CVE-2025-58185Allocation of Resources Without Limits or Throttling in Standard Library Encoding Asn1

CWE-770Allocation of Resources Without Limits or Throttling11 documents8 sources
Severity
5.3MEDIUMNVD
EPSS
0.0%
top 91.16%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
GO Standard Library Encoding Asn1Golang GO
Timeline
PublishedOct 29
Latest updateOct 31

Description

Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

NVDgolang/go1.25.01.25.2+1
CVEListV5go_standard_library/encoding_asn11.25.01.25.2+1

Patches

Patch: go.dev

🔴Vulnerability Details

4
GHSA
GHSA-jwmf-chvc-rf92: Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion2025-10-30
OSV
Parsing DER payload can cause memory exhaustion in encoding/asn12025-10-29
OSV
CVE-2025-58185: Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion2025-10-29
CVEList
Parsing DER payload can cause memory exhaustion in encoding/asn12025-10-29

📋Vendor Advisories

3
Red Hat
encoding/asn1: Parsing DER payload can cause memory exhaustion in encoding/asn12025-10-29
Microsoft
Parsing DER payload can cause memory exhaustion in encoding/asn12025-10-14
Debian
CVE-2025-58185: golang-1.15 - Parsing a maliciously crafted DER payload could allocate large amounts of memory...2025

💬Community

3
Bugzilla
CVE-2025-58185 trivy: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-43]2025-10-31
Bugzilla
CVE-2025-58185 docker-distribution: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-43]2025-10-31
Bugzilla
CVE-2025-58185 docker-distribution: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]2025-10-31
CVE-2025-58185 — MEDIUM severity | cvebase