CVE-2025-61723
published 2025-10-29CVE-2025-61723: The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM…
PriorityP341high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
0.63%
45.5th percentile
The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs.
Affected
27 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | golang-1.15 | < golang-1.24 1.24.8-1 (forky) | golang-1.24 1.24.8-1 (forky) |
| debian | golang-1.19 | < golang-1.24 1.24.8-1 (forky) | golang-1.24 1.24.8-1 (forky) |
| debian | golang-1.24 | < golang-1.24 1.24.8-1 (forky) | golang-1.24 1.24.8-1 (forky) |
| debian | golang-1.25 | < golang-1.24 1.24.8-1 (forky) | golang-1.24 1.24.8-1 (forky) |
| github.com | open-feature_flagd_core | >= 0 < 0.13.1 | 0.13.1 |
| github.com | open-feature_flagd_flagd | >= 0 < 0.13.1 | 0.13.1 |
| github.com | open-feature_flagd_flagd-proxy | >= 0 < 0.8.2 | 0.8.2 |
| go_standard_library | encoding_pem | < 1.24.8 | 1.24.8 |
| go_standard_library | encoding_pem | >= 1.25.0 < 1.25.2 | 1.25.2 |
| golang | go | < 1.24.8 | 1.24.8 |
| golang | go | >= 1.25.0 < 1.25.2 | 1.25.2 |
| msrc | azl3_gcc_13.2.0-7_on_azure_linux_3.0 | — | — |
| msrc | azl3_golang_1.23.12-1_on_azure_linux_3.0 | — | — |
| msrc | azl3_golang_1.25.3-1_on_azure_linux_3.0 | — | — |
| msrc | azl3_golang_1.25.5-1_on_azure_linux_3.0 | — | — |
| msrc | azl3_golang_1.25.6-1_on_azure_linux_3.0 | — | — |
| msrc | azl3_python-tensorboard_2.16.2-6_on_azure_linux_3.0 | — | — |
| msrc | azl3_tensorflow_2.16.1-9_on_azure_linux_3.0 | — | — |
| msrc | cbl2_gcc_11.2.0-8_on_cbl_mariner_2.0 | — | — |
| msrc | cbl2_golang_1.18.8-10_on_cbl_mariner_2.0 | — | — |
| msrc | cbl2_golang_1.22.7-5_on_cbl_mariner_2.0 | — | — |
| msrc | cbl2_msft-golang_1.24.11-1_on_cbl_mariner_2.0 | — | — |
| msrc | cbl2_msft-golang_1.24.12-1_on_cbl_mariner_2.0 | — | — |
| msrc | cbl2_msft-golang_1.24.8-1_on_cbl_mariner_2.0 | — | — |
| msrc | cbl2_msft-golang_1.24.9-1_on_cbl_mariner_2.0 | — | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
ghsa7.0HIGH
osv7.5HIGH
vendor_debian7.5HIGH
vendor_msrc7.5HIGH
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
encoding/pem: Quadratic complexity when parsing some invalid inputs in encoding/pem
vendor_redhat·2025-10-29·CVSS 7.5
CVE-2025-61723 [HIGH] CWE-770 encoding/pem: Quadratic complexity when parsing some invalid inputs in encoding/pem
encoding/pem: Quadratic complexity when parsing some invalid inputs in encoding/pem
The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs.
A potential denial of service flaw has been discovered in the golang encoding/pem module. Due to the design of the PEM parsing function, the processing time for some
inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs and may result in an unresponsive program should an attacker exploit it.
Mitigation: Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment,
Microsoft
Quadratic complexity when parsing some invalid inputs in encoding/pem
vendor_msrc·2025-10-14·CVSS 7.5
CVE-2025-61723 [HIGH] Quadratic complexity when parsing some invalid inputs in encoding/pem
Quadratic complexity when parsing some invalid inputs in encoding/pem
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to additional products is identified, we will update the CVE to reflect this.
Mariner: Mariner
Go: Go
Customer Action Required: Yes
Debian
CVE-2025-61723: golang-1.15 - The processing time for parsing some invalid inputs scales non-linearly with res...
vendor_debian·2025·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723: golang-1.15 - The processing time for parsing some invalid inputs scales non-linearly with res...
The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs.
Scope: local
bullseye: open
GHSA
flagd: Multiple Go Runtime CVEs Impact Security and Availability
ghsa·2026-01-05·CVSS 7.0
CVE-2025-47907 [HIGH] CWE-20 flagd: Multiple Go Runtime CVEs Impact Security and Availability
flagd: Multiple Go Runtime CVEs Impact Security and Availability
### Summary
In 2025, several vulnerabilities in the Go Standard Library were disclosed, impacting Go-based applications like flagd (the evaluation engine for OpenFeature). These CVEs primarily focus on Denial of Service (DoS) through resource exhaustion and Race Conditions in database handling.
| CVE ID | Impacted Package | Severity | Description & Impact on flagd |
| -- | -- | -- | -- |
| CVE-2025-47907 | database/sql | 7.0 (High) | Race Condition: Canceling a query during a Scan call can return data from the wrong query. Critical if flagd uses SQL-based sync providers (e.g., Postgres), potentially leading to incorrect flag configurations. |
| CVE-2025-61725 | net/mail | 7.5 (High) | DoS: Inefficient complexity in ParseAdd
OSV
flagd: Multiple Go Runtime CVEs Impact Security and Availability
osv·2026-01-05·CVSS 7.0
CVE-2025-47907 [HIGH] flagd: Multiple Go Runtime CVEs Impact Security and Availability
flagd: Multiple Go Runtime CVEs Impact Security and Availability
### Summary
In 2025, several vulnerabilities in the Go Standard Library were disclosed, impacting Go-based applications like flagd (the evaluation engine for OpenFeature). These CVEs primarily focus on Denial of Service (DoS) through resource exhaustion and Race Conditions in database handling.
