Vulnerability CVE-2025-22868: Information

Description

An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing.

Severity: HIGH (7.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
URL: https://nvd.nist.gov/vuln/detail/CVE-2025-22868
Published: Feb. 26, 2025
Modified: May 1, 2025
Error type identifier: CWE-1286

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
cert-managersisyphus1.19.1-alt11.19.4-alt1ALT-PU-2025-15509-3402277Fixed
cert-managersisyphus_riscv641.19.1-alt11.19.4-alt1ALT-PU-2025-15584-1-Fixed
cert-managersisyphus_loongarch641.19.1-alt11.19.4-alt1ALT-PU-2025-15592-1-Fixed
cert-managerp111.19.3-alt11.19.4-alt1ALT-PU-2026-3297-3405902Fixed
cert-managerc10f21.19.3-alt11.19.4-alt1ALT-PU-2026-3315-3407771Fixed
flannelsisyphus0.27.3-alt10.28.2-alt1ALT-PU-2025-11487-3394438Fixed
flannelsisyphus_riscv640.27.3-alt10.28.2-alt1ALT-PU-2025-11837-1-Fixed
flannelsisyphus_loongarch640.27.3-alt10.28.2-alt1ALT-PU-2025-11847-1-Fixed
flannelp110.27.3-alt10.28.2-alt1ALT-PU-2025-12493-4396111Fixed
flannelp100.27.3-alt10.27.3-alt1ALT-PU-2025-13603-4398481Fixed
flannelc10f20.27.3-alt10.28.2-alt1ALT-PU-2025-12279-4395773Fixed
gitlab-runnersisyphus18.10.1-alt118.11.3-alt1ALT-PU-2026-5804-1414439Fixed
gitlab-runnersisyphus_riscv6418.10.1-alt118.11.2-alt1ALT-PU-2026-5845-1-Fixed
gitlab-runnersisyphus_loongarch6418.10.1-alt118.11.3-alt1ALT-PU-2026-5913-1-Fixed
gitlab-runnerc10f218.10.1-alt118.10.1-alt1ALT-PU-2026-5808-2414452Fixed
kubernetes1.32sisyphus1.32.7-alt11.32.13-alt1ALT-PU-2025-9609-3390645Fixed
kubernetes1.32sisyphus_loongarch641.32.7-alt11.32.13-alt1ALT-PU-2025-9786-1-Fixed
kubernetes1.32p111.32.7-alt11.32.11-alt1ALT-PU-2025-9744-4391028Fixed
kubernetes1.32c10f21.32.8-alt11.32.10-alt1ALT-PU-2025-11178-4393859Fixed
portainersisyphus2.29.0-alt12.39.2-alt1ALT-PU-2025-5631-3381027Fixed
portainerc10f22.29.0-alt12.39.1-alt1ALT-PU-2025-5981-4382619Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://go.dev/cl/652155
  • Patch
https://go.dev/issue/71490
  • Issue Tracking
  • Patch
https://pkg.go.dev/vuln/GO-2025-3488
  • Third Party Advisory
BDU:2025-03638
    GHSA-6v2p-p543-phr9
        1. cpe:2.3:a:go:jws:*:*:*:*:*:go:*:*
          End excluding
          0.27.0
      VKontakte|Telegram|YouTube|Forum|ALT Linux Space|Bugzilla
      Version: v26.2.2
      Back to top