Launch Week Day 1: Announcing Security Design Review
Start for Free
UNKNOWN Go

Quadratic complexity when parsing some invalid inputs in encoding/pem

GO-2025-4009 · BIT-golang-2025-61723 · CVE-2025-61723

Published · Modified

Description

The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input.

This affects programs which parse untrusted PEM inputs.

References

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes