fedoraproject.org/updates/FEDORA-2026-6d67b00ef1
Bugzilla
CVE-2025-58185 image-builder: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 image-builder: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 image-builder: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's polic
Bugzilla
CVE-2025-58185 golang-github-rootless-containers-rootlesskit: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 golang-github-rootless-containers-rootlesskit: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 golang-github-rootless-containers-rootlesskit: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on
Bugzilla
CVE-2025-58185 shellz: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 shellz: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 shellz: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to cl
Bugzilla
CVE-2025-58185 golang-github-googleapis-gnostic: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 golang-github-googleapis-gnostic: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 golang-github-googleapis-gnostic: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
I
Bugzilla
CVE-2025-58185 grpc: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 grpc: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 grpc: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to clos
Bugzilla
CVE-2025-58185 vhs: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-43]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 vhs: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-43]
CVE-2025-58185 vhs: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-43]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
FEDORA-2026-7646f2a691 (vhs-0.10.0-4.fc43) has been submitted as an update to Fedora 43.
https://bodhi.fedoraproject.org/updates/FEDORA-2026-7646f2a691
Bugzilla
CVE-2025-58185 golang-google-appengine: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 golang-google-appengine: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 golang-google-appengine: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedo
Bugzilla
CVE-2025-58185 grafana-pcp: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 grafana-pcp: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 grafana-pcp: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy
Bugzilla
CVE-2025-58185 git-credential-oauth: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 git-credential-oauth: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 git-credential-oauth: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora'
Bugzilla
CVE-2025-58185 kata-containers: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 kata-containers: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 kata-containers: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's pol
Bugzilla
CVE-2025-58185 cri-o1.31: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 cri-o1.31: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 cri-o1.31: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to
Bugzilla
CVE-2025-58185 golang-github-moby-buildkit: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 golang-github-moby-buildkit: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 golang-github-moby-buildkit: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is
Bugzilla
CVE-2025-58185 golang-github-mailru-easyjson: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 golang-github-mailru-easyjson: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 golang-github-mailru-easyjson: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It i
Bugzilla
CVE-2025-58185 golang-mongodb-mongo-driver: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 golang-mongodb-mongo-driver: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 golang-mongodb-mongo-driver: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is
Bugzilla
CVE-2025-58185 lw-cli: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 lw-cli: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 lw-cli: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to cl
Bugzilla
CVE-2025-58185 nng: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 nng: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 nng: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close
Bugzilla
CVE-2025-58185 golang-k8s-code-generator: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 golang-k8s-code-generator: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 golang-k8s-code-generator: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fe
Bugzilla
CVE-2025-58185 exercism: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 exercism: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 exercism: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to
Bugzilla
CVE-2025-58185 golang-github-pelletier-toml: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 golang-github-pelletier-toml: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 golang-github-pelletier-toml: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is
Bugzilla
CVE-2025-58185 golang-github-aws-lambda: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 golang-github-aws-lambda: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 golang-github-aws-lambda: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fed
Bugzilla
CVE-2025-58185 golang-ariga-atlas: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 golang-ariga-atlas: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 golang-ariga-atlas: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's
Bugzilla
CVE-2025-58185 golang-github-pact-foundation: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 golang-github-pact-foundation: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 golang-github-pact-foundation: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It i
Bugzilla
CVE-2025-58185 cri-tools1.32: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 cri-tools1.32: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 cri-tools1.32: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's polic
Bugzilla
CVE-2025-58185 golang-github-google-dap: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 golang-github-google-dap: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 golang-github-google-dap: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fed
Bugzilla
CVE-2025-58185 golang-github-erkexzcx-valetudopng: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 golang-github-erkexzcx-valetudopng: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 golang-github-erkexzcx-valetudopng: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
Bugzilla
CVE-2025-58185 golang-github-gocolly-colly-2: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 golang-github-gocolly-colly-2: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 golang-github-gocolly-colly-2: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It i
Bugzilla
CVE-2025-58185 anubis: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 anubis: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 anubis: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to cl
