Thanks to visit codestin.com
Credit goes to github.com

Skip to content

crypto/x509: quadratic complexity when checking name constraints (CVE-2025-58187) #75681

New issue
New issue
Closed
Closed
crypto/x509: quadratic complexity when checking name constraints (CVE-2025-58187)#75681
Labels
NeedsFixThe path to resolution is known, but the work has not been done.Securityrelease-blocker
Milestone
Go1.26
@neild

Description

@neild
neild
opened on Sep 30, 2025

Due to the design of the name constraint checking algorithm, the processing time
of some inputs scales non-linearly with respect to the size of the certificate.

This affects programs which validate arbitrary certificate chains.

Thanks to Jakub Ciolek for reporting this issue.

This is CVE-2025-58187 and Go issue https://go.dev/issue/75681.

This is a PRIVATE issue for CVE-2025-58187, tracked in http://b/443719585 and fixed by https://go-internal-review.git.corp.google.com/c/go/+/2820.

/cc @golang/security and @golang/release

Metadata

Metadata

Assignees

No one assigned

    Labels

    NeedsFixThe path to resolution is known, but the work has not been done.Securityrelease-blocker

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions