CVE-2025-58188
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-10-29
Last updated on: 2025-11-04
Assigner: Go Project
Description
Description
Validating certificate chains which contain DSA public keys can cause programs to panic, due to a interface cast that assumes they implement the Equal method. This affects programs which validate arbitrary certificate chains.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| golang | go | From 1.25.0 (inc) to 1.25.2 (inc) |
| golang | go | 1.25.2 |
| golang | go | 1.24.8 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability occurs when programs validate certificate chains that contain DSA public keys. The issue arises because the code assumes these keys implement an Equal method, and when they do not, it causes the program to panic (crash).
How can this vulnerability impact me? :
If your software validates arbitrary certificate chains containing DSA public keys, this vulnerability can cause the software to unexpectedly crash or panic, potentially leading to denial of service or disruption of normal operations.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70