| CVE ID | Impacted Package | Severity | Description & Impact on flagd |
| -- | -- | -- | -- |
| CVE-2025-47907 | database/sql | 7.0 (High) | Race Condition: Canceling a query during a Scan call can return data from the wrong query. Critical if flagd uses SQL-based sync providers (e.g., Postgres), potentially leading to incorrect flag configurations. |
| CVE-2025-61725 | net/mail | 7.5 (High) | DoS: Inefficient complexity in ParseAdd
GHSA
GHSA-hjx7-fpxx-mj48: The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input
ghsa_unreviewed·2025-10-30
CVE-2025-61723 [MEDIUM] CWE-770 GHSA-hjx7-fpxx-mj48: The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input
The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs.
OSV
CVE-2025-61723: The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input
osv·2025-10-29·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723: The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input
The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs.
OSV
Quadratic complexity when parsing some invalid inputs in encoding/pem
osv·2025-10-29
CVE-2025-61723 Quadratic complexity when parsing some invalid inputs in encoding/pem
Quadratic complexity when parsing some invalid inputs in encoding/pem
The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input.
This affects programs which parse untrusted PEM inputs.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2025-61723 caddy: Quadratic complexity when parsing some invalid inputs in encoding/pem [epel-10]
bugzilla·2026-06-12·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 caddy: Quadratic complexity when parsing some invalid inputs in encoding/pem [epel-10]
CVE-2025-61723 caddy: Quadratic complexity when parsing some invalid inputs in encoding/pem [epel-10]
+++ This bug was initially created as a clone of Bug #2408978 +++
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Bugzilla
CVE-2025-61723 caddy: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-43]
bugzilla·2026-06-12·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 caddy: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-43]
CVE-2025-61723 caddy: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-43]
+++ This bug was initially created as a clone of Bug #2408978 +++
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Bugzilla
CVE-2025-61723 transifex-client: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 transifex-client: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 transifex-client: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora
Bugzilla
CVE-2025-61723 golang-github-haproxytech-dataplaneapi: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 golang-github-haproxytech-dataplaneapi: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 golang-github-haproxytech-dataplaneapi: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 20
Bugzilla
CVE-2025-61723 vhs: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 vhs: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 vhs: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
FEDORA-2026-795b0d0367 (vhs-0.9.0-2.fc42) has been submitted as an update to Fedora 42.
https://bodhi.fedoraproject.org/updates/FEDORA-2026-795b0d0367
Bugzilla
CVE-2025-61723 gvisor-tap-vsock: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 gvisor-tap-vsock: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 gvisor-tap-vsock: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
Will be fixed (if impacted) by rebuilding the package with a fixed go version https://pkg.go.dev/vuln/GO-2025-4009
---
This message is a reminder that Fedora Linux 42 is
Bugzilla
CVE-2025-61723 matterbridge: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 matterbridge: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 matterbridge: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's p
Bugzilla
CVE-2025-61723 nng: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 nng: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 nng: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to
Bugzilla
CVE-2025-61723 podman: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-43]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 podman: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-43]
CVE-2025-61723 podman: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-43]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Bugzilla
CVE-2025-61723 golang-x-tools: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 golang-x-tools: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 golang-x-tools: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's
Bugzilla
CVE-2025-61723 suseconnect-ng: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 suseconnect-ng: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 suseconnect-ng: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's
Bugzilla
CVE-2025-61723 reg: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 reg: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 reg: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to
Bugzilla
CVE-2025-61723 golang-github-uber-athenadriver: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 golang-github-uber-athenadriver: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 golang-github-uber-athenadriver: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-1
Bugzilla
CVE-2025-61723 golang-github-geertjohan-rice: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 golang-github-geertjohan-rice: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 golang-github-geertjohan-rice: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
Bugzilla
CVE-2025-61723 golang-github-schollz-cli-2: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 golang-github-schollz-cli-2: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 golang-github-schollz-cli-2: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
I
Bugzilla
CVE-2025-61723 golang-github-nats-io-jwt-2: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 golang-github-nats-io-jwt-2: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 golang-github-nats-io-jwt-2: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
I
Bugzilla
CVE-2025-61723 anubis: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 anubis: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 anubis: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy
Bugzilla
CVE-2025-61723 golang-github-zmap-zcertificate: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 golang-github-zmap-zcertificate: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 golang-github-zmap-zcertificate: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-1
Bugzilla
CVE-2025-61723 geoipupdate: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 geoipupdate: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 geoipupdate: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's po
Bugzilla
CVE-2025-61723 golang-github-nats-io-streaming-server: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 golang-github-nats-io-streaming-server: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 golang-github-nats-io-streaming-server: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 20
Bugzilla
CVE-2025-61723 golang-github-chromedp: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 golang-github-chromedp: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 golang-github-chromedp: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is
Bugzilla
CVE-2025-61723 golang-github-facebookincubator-dhcplb: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 golang-github-facebookincubator-dhcplb: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 golang-github-facebookincubator-dhcplb: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 20
Bugzilla
CVE-2025-61723 smtprelay: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 smtprelay: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 smtprelay: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's poli
Bugzilla
CVE-2025-61723 golang-k8s-sample-apiserver: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 golang-k8s-sample-apiserver: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 golang-k8s-sample-apiserver: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
I
Bugzilla
CVE-2025-61723 caddy: Quadratic complexity when parsing some invalid inputs in encoding/pem [epel-8]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 caddy: Quadratic complexity when parsing some invalid inputs in encoding/pem [epel-8]
CVE-2025-61723 caddy: Quadratic complexity when parsing some invalid inputs in encoding/pem [epel-8]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Bugzilla
CVE-2025-61723 httpdump: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 httpdump: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 httpdump: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's polic
Bugzilla
CVE-2025-61723 whisper-cpp: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 whisper-cpp: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 whisper-cpp: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's po
Bugzilla
CVE-2025-61723 golang-github-instrumenta-kubeval: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 golang-github-instrumenta-kubeval: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 golang-github-instrumenta-kubeval: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05
Bugzilla
CVE-2025-61723 golang-github-nicksnyder-i18n-2: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 golang-github-nicksnyder-i18n-2: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 golang-github-nicksnyder-i18n-2: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-1
Bugzilla
CVE-2025-61723 grafana-pcp: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 grafana-pcp: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 grafana-pcp: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's po