Bugzilla
CVE-2025-58185 OliveTin: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 OliveTin: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 OliveTin: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to
Bugzilla
CVE-2025-58185 golang-github-apache-beam-2: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 golang-github-apache-beam-2: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 golang-github-apache-beam-2: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is
Bugzilla
CVE-2025-58185 cri-tools1.31: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 cri-tools1.31: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 cri-tools1.31: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's polic
Bugzilla
CVE-2025-58185 golang-github-jsonnet-bundler: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 golang-github-jsonnet-bundler: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 golang-github-jsonnet-bundler: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It i
Bugzilla
CVE-2025-58185 golang-github-grpc-ecosystem-gateway: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 golang-github-grpc-ecosystem-gateway: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 golang-github-grpc-ecosystem-gateway: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-1
Bugzilla
CVE-2025-58185 ollama: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 ollama: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 ollama: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to cl
Bugzilla
CVE-2025-58185 gmailctl: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 gmailctl: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 gmailctl: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to
Bugzilla
CVE-2025-58185 golang-github-pgaskin-koboutils: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 golang-github-pgaskin-koboutils: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 golang-github-pgaskin-koboutils: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It
Bugzilla
CVE-2025-58185 forgejo: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 forgejo: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 forgejo: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to c
Bugzilla
CVE-2025-58185 golang-github-hashicorp-hc-install: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 golang-github-hashicorp-hc-install: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 golang-github-hashicorp-hc-install: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
Bugzilla
CVE-2025-58185 golang-github-cloudflare: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 golang-github-cloudflare: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 golang-github-cloudflare: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fed
Bugzilla
CVE-2025-58185 gobuster: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 gobuster: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 gobuster: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to
Bugzilla
CVE-2025-58185 golang-github-oklog-ulid: Parsing DER payload can cause memory exhaustion in encoding/asn1 [epel-10]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 golang-github-oklog-ulid: Parsing DER payload can cause memory exhaustion in encoding/asn1 [epel-10]
CVE-2025-58185 golang-github-oklog-ulid: Parsing DER payload can cause memory exhaustion in encoding/asn1 [epel-10]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This package has changed maintainer in Fedora. Reassigning to the new maintainer of this component.
Bugzilla
CVE-2025-58185 oh-my-posh: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 oh-my-posh: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 oh-my-posh: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy t
Bugzilla
CVE-2025-58185 yubihsm-connector: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 yubihsm-connector: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 yubihsm-connector: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's p
Bugzilla
CVE-2025-58185 golang-x-text: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 golang-x-text: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 golang-x-text: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's polic
Bugzilla
CVE-2025-58185 golang-github-nats-io-streaming-server: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 golang-github-nats-io-streaming-server: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 golang-github-nats-io-streaming-server: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05
Bugzilla
CVE-2025-58185 caddy: Parsing DER payload can cause memory exhaustion in encoding/asn1 [epel-8]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 caddy: Parsing DER payload can cause memory exhaustion in encoding/asn1 [epel-8]
CVE-2025-58185 caddy: Parsing DER payload can cause memory exhaustion in encoding/asn1 [epel-8]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Bugzilla
CVE-2025-58185 cri-tools: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 cri-tools: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 cri-tools: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to
Bugzilla
CVE-2025-58185 golang-github-tenox7-wrp: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 golang-github-tenox7-wrp: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 golang-github-tenox7-wrp: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fed
Bugzilla
CVE-2025-58185 golang-github-gobwas-ws: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 golang-github-gobwas-ws: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 golang-github-gobwas-ws: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedo
Bugzilla
CVE-2025-58185 cheat: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 cheat: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 cheat: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to clo
Bugzilla
CVE-2025-58185 hut: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-43]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 hut: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-43]
CVE-2025-58185 hut: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-43]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
FEDORA-2026-ed208f5337 (hut-0.8.0-1.fc44) has been submitted as an update to Fedora 44.
https://bodhi.fedoraproject.org/updates/FEDORA-2026-ed208f5337
---
FEDORA-2026-32113d4817 (hut-0.8.0
Bugzilla
CVE-2025-58185 golang-etcd-bbolt: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 golang-etcd-bbolt: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 golang-etcd-bbolt: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's p
Bugzilla
CVE-2025-58185 golang-x-exp: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-43]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 golang-x-exp: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-43]
CVE-2025-58185 golang-x-exp: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-43]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
Doesn't affect the package.
