The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs.
References
| Link | Resource |
|---|---|
| https://go.dev/cl/709858 | Patch |
| https://go.dev/issue/75676 | Issue Tracking |
| https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI | Mailing List Release Notes |
| https://pkg.go.dev/vuln/GO-2025-4009 | Vendor Advisory |
| http://www.openwall.com/lists/oss-security/2025/10/08/1 | Mailing List Third Party Advisory |
Configurations
History
29 Jan 2026, 15:49
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://go.dev/cl/709858 - Patch | |
| References | () https://go.dev/issue/75676 - Issue Tracking | |
| References | () https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI - Mailing List, Release Notes | |
| References | () https://pkg.go.dev/vuln/GO-2025-4009 - Vendor Advisory | |
| References | () http://www.openwall.com/lists/oss-security/2025/10/08/1 - Mailing List, Third Party Advisory | |
| First Time |
Golang go
Golang |
|
| CPE | cpe:2.3:a:golang:go:*:*:*:*:*:*:*:* | |
| CWE | CWE-770 |
04 Nov 2025, 22:16
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
03 Nov 2025, 15:15
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
30 Oct 2025, 21:15
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.5 |
29 Oct 2025, 23:16
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2025-10-29 23:16
Updated : 2026-01-29 15:49
NVD link : CVE-2025-61723
Mitre link : CVE-2025-61723
CVE.ORG link : CVE-2025-61723
JSON object : View
Products Affected
golang
- go
CWE
CWE-770
Allocation of Resources Without Limits or Throttling