Bugzilla
CVE-2025-61723 cri-o: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 cri-o: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 cri-o: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy t
Bugzilla
CVE-2025-61723 golang-github-shopify-sarama: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 golang-github-shopify-sarama: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 golang-github-shopify-sarama: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
Bugzilla
CVE-2025-61723 golang-github-hashicorp-serf: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 golang-github-hashicorp-serf: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 golang-github-hashicorp-serf: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
Bugzilla
CVE-2025-61723 golang-github-containerd-fuse-overlayfs-snapshotter: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 golang-github-containerd-fuse-overlayfs-snapshotter: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 golang-github-containerd-fuse-overlayfs-snapshotter: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora L
Bugzilla
CVE-2025-61723 asnmap: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 asnmap: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 asnmap: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy
Bugzilla
CVE-2025-61723 golang-github-aws-lambda: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 golang-github-aws-lambda: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 golang-github-aws-lambda: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It i
Bugzilla
CVE-2025-61723 golang-k8s-sample-controller: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 golang-k8s-sample-controller: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 golang-k8s-sample-controller: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
Bugzilla
CVE-2025-61723 OliveTin: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 OliveTin: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 OliveTin: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's polic
Bugzilla
CVE-2025-61723 golang-k8s-code-generator: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 golang-k8s-code-generator: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 golang-k8s-code-generator: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It
Bugzilla
CVE-2025-61723 cri-tools1.34: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 cri-tools1.34: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 cri-tools1.34: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's
Bugzilla
CVE-2025-61723 cri-tools1.29: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 cri-tools1.29: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 cri-tools1.29: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's
Bugzilla
CVE-2025-61723 golang-github-emersion-smtp: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 golang-github-emersion-smtp: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 golang-github-emersion-smtp: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
I
Bugzilla
CVE-2025-61723 butane: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 butane: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 butane: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy
Bugzilla
CVE-2025-61723 yubihsm-connector: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 yubihsm-connector: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 yubihsm-connector: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedor
Bugzilla
CVE-2025-61723 qt5-qtwebengine: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 qt5-qtwebengine: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 qt5-qtwebengine: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora'
Bugzilla
CVE-2025-61723 helm: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 helm: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 helm: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to
Bugzilla
CVE-2025-61723 golang-github-googleapis-gnostic: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 golang-github-googleapis-gnostic: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 golang-github-googleapis-gnostic: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-
Bugzilla
CVE-2025-61723 golang-github-distribution-3: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 golang-github-distribution-3: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 golang-github-distribution-3: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
Bugzilla
CVE-2025-61723 cri-tools1.30: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 cri-tools1.30: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 cri-tools1.30: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's
Bugzilla
CVE-2025-61723 golang-github-gocolly-colly-2: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 golang-github-gocolly-colly-2: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 golang-github-gocolly-colly-2: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
Bugzilla
CVE-2025-61723 docker-distribution: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 docker-distribution: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 docker-distribution: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
golang fixed since v1.25.2
Bugzilla
CVE-2025-61723 golang-github-pelletier-toml: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 golang-github-pelletier-toml: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 golang-github-pelletier-toml: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
Bugzilla
CVE-2025-61723 golang-github-path-network-mmproxy: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 golang-github-path-network-mmproxy: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 golang-github-path-network-mmproxy: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-0
Bugzilla
CVE-2025-61723 apache-cloudstack-cloudmonkey: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 apache-cloudstack-cloudmonkey: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 apache-cloudstack-cloudmonkey: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
Bugzilla
CVE-2025-61723 golang-github-facebookincubator-contest: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 golang-github-facebookincubator-contest: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 golang-github-facebookincubator-contest: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2
Bugzilla
CVE-2025-61723 golang-github-mock: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 golang-github-mock: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 golang-github-mock: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedo
Bugzilla
CVE-2025-61723 syncthing: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 syncthing: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 syncthing: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's poli
Bugzilla
CVE-2025-61723 golang-google-appengine: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 golang-google-appengine: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 golang-google-appengine: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is
Bugzilla
CVE-2025-61723 fluent-bit: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 fluent-bit: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 fluent-bit: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's pol
Bugzilla
CVE-2025-61723 golang-x-text: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 golang-x-text: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 golang-x-text: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's
Bugzilla
CVE-2025-61723 vultr: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 vultr: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 vultr: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy t
Bugzilla
CVE-2025-61723 golang-github-apache-beam-2: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 golang-github-apache-beam-2: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 golang-github-apache-beam-2: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
I
Bugzilla
CVE-2025-61723 gitjacker: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 gitjacker: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 gitjacker: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's poli
Bugzilla
CVE-2025-61723 golang-github-jsonnet-bundler: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 golang-github-jsonnet-bundler: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 golang-github-jsonnet-bundler: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
Bugzilla
CVE-2025-61723 golang-ariga-atlas: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 golang-ariga-atlas: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 golang-ariga-atlas: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedo
Bugzilla
CVE-2025-61723 snapd: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 snapd: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 snapd: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy t
Bugzilla
CVE-2025-61723 clash-meta: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 clash-meta: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 clash-meta: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's pol
Bugzilla
CVE-2025-61723 glow: Quadratic complexity when parsing some invalid inputs in encoding/pem [epel-10]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 glow: Quadratic complexity when parsing some invalid inputs in encoding/pem [epel-10]
CVE-2025-61723 glow: Quadratic complexity when parsing some invalid inputs in encoding/pem [epel-10]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This package has changed maintainer in Fedora. Reassigning to the new maintainer of this component.
