Primary

Context

Go Name Constraint Checking Algorithm Performance Vulnerability

Vulnerability

A vulnerability exists in the Go programming language's standard library, specifically in the 'crypto/x509' package, prior to version 1.24.9 and between versions 1.25.0 and 1.25.3. The issue arises from the name constraint checking algorithm, which can lead to quadratic complexity in processing times for certain inputs, scaling non-linearly with the size of the certificate. This vulnerability impacts programs that validate arbitrary certificate chains.

Impact

The vulnerability can cause excessive CPU consumption when validating certificates with complex name constraints, potentially leading to denial-of-service conditions.

Remediation

Users can upgrade to Go versions 1.24.9 or 1.25.3 and later to address this vulnerability.

Added: Oct 29, 2025, 11:25 PM

Updated: Oct 29, 2025, 11:25 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.1

remediation

0.0

relevance

0.8

threat

3.2

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.1

remediation

0.0

relevance

0.8

threat

3.2

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Go Name Constraint Checking Algorithm Performance Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating