7.5

CVE-2025-22868

Medienbericht

Unexpected memory consumption during token parsing in golang.org/x/oauth2

An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GoJws SwPlatformgo Version < 0.27.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.8% 0.519
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-1286 Improper Validation of Syntactic Correctness of Input

The product receives input that is expected to be well-formed - i.e., to comply with a certain syntax - but it does not validate or incorrectly validates that the input complies with the syntax.

Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
VulnDex Intel
Media Report
09.08.2025 11:36
https://go.dev/cl/652155
Patch
https://go.dev/issue/71490
Patch
Issue Tracking
https://pkg.go.dev/vuln/GO-2025-3488
Third Party Advisory