---
FEDORA-EPEL-2026-4deb1b7241 (glow-2.1.2-1.el10_3) has been submitted as an updat
Bugzilla
CVE-2025-61723 golang-github-liamg-scout: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 golang-github-liamg-scout: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 golang-github-liamg-scout: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It
Bugzilla
CVE-2025-61723 golang-github-projectdiscovery-chaos-client: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 golang-github-projectdiscovery-chaos-client: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 golang-github-projectdiscovery-chaos-client: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42
Bugzilla
CVE-2025-61723 trayscale: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-43]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 trayscale: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-43]
CVE-2025-61723 trayscale: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-43]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Bugzilla
CVE-2025-61723 golang-github-theoapp-theo-agent: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 golang-github-theoapp-theo-agent: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 golang-github-theoapp-theo-agent: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-
Bugzilla
CVE-2025-61723 direnv: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 direnv: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 direnv: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy
Bugzilla
CVE-2025-61723 yq: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 yq: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 yq: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to c
Bugzilla
CVE-2025-61723 deepin-daemon: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 deepin-daemon: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 deepin-daemon: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's
Bugzilla
CVE-2025-61723 golang-github-rootless-containers-rootlesskit: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 golang-github-rootless-containers-rootlesskit: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 golang-github-rootless-containers-rootlesskit: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 4
Bugzilla
CVE-2025-61723 golang-github-niklasfasching-org: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 golang-github-niklasfasching-org: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 golang-github-niklasfasching-org: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-
Bugzilla
CVE-2025-61723 golang-github-pact-foundation: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 golang-github-pact-foundation: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 golang-github-pact-foundation: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
Bugzilla
CVE-2025-61723 golang-github-haproxytech-client-native: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 golang-github-haproxytech-client-native: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 golang-github-haproxytech-client-native: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2
Bugzilla
CVE-2025-61723 golang-github-acme-lego: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 golang-github-acme-lego: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 golang-github-acme-lego: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is
Bugzilla
CVE-2025-61723 golang-x-mod: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 golang-x-mod: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 golang-x-mod: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's p
Bugzilla
CVE-2025-61723 golang-github-hashicorp-msgpack: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 golang-github-hashicorp-msgpack: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 golang-github-hashicorp-msgpack: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-1
Bugzilla
CVE-2025-61723 gphotosdl: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 gphotosdl: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 gphotosdl: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's poli
Bugzilla
CVE-2025-61723 golang-github-deepmap-oapi-codegen: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 golang-github-deepmap-oapi-codegen: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 golang-github-deepmap-oapi-codegen: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-0
Bugzilla
CVE-2025-61723 golang-github-cloudflare-redoctober: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 golang-github-cloudflare-redoctober: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 golang-github-cloudflare-redoctober: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-
Bugzilla
CVE-2025-61723 golang-github-moby-swarmkit-2: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 golang-github-moby-swarmkit-2: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 golang-github-moby-swarmkit-2: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
Bugzilla
CVE-2025-61723 aerc: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 aerc: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 aerc: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to
Bugzilla
CVE-2025-61723 cri-o1.29: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 cri-o1.29: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 cri-o1.29: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's poli
Bugzilla
CVE-2025-61723 grpc: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 grpc: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 grpc: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to
Bugzilla
CVE-2025-61723 golang-github-redteampentesting-monsoon: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 golang-github-redteampentesting-monsoon: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 golang-github-redteampentesting-monsoon: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2
Bugzilla
CVE-2025-61723 golang-github-gobwas-ws: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 golang-github-gobwas-ws: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 golang-github-gobwas-ws: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is
Bugzilla
CVE-2025-61723 shellz: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 shellz: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 shellz: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy
Bugzilla
CVE-2025-61723 fluent-bit: Quadratic complexity when parsing some invalid inputs in encoding/pem [epel-10]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 fluent-bit: Quadratic complexity when parsing some invalid inputs in encoding/pem [epel-10]
CVE-2025-61723 fluent-bit: Quadratic complexity when parsing some invalid inputs in encoding/pem [epel-10]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This package has changed maintainer in Fedora. Reassigning to the new maintainer of this component.