Bugzilla
CVE-2025-58185 golang-github-theoapp-theo-agent: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 golang-github-theoapp-theo-agent: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 golang-github-theoapp-theo-agent: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
I
Bugzilla
CVE-2025-58185 golang-github-emersion-smtp: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 golang-github-emersion-smtp: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 golang-github-emersion-smtp: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is
Bugzilla
CVE-2025-58185 golang-github-aliyun-cli: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 golang-github-aliyun-cli: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 golang-github-aliyun-cli: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fed
Bugzilla
CVE-2025-58185 golang-github-containerd-fuse-overlayfs-snapshotter: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 golang-github-containerd-fuse-overlayfs-snapshotter: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 golang-github-containerd-fuse-overlayfs-snapshotter: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux
Bugzilla
CVE-2025-58185 golang-github-awslabs-aws-multi-module-repository-tools: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 golang-github-awslabs-aws-multi-module-repository-tools: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 golang-github-awslabs-aws-multi-module-repository-tools: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Li
Bugzilla
CVE-2025-58185 golang-github-deepmap-oapi-codegen: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 golang-github-deepmap-oapi-codegen: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 golang-github-deepmap-oapi-codegen: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
Bugzilla
CVE-2025-58185 gron: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 gron: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 gron: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to clos
Bugzilla
CVE-2025-58185 golang-github-bobesa-domain-util: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 golang-github-bobesa-domain-util: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 golang-github-bobesa-domain-util: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
I
Bugzilla
CVE-2025-58185 osbuild-composer: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 osbuild-composer: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 osbuild-composer: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's po
Bugzilla
CVE-2025-58185 thrift: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 thrift: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 thrift: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to cl
Bugzilla
CVE-2025-58185 golang-github-path-network-mmproxy: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 golang-github-path-network-mmproxy: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 golang-github-path-network-mmproxy: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
Bugzilla
CVE-2025-58185 fluent-bit: Parsing DER payload can cause memory exhaustion in encoding/asn1 [epel-9]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 fluent-bit: Parsing DER payload can cause memory exhaustion in encoding/asn1 [epel-9]
CVE-2025-58185 fluent-bit: Parsing DER payload can cause memory exhaustion in encoding/asn1 [epel-9]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This package has changed maintainer in Fedora. Reassigning to the new maintainer of this component.
Bugzilla
CVE-2025-58185 golang-x-perf: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 golang-x-perf: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 golang-x-perf: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's polic
Bugzilla
CVE-2025-58185 golang-github-facebookincubator-contest: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 golang-github-facebookincubator-contest: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 golang-github-facebookincubator-contest: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-0
Bugzilla
CVE-2025-58185 golang-github-facebook-time: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 golang-github-facebook-time: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 golang-github-facebook-time: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is
Bugzilla
CVE-2025-58185 cri-tools1.30: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 cri-tools1.30: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 cri-tools1.30: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's polic
Bugzilla
CVE-2025-58185 golang-github-hashicorp-serf: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 golang-github-hashicorp-serf: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 golang-github-hashicorp-serf: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is
Bugzilla
CVE-2025-58185 golang-github-valyala-fasthttp: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 golang-github-valyala-fasthttp: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 golang-github-valyala-fasthttp: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It
Bugzilla
CVE-2025-58185 trivy: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-43]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 trivy: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-43]
CVE-2025-58185 trivy: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-43]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
FEDORA-2026-868e266938 (trivy-0.69.3-1.fc43) has been submitted as an update to Fedora 43.
https://bodhi.fedoraproject.org/updates/FEDORA-2026-868e266938
---
FEDORA-2026-868e266938 has b
Bugzilla
CVE-2025-58185 nebula: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 nebula: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 nebula: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to cl
Bugzilla
CVE-2025-58185 tinygo: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 tinygo: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 tinygo: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to cl
Bugzilla
CVE-2025-58185 manifest-tool: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 manifest-tool: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 manifest-tool: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's polic
Bugzilla
CVE-2025-58185 golang-github-git-5: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 golang-github-git-5: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 golang-github-git-5: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's
Bugzilla
CVE-2025-58185 startdde: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 startdde: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 startdde: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to
Bugzilla
CVE-2025-58185 golang-github-cockroachdb-pebble: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 golang-github-cockroachdb-pebble: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 golang-github-cockroachdb-pebble: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
I
Bugzilla
CVE-2025-58185 git-credential-azure: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 git-credential-azure: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 git-credential-azure: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora'
Bugzilla
CVE-2025-58185 cadvisor: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 cadvisor: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 cadvisor: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to
Bugzilla
CVE-2025-58185 gphotosdl: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 gphotosdl: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 gphotosdl: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to
Bugzilla
CVE-2025-58185 golang-github-facebookincubator-dhcplb: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 golang-github-facebookincubator-dhcplb: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 golang-github-facebookincubator-dhcplb: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05
Bugzilla
CVE-2025-58185 golang-k8s-pod-security-admission: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 golang-k8s-pod-security-admission: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 golang-k8s-pod-security-admission: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
Bugzilla
CVE-2025-58185 netdata: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 netdata: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 netdata: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to c
Bugzilla
CVE-2025-58185 golang-github-haproxytech-dataplaneapi: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 golang-github-haproxytech-dataplaneapi: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 golang-github-haproxytech-dataplaneapi: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05
Bugzilla
CVE-2025-58185 toxcore: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 toxcore: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 toxcore: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to c
Bugzilla
CVE-2025-58185 dnscrypt-proxy: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 dnscrypt-proxy: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 dnscrypt-proxy: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's poli
Bugzilla
CVE-2025-58185 golang-x-mobile: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 golang-x-mobile: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 golang-x-mobile: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's pol
Bugzilla
CVE-2025-58185 golang-github-chromedp: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 golang-github-chromedp: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 golang-github-chromedp: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedor
Bugzilla
CVE-2025-58185 nats-server: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 nats-server: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 nats-server: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy
Bugzilla
CVE-2025-58185 fluent-bit: Parsing DER payload can cause memory exhaustion in encoding/asn1 [epel-10]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 fluent-bit: Parsing DER payload can cause memory exhaustion in encoding/asn1 [epel-10]
CVE-2025-58185 fluent-bit: Parsing DER payload can cause memory exhaustion in encoding/asn1 [epel-10]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This package has changed maintainer in Fedora. Reassigning to the new maintainer of this component.
Bugzilla
CVE-2025-58185 direnv: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 direnv: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 direnv: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to cl
Bugzilla
CVE-2025-58185 golang-github-mock: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 golang-github-mock: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 golang-github-mock: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's
Bugzilla
CVE-2025-58185 golang-sigs-k8s-aws-iam-authenticator: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 golang-sigs-k8s-aws-iam-authenticator: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 golang-sigs-k8s-aws-iam-authenticator: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-
Bugzilla
CVE-2025-58185 trustee-guest-components: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 trustee-guest-components: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 trustee-guest-components: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fed
Bugzilla
CVE-2025-58185 golang-github-theupdateframework-notary: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 golang-github-theupdateframework-notary: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 golang-github-theupdateframework-notary: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-0
Bugzilla
CVE-2025-58185 golang-github-acme-lego: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 golang-github-acme-lego: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 golang-github-acme-lego: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedo
Bugzilla
CVE-2025-58185 snapd: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 snapd: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 snapd: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to clo
Bugzilla
