CVE-2025-58187

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-58187
Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate. This affects programs which validate arbitrary certificate chains.

7.5 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://go.dev/cl/709854 Patch
https://go.dev/issue/75681 Issue Tracking
https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI Mailing List Release Notes
https://pkg.go.dev/vuln/GO-2025-4007 Vendor Advisory
http://www.openwall.com/lists/oss-security/2025/10/08/1 Mailing List Release Notes
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*
cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*
History

29 Jan 2026, 16:02

Type Values Removed Values Added
CWE CWE-407
References () https://go.dev/cl/709854 - () https://go.dev/cl/709854 - Patch
References () https://go.dev/issue/75681 - () https://go.dev/issue/75681 - Issue Tracking
References () https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI - () https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI - Mailing List, Release Notes
References () https://pkg.go.dev/vuln/GO-2025-4007 - () https://pkg.go.dev/vuln/GO-2025-4007 - Vendor Advisory
References () http://www.openwall.com/lists/oss-security/2025/10/08/1 - () http://www.openwall.com/lists/oss-security/2025/10/08/1 - Mailing List, Release Notes
First Time Golang go
Golang
CPE cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*

20 Nov 2025, 23:15

Type Values Removed Values Added
Summary (en) Due to the design of the name constraint checking algorithm, the processing time of some inputs scals non-linearly with respect to the size of the certificate. This affects programs which validate arbitrary certificate chains. (en) Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate. This affects programs which validate arbitrary certificate chains.

04 Nov 2025, 22:16

Type Values Removed Values Added
References
  • () http://www.openwall.com/lists/oss-security/2025/10/08/1 -

03 Nov 2025, 20:19

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 6.5 		v2 : unknown
v3 : 7.5

30 Oct 2025, 21:15

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 6.5

29 Oct 2025, 23:16

Type Values Removed Values Added
New CVE
Information

Published : 2025-10-29 23:16

Updated : 2026-01-29 16:02

NVD link : CVE-2025-58187

Mitre link : CVE-2025-58187

CVE.ORG link : CVE-2025-58187

JSON object : View

Products Affected

golang

  • go
CWE
CWE-407

Inefficient Algorithmic Complexity