Bugzilla
CVE-2025-61723 golang-k8s-kube-aggregator: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 golang-k8s-kube-aggregator: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 golang-k8s-kube-aggregator: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It
Bugzilla
CVE-2025-61723 golang-github-kyokomi-emoji: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 golang-github-kyokomi-emoji: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 golang-github-kyokomi-emoji: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
I
Bugzilla
CVE-2025-61723 dnsx: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 dnsx: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 dnsx: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to
Bugzilla
CVE-2025-61723 golang-github-moby-buildkit: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 golang-github-moby-buildkit: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 golang-github-moby-buildkit: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
I
Bugzilla
CVE-2025-61723 htmltest: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 htmltest: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 htmltest: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's polic
Bugzilla
CVE-2025-61723 golang-sr-emersion-gqlclient: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 golang-sr-emersion-gqlclient: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 golang-sr-emersion-gqlclient: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
Bugzilla
CVE-2025-61723 golang-etcd-bbolt: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 golang-etcd-bbolt: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 golang-etcd-bbolt: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedor
Bugzilla
CVE-2025-61723 golang-github-vmware-govmomi: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 golang-github-vmware-govmomi: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 golang-github-vmware-govmomi: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
Bugzilla
CVE-2025-61723 glow: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 glow: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 glow: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
FEDORA-2026-9d0e7df23a (glow-2.1.2-1.fc42) has been submitted as an update to Fedora 42.
https://bodhi.fedoraproject.org/updates/FEDORA-2026-9d0e7df23a
Bugzilla
CVE-2025-61723 fluent-bit: Quadratic complexity when parsing some invalid inputs in encoding/pem [epel-9]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 fluent-bit: Quadratic complexity when parsing some invalid inputs in encoding/pem [epel-9]
CVE-2025-61723 fluent-bit: Quadratic complexity when parsing some invalid inputs in encoding/pem [epel-9]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This package has changed maintainer in Fedora. Reassigning to the new maintainer of this component.
Bugzilla
CVE-2025-61723 cri-tools: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 cri-tools: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 cri-tools: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's poli
Bugzilla
CVE-2025-61723 git-credential-azure: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 git-credential-azure: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 git-credential-azure: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fe
Bugzilla
CVE-2025-61723 deepin-pw-check: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 deepin-pw-check: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 deepin-pw-check: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora'
Bugzilla
CVE-2025-61723 golang-entgo-ent: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 golang-entgo-ent: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 golang-entgo-ent: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora
Bugzilla
CVE-2025-61723 vhs: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-43]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 vhs: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-43]
CVE-2025-61723 vhs: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-43]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
FEDORA-2026-7646f2a691 (vhs-0.10.0-4.fc43) has been submitted as an update to Fedora 43.
https://bodhi.fedoraproject.org/updates/FEDORA-2026-7646f2a691
Bugzilla
CVE-2025-61723 golang-github-mholt-archiver: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 golang-github-mholt-archiver: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 golang-github-mholt-archiver: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
Bugzilla
CVE-2025-61723 golang-github-prometheus-prom2json: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 golang-github-prometheus-prom2json: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 golang-github-prometheus-prom2json: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-0
Bugzilla
CVE-2025-61723 golang-github-erkexzcx-valetudopng: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 golang-github-erkexzcx-valetudopng: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 golang-github-erkexzcx-valetudopng: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-0
Bugzilla
CVE-2025-61723 golang-gvisor: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 golang-gvisor: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 golang-gvisor: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's
Bugzilla
CVE-2025-61723 golang-github-markbates-pkger: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 golang-github-markbates-pkger: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 golang-github-markbates-pkger: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
Bugzilla
CVE-2025-61723 gobuster: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 gobuster: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 gobuster: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's polic
Bugzilla
CVE-2025-61723 trustee-guest-components: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 trustee-guest-components: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 trustee-guest-components: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It i
Bugzilla
CVE-2025-61723 golang-mongodb-mongo-driver: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 golang-mongodb-mongo-driver: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 golang-mongodb-mongo-driver: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
I
Bugzilla
CVE-2025-61723 ollama: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 ollama: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 ollama: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy
Bugzilla
CVE-2025-61723 etcd: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 etcd: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 etcd: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to
Bugzilla
CVE-2025-61723 golang-k8s-apiextensions-apiserver: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 golang-k8s-apiextensions-apiserver: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 golang-k8s-apiextensions-apiserver: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-0
Bugzilla
CVE-2025-61723 golang-github-valyala-fasthttp: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 golang-github-valyala-fasthttp: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 golang-github-valyala-fasthttp: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13
Bugzilla
CVE-2025-61723 cri-o1.30: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 cri-o1.30: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 cri-o1.30: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's poli
Bugzilla
CVE-2025-61723 miller: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 miller: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 miller: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy
Bugzilla
CVE-2025-61723 lw-cli: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 lw-cli: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 lw-cli: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy
Bugzilla
CVE-2025-61723 golang-github-intel-goresctrl: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 golang-github-intel-goresctrl: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 golang-github-intel-goresctrl: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
Bugzilla
CVE-2025-61723 osbuild-composer: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 osbuild-composer: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 osbuild-composer: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora
Bugzilla
CVE-2025-61723 golang-github-facebookincubator-go2chef: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 golang-github-facebookincubator-go2chef: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 golang-github-facebookincubator-go2chef: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2
Bugzilla
CVE-2025-61723 golang-x-mobile: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 golang-x-mobile: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 golang-x-mobile: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora'
Bugzilla
CVE-2025-61723 golang-github-cpu-goacmedns: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 golang-github-cpu-goacmedns: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 golang-github-cpu-goacmedns: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
I
Bugzilla
CVE-2025-61723 golang-github-colinmarc-hdfs-2: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 golang-github-colinmarc-hdfs-2: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 golang-github-colinmarc-hdfs-2: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13
Bugzilla
CVE-2025-61723 grafana: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 grafana: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 grafana: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy
Bugzilla
CVE-2025-61723 nebula: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 nebula: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 nebula: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy
Bugzilla
CVE-2025-61723 golang-github-temoto-robotstxt: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 golang-github-temoto-robotstxt: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 golang-github-temoto-robotstxt: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13
Bugzilla
CVE-2025-61723 mlpack: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 mlpack: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 mlpack: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy
Bugzilla
CVE-2025-61723 golang-sigs-k8s-aws-iam-authenticator: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 golang-sigs-k8s-aws-iam-authenticator: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 golang-sigs-k8s-aws-iam-authenticator: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 202
Bugzilla
CVE-2025-61723 gopls: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 gopls: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 gopls: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy t
Bugzilla
CVE-2025-61723 golang-github-grpc-ecosystem-gateway-2: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 golang-github-grpc-ecosystem-gateway-2: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 golang-github-grpc-ecosystem-gateway-2: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 20
Bugzilla
CVE-2025-61723 golang-github-rogpeppe-internal: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 golang-github-rogpeppe-internal: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 golang-github-rogpeppe-internal: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-1
Bugzilla
CVE-2025-61723 golang-github-cockroachdb-pebble: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 golang-github-cockroachdb-pebble: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 golang-github-cockroachdb-pebble: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-
Bugzilla
CVE-2025-61723 glow: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-43]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 glow: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-43]
CVE-2025-61723 glow: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-43]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
FEDORA-2026-6d67b00ef1 (glow-2.1.2-1.fc43) has been submitted as an update to Fedora 43.
https://bodhi.fedoraproject.org/updates/FEDORA-2026-6d67b00ef1
Bugzilla
CVE-2025-61723 forgejo: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 forgejo: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 forgejo: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy
Bugzilla
CVE-2025-61723 golang-github-mailru-easyjson: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 golang-github-mailru-easyjson: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 golang-github-mailru-easyjson: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
Bugzilla
CVE-2025-61723 hut: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-43]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 hut: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-43]
CVE-2025-61723 hut: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-43]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
FEDORA-2026-ed208f5337 (hut-0.8.0-1.fc44) has been submitted as an update to Fedora 44.
https://bodhi.fedoraproject.org/updates/FEDORA-2026-ed208f5337
---
FEDORA-2026-32113d4817 (hut-
Bugzilla
CVE-2025-61723 golang-k8s-pod-security-admission: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 golang-k8s-pod-security-admission: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 golang-k8s-pod-security-admission: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05
Bugzilla
CVE-2025-61723 opentofu: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 opentofu: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 opentofu: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's polic
Bugzilla
CVE-2025-61723 cri-tools1.32: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 cri-tools1.32: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 cri-tools1.32: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's
Bugzilla
CVE-2025-61723 docker-distribution: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-43]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 docker-distribution: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-43]
CVE-2025-61723 docker-distribution: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-43]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
golang fixed since v1.25.2
Bugzilla
CVE-2025-61723 golang-github-pdfcpu: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 golang-github-pdfcpu: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 golang-github-pdfcpu: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fe
Bugzilla
CVE-2025-61723 toxcore: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 toxcore: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 toxcore: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy
Bugzilla
CVE-2025-61723 go-fdo-client: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 go-fdo-client: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 go-fdo-client: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's
Bugzilla
CVE-2025-61723 reposurgeon: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 reposurgeon: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 reposurgeon: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's po
Bugzilla
CVE-2025-61723 golang-oras: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 golang-oras: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 golang-oras: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's po
Bugzilla
CVE-2025-61723 golang-github-tenox7-wrp: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 golang-github-tenox7-wrp: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 golang-github-tenox7-wrp: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It i
Bugzilla
CVE-2025-61723 golang-github-tdewolff-minify: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 golang-github-tdewolff-minify: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 golang-github-tdewolff-minify: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
Bugzilla
CVE-2025-61723 golang-x-perf: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 golang-x-perf: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 golang-x-perf: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's
Bugzilla
CVE-2025-61723 cheat: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 cheat: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 cheat: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy t
Bugzilla
CVE-2025-61723 chisel: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 chisel: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 chisel: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy
Bugzilla
CVE-2025-61723 golang-k8s-kube-openapi: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 golang-k8s-kube-openapi: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 golang-k8s-kube-openapi: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is
Bugzilla
CVE-2025-61723 hut: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 hut: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 hut: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to
Bugzilla
CVE-2025-61723 golang-github-schollz-croc: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 golang-github-schollz-croc: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 golang-github-schollz-croc: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It
Bugzilla
CVE-2025-61723 golang-etcd-bbolt: Quadratic complexity when parsing some invalid inputs in encoding/pem [epel-10]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 golang-etcd-bbolt: Quadratic complexity when parsing some invalid inputs in encoding/pem [epel-10]
CVE-2025-61723 golang-etcd-bbolt: Quadratic complexity when parsing some invalid inputs in encoding/pem [epel-10]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This package has changed maintainer in Fedora. Reassigning to the new maintainer of this component.
