Primary

Context

Go DSA Public Key Handling Panic Vulnerability

Vulnerability

A panic vulnerability has been identified in the Go programming language's standard library, specifically in the 'crypto/x509' package. This issue arises when validating certificate chains that include DSA public keys. The vulnerability is caused by an interface cast that incorrectly assumes DSA keys implement the 'Equal' method. As a result, programs that validate arbitrary certificate chains can experience a panic, disrupting normal execution.

Impact

Exploitation of this vulnerability leads to a panic, causing the program to crash and interrupt its normal operation.

Remediation

This vulnerability has been addressed in Go versions 1.25.2 and 1.24.8. Users can download these updated versions from the Go website or compile from source using the GitHub release.

Added: Oct 29, 2025, 11:23 PM

Updated: Oct 29, 2025, 11:23 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.1

remediation

0.0

relevance

0.9

threat

3.2

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.1

remediation

0.0

relevance

0.9

threat

3.2

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Go DSA Public Key Handling Panic Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating