CVE Vulnerabilities

CVE-2025-22865

Published: Jan 28, 2025 | Modified: Jan 28, 2025
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
7.5 IMPORTANT
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Ubuntu
MEDIUM

Using ParsePKCS1PrivateKey to parse a RSA key that is missing the CRT values would panic when verifying that the key is well formed.

Affected Software

Name Vendor Start Version End Version
Red Hat Ceph Storage 7.1 RedHat rhceph/grafana-rhel9:11.6.2-7 *
Red Hat Ceph Storage 7.1 RedHat rhceph/keepalived-rhel9:2.2.8-74 *
Red Hat Ceph Storage 7.1 RedHat rhceph/rhceph-7-rhel9:7-532 *
Red Hat Ceph Storage 7.1 RedHat rhceph/rhceph-haproxy-rhel9:2.4.22-76 *
Red Hat Ceph Storage 7.1 RedHat rhceph/rhceph-promtail-rhel9:v3.0.0-41 *
Red Hat Ceph Storage 7.1 RedHat rhceph/snmp-notifier-rhel9:1.2.1-124 *
Red Hat Ceph Storage 8.1 RedHat rhceph/grafana-rhel9:11.6.2-4 *
Golang-1.13 Ubuntu focal *
Golang-1.14 Ubuntu focal *
Golang-1.16 Ubuntu focal *
Golang-1.18 Ubuntu focal *
Golang-1.20 Ubuntu focal *
Golang-1.21 Ubuntu focal *
Golang-1.22 Ubuntu focal *
Golang-1.23 Ubuntu oracular *

References