Bugzilla
CVE-2025-61723 git-credential-oauth: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 git-credential-oauth: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 git-credential-oauth: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fe
Bugzilla
CVE-2025-61723 ceph: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 ceph: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 ceph: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to
Bugzilla
CVE-2025-61723 nats-server: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 nats-server: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 nats-server: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's po
Bugzilla
CVE-2025-61723 git-lfs: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 git-lfs: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 git-lfs: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy
Bugzilla
CVE-2025-61723 yggdrasil: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 yggdrasil: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 yggdrasil: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's poli
Bugzilla
CVE-2025-61723 kubernetes1.29: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 kubernetes1.29: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 kubernetes1.29: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's
Bugzilla
CVE-2025-61723 startdde: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 startdde: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 startdde: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's polic
Bugzilla
CVE-2025-61723 libarrow: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 libarrow: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 libarrow: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's polic
Bugzilla
CVE-2025-61723 kappanhang: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 kappanhang: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 kappanhang: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's pol
Bugzilla
CVE-2025-61723 golang-github-task: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 golang-github-task: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 golang-github-task: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedo
Bugzilla
CVE-2025-61723 golang-github-google-dap: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 golang-github-google-dap: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 golang-github-google-dap: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It i
Bugzilla
CVE-2025-61723 deepin-api: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 deepin-api: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 deepin-api: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's pol
Bugzilla
CVE-2025-61723 golang-mvdan-xurls: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 golang-mvdan-xurls: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 golang-mvdan-xurls: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedo
Bugzilla
CVE-2025-61723 golang-github-theupdateframework-notary: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 golang-github-theupdateframework-notary: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 golang-github-theupdateframework-notary: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2
Bugzilla
CVE-2025-61723 exercism: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 exercism: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 exercism: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's polic
Bugzilla
CVE-2025-61723 golang-x-debug: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 golang-x-debug: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 golang-x-debug: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's
Bugzilla
CVE-2025-61723 golang-github-eclipse-paho-mqtt: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 golang-github-eclipse-paho-mqtt: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 golang-github-eclipse-paho-mqtt: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-1
Bugzilla
CVE-2025-61723 golang-github-envoyproxy-protoc-gen-validate: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 golang-github-envoyproxy-protoc-gen-validate: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 golang-github-envoyproxy-protoc-gen-validate: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42
Bugzilla
CVE-2025-61723 golang-github-francoispqt-gojay: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 golang-github-francoispqt-gojay: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 golang-github-francoispqt-gojay: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-1
Bugzilla
CVE-2025-61723 golang-x-vuln: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 golang-x-vuln: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 golang-x-vuln: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's
Bugzilla
CVE-2025-61723 manifest-tool: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 manifest-tool: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 manifest-tool: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's
Bugzilla
CVE-2025-61723 golang-github-cucumber-godog: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 golang-github-cucumber-godog: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 golang-github-cucumber-godog: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
Bugzilla
CVE-2025-61723 golang-github-bobesa-domain-util: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 golang-github-bobesa-domain-util: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 golang-github-bobesa-domain-util: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-
Bugzilla
CVE-2025-61723 golang-github-cloudflare: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 golang-github-cloudflare: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 golang-github-cloudflare: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It i
Bugzilla
CVE-2025-61723 golang-x-exp: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 golang-x-exp: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 golang-x-exp: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's p
Bugzilla
CVE-2025-61723 golang-github-rubenv-sql-migrate: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 golang-github-rubenv-sql-migrate: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 golang-github-rubenv-sql-migrate: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-
Bugzilla
CVE-2025-61723 kubernetes1.30: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 kubernetes1.30: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 kubernetes1.30: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's
Bugzilla
CVE-2025-61723 golang-github-hexdigest-gowrap: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 golang-github-hexdigest-gowrap: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 golang-github-hexdigest-gowrap: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13
Bugzilla
CVE-2025-61723 gmailctl: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 gmailctl: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 gmailctl: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's polic
Bugzilla
CVE-2025-61723 golang-github-rakyll-statik: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 golang-github-rakyll-statik: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 golang-github-rakyll-statik: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
I
Bugzilla
CVE-2025-61723 golang-uber-mock: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 golang-uber-mock: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 golang-uber-mock: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora
Bugzilla
CVE-2025-61723 golang-github-opencontainers-runtime-tools: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 golang-github-opencontainers-runtime-tools: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 golang-github-opencontainers-runtime-tools: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 o
Bugzilla
CVE-2025-61723 tailscale: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-43]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 tailscale: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-43]
CVE-2025-61723 tailscale: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-43]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Bugzilla
CVE-2025-61723 golang-github-google-pprof: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 golang-github-google-pprof: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 golang-github-google-pprof: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It
Bugzilla
CVE-2025-61723 netdata: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 netdata: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 netdata: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy
Bugzilla
CVE-2025-61723 golang-github-edoardottt-lit-bb-hack-tools: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 golang-github-edoardottt-lit-bb-hack-tools: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 golang-github-edoardottt-lit-bb-hack-tools: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 o
Bugzilla
CVE-2025-61723 gron: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 gron: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 gron: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to
Bugzilla
CVE-2025-61723 cadvisor: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 cadvisor: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 cadvisor: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's polic
Bugzilla
CVE-2025-61723 ignition: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 ignition: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 ignition: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's polic
Bugzilla
CVE-2025-61723 caddy: Quadratic complexity when parsing some invalid inputs in encoding/pem [epel-9]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 caddy: Quadratic complexity when parsing some invalid inputs in encoding/pem [epel-9]
CVE-2025-61723 caddy: Quadratic complexity when parsing some invalid inputs in encoding/pem [epel-9]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Bugzilla
CVE-2025-61723 golang-github-git-5: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 golang-github-git-5: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 golang-github-git-5: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fed
Bugzilla
CVE-2025-61723 golang-github-spyzhov-ajson: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 golang-github-spyzhov-ajson: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 golang-github-spyzhov-ajson: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
I
Bugzilla
CVE-2025-61723 golang-github-aliyun-cli: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 golang-github-aliyun-cli: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 golang-github-aliyun-cli: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It i
Bugzilla
CVE-2025-61723 golang-x-exp: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-43]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 golang-x-exp: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-43]
CVE-2025-61723 golang-x-exp: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-43]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
Doesn't affect the package.