CVE-2025-58185 caddy: Parsing DER payload can cause memory exhaustion in encoding/asn1 [epel-9]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 caddy: Parsing DER payload can cause memory exhaustion in encoding/asn1 [epel-9]
CVE-2025-58185 caddy: Parsing DER payload can cause memory exhaustion in encoding/asn1 [epel-9]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Bugzilla
CVE-2025-58185 cri-o1.30: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 cri-o1.30: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 cri-o1.30: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to
Bugzilla
CVE-2025-58185 cri-tools1.29: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 cri-tools1.29: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 cri-tools1.29: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's polic
Bugzilla
CVE-2025-58185 kitty: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 kitty: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 kitty: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to clo
Bugzilla
CVE-2025-58185 golang-github-niklasfasching-org: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 golang-github-niklasfasching-org: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 golang-github-niklasfasching-org: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
I
Bugzilla
CVE-2025-58185 whisper-cpp: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 whisper-cpp: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 whisper-cpp: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy
Bugzilla
CVE-2025-58185 golang-github-cucumber-godog: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 golang-github-cucumber-godog: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 golang-github-cucumber-godog: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is
Bugzilla
CVE-2025-58185 docker-distribution: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-43]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 docker-distribution: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-43]
CVE-2025-58185 docker-distribution: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-43]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
golang fixed since v1.25.2
Bugzilla
CVE-2025-58185 golang-github-liamg-scout: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 golang-github-liamg-scout: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 golang-github-liamg-scout: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fe
Bugzilla
CVE-2025-58185 golang-github-rubenv-sql-migrate: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 golang-github-rubenv-sql-migrate: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 golang-github-rubenv-sql-migrate: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
I
Bugzilla
CVE-2025-58185 golang-github-intel-goresctrl: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 golang-github-intel-goresctrl: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 golang-github-intel-goresctrl: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It i
Bugzilla
CVE-2025-58185 golang-github-cpu-goacmedns: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 golang-github-cpu-goacmedns: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 golang-github-cpu-goacmedns: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is
Bugzilla
CVE-2025-58185 libarrow: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 libarrow: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 libarrow: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to
Bugzilla
CVE-2025-58185 golang-github-moby-swarmkit-2: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 golang-github-moby-swarmkit-2: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 golang-github-moby-swarmkit-2: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It i
Bugzilla
CVE-2025-58185 grafana: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 grafana: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 grafana: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to c
Bugzilla
CVE-2025-58185 httpdump: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 httpdump: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 httpdump: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to
Bugzilla
CVE-2025-58185 docker-distribution: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 docker-distribution: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 docker-distribution: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
golang fixed since v1.25.2
Bugzilla
CVE-2025-58185 golang-github-hexdigest-gowrap: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 golang-github-hexdigest-gowrap: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 golang-github-hexdigest-gowrap: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It
Bugzilla
CVE-2025-58185 golang-github-colinmarc-hdfs-2: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 golang-github-colinmarc-hdfs-2: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 golang-github-colinmarc-hdfs-2: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It
Bugzilla
CVE-2025-58185 helm: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
bugzilla·2025-10-31·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 helm: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
CVE-2025-58185 helm: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to clos
Bugzilla
CVE-2025-58185 encoding/asn1: Parsing DER payload can cause memory exhaustion in encoding/asn1
bugzilla·2025-10-29·CVSS 5.3
CVE-2025-58185 [MEDIUM] CVE-2025-58185 encoding/asn1: Parsing DER payload can cause memory exhaustion in encoding/asn1
CVE-2025-58185 encoding/asn1: Parsing DER payload can cause memory exhaustion in encoding/asn1
Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion.
Discussion:
This is fixed in Go versions 1.25.2:
https://github.com/golang/go/commit/e0f655bf3f96410f90756f49532bc6a1851855ca
... and 1.24.8:
https://github.com/golang/go/commit/5c3d61c886f7ecfce9a6d6d3c97e6d5a8afb17d1
Wiz
CVE-2026-25793 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2026-25793 [HIGH] CVE-2026-25793 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-25793 :
Nebula vulnerability analysis and mitigation
Nebula is a scalable overlay networking tool. In versions from 1.7.0 to 1.10.2, when using P256 certificates (which is not the default configuration), it is possible to evade a blocklist entry created against the fingerprint of a certificate by using ECDSA Signature Malleability to use a copy of the certificate with a different fingerprint. This issue has been patched in version 1.10.3.
Source : NVD
## 7.6
Score
Published February 6, 2026
Severity HIGH
CNA Score 7.6
Affected Technologies
Nebula
Wolfi
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.5
Exploitation Probability (EPSS) N/A
Affected packages and libraries
2025-10-29
Published