Cypherpunks repositories - gostls13.git/commit

author	Neal Patel <nealpatel@google.com>
	Thu, 11 Sep 2025 20:27:04 +0000 (16:27 -0400)
committer	Gopher Robot <gobot@golang.org>
	Tue, 7 Oct 2025 18:00:35 +0000 (11:00 -0700)
commit	f9f198ab05e3282cbf6b13251d47d9141981e401
tree	440bdb76665061c65d661a435723e18ec3118d29	tree
parent	bc6981fd74024098185a23ba3a83a81ed68a06c9	commit \| diff

[release-branch.go1.24] crypto/x509: mitigate DoS vector when intermediate certificate contains DSA public key

An attacker could craft an intermediate X.509 certificate
containing a DSA public key and can crash a remote host
with an unauthenticated call to any endpoint that
verifies the certificate chain.

Thank you to Jakub Ciolek for reporting this issue.

Fixes CVE-2025-58188
For #75675
Fixes #75702

Change-Id: I2ecbb87b9b8268dbc55c8795891e596ab60f0088
Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/2780
Reviewed-by: Damien Neil <dneil@google.com>
Reviewed-by: Roland Shoemaker <bracewell@google.com>
Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/2964
Reviewed-on: https://go-review.googlesource.com/c/go/+/709836
TryBot-Bypass: Michael Pratt <mpratt@google.com>
Reviewed-by: Carlos Amedee <carlos@golang.org>
Auto-Submit: Michael Pratt <mpratt@google.com>

src/crypto/x509/verify.go		diff \| blob \| history
src/crypto/x509/verify_test.go		diff \| blob \| history