Bugzilla
CVE-2025-61723 golang-github-hashicorp-hc-install: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 golang-github-hashicorp-hc-install: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 golang-github-hashicorp-hc-install: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-0
Bugzilla
CVE-2025-61723 trivy: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-43]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 trivy: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-43]
CVE-2025-61723 trivy: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-43]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
FEDORA-2026-868e266938 (trivy-0.69.3-1.fc43) has been submitted as an update to Fedora 43.
https://bodhi.fedoraproject.org/updates/FEDORA-2026-868e266938
---
FEDORA-2026-868e266938
Bugzilla
CVE-2025-61723 golang-github-letsencrypt-pebble: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 golang-github-letsencrypt-pebble: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 golang-github-letsencrypt-pebble: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-
Bugzilla
CVE-2025-61723 kitty: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 kitty: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 kitty: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy t
Bugzilla
CVE-2025-61723 golang-github-google-martian: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 golang-github-google-martian: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 golang-github-google-martian: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
Bugzilla
CVE-2025-61723 tinygo: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 tinygo: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 tinygo: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy
Bugzilla
CVE-2025-61723 cri-o1.31: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 cri-o1.31: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 cri-o1.31: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's poli
Bugzilla
CVE-2025-61723 thrift: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 thrift: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 thrift: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy
Bugzilla
CVE-2025-61723 golang-github-facebook-time: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 golang-github-facebook-time: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 golang-github-facebook-time: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
I
Bugzilla
CVE-2025-61723 golang-github-grpc-ecosystem-gateway: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 golang-github-grpc-ecosystem-gateway: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 golang-github-grpc-ecosystem-gateway: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026
Bugzilla
CVE-2025-61723 image-builder: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 image-builder: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 image-builder: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's
Bugzilla
CVE-2025-61723 kata-containers: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 kata-containers: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 kata-containers: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora'
Bugzilla
CVE-2025-61723 cri-tools1.31: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 cri-tools1.31: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 cri-tools1.31: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's
Bugzilla
CVE-2025-61723 stargz-snapshotter: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 stargz-snapshotter: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 stargz-snapshotter: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedo
Bugzilla
CVE-2025-61723 golang-github-pgaskin-koboutils: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 golang-github-pgaskin-koboutils: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 golang-github-pgaskin-koboutils: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-1
Bugzilla
CVE-2025-61723 dnscrypt-proxy: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
bugzilla·2025-10-31·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 dnscrypt-proxy: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
CVE-2025-61723 dnscrypt-proxy: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's
Bugzilla
CVE-2025-61723 encoding/pem: Quadratic complexity when parsing some invalid inputs in encoding/pem
bugzilla·2025-10-29·CVSS 7.5
CVE-2025-61723 [HIGH] CVE-2025-61723 encoding/pem: Quadratic complexity when parsing some invalid inputs in encoding/pem
CVE-2025-61723 encoding/pem: Quadratic complexity when parsing some invalid inputs in encoding/pem
The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs.
Discussion:
Vagrant does not ship and Go bit => CLOSED NOTABUG
---
(In reply to Vít Ondruch from comment #1)
> Vagrant does not ship and Go bit => CLOSED NOTABUG
Wrong component. Sorry. Reopening.
But since I am already here, this would never happened if Golang bits were not reported against Vagrant. I wish this was fixed.
---
This is fixed in Go versions 1.25.2:
https://github.com/golang/go/commit/90f72bd5001d0278949fab0b7a40f7d8c712979b
... and 1.24.8:
https://github.com/golang/go/commit/74d4d836b91318a8764b94bc2b4b6
Wiz
CVE-2026-25793 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2026-25793 [HIGH] CVE-2026-25793 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-25793 :
Nebula vulnerability analysis and mitigation
Nebula is a scalable overlay networking tool. In versions from 1.7.0 to 1.10.2, when using P256 certificates (which is not the default configuration), it is possible to evade a blocklist entry created against the fingerprint of a certificate by using ECDSA Signature Malleability to use a copy of the certificate with a different fingerprint. This issue has been patched in version 1.10.3.
Source : NVD
## 7.6
Score
Published February 6, 2026
Severity HIGH
CNA Score 7.6
Affected Technologies
Nebula
Wolfi
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.5
Exploitation Probability (EPSS) N/A
Affected packages and libraries
Wiz
GHSA-4c5f-9mj4-m247 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.0
CVE-2025-47907 [HIGH] GHSA-4c5f-9mj4-m247 Impact, Exploitability, and Mitigation Steps | Wiz
## GHSA-4c5f-9mj4-m247 :
vulnerability analysis and mitigation
## Summary
In 2025, several vulnerabilities in the Go Standard Library were disclosed, impacting Go-based applications like flagd (the evaluation engine for OpenFeature). These CVEs primarily focus on Denial of Service (DoS) through resource exhaustion and Race Conditions in database handling.
CVE-2025-47907
database/sql
7.0 (High)
Race Condition: Canceling a query during a Scan call can return data from the wrong query. Critical if flagd uses SQL-based sync providers (e.g., Postgres), potentially leading to incorrect flag configurations.
CVE-2025-61725
net/mail
7.5 (High)
DoS: Inefficient complexity in ParseAddress. Attackers can provide crafted email strings with large domain literals to exhaust CPU if flagd parse
2025-10-29
Published