CVE-2025-22874 - log back

CVE-2025-22874 edited at 07 Jun 2025 03:28:54
Description
+ crypto/x509: When VerifyOptions.KeyUsages includes ExtKeyUsageAny, certificate policy validation is unintentionally disabled. This affects certificate chains with policy constraints, which are uncommon but security-relevant when used.
- crypto/x509: usage of ExtKeyUsageAny disables policy validation
-
- Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affects certificate chains that include policy constraints, which are rarely used in practice.
CVE-2025-22874 edited at 07 Jun 2025 03:26:02
Description
crypto/x509: usage of ExtKeyUsageAny disables policy validation
- Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which are rather uncommon.
+ Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affects certificate chains that include policy constraints, which are rarely used in practice.
CVE-2025-22874 edited at 07 Jun 2025 03:24:15
Description
crypto/x509: usage of ExtKeyUsageAny disables policy validation
- Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, This only affects certificate chains that include policy constraints, which are rarely used in practice.
+ Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which are rather uncommon.
CVE-2025-22874 edited at 07 Jun 2025 03:15:47
Description
crypto/x509: usage of ExtKeyUsageAny disables policy validation
- Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which are rather uncommon.
+ Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, This only affects certificate chains that include policy constraints, which are rarely used in practice.
CVE-2025-22874 edited at 05 Jun 2025 19:52:59
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Remote
Type
- Unknown
+ Certificate verification bypass
CVE-2025-22874 created at 05 Jun 2025 19:47:26
Severity
+ Unknown
Remote
+ Unknown
Type
+ Unknown
Description
+ crypto/x509: usage of ExtKeyUsageAny disables policy validation
+
+ Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which are rather uncommon.
References
+ https://github.com/golang/go/issues/73612
+ https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A/m/XDxq7uidAgAJ
+ https://go.dev/doc/devel/release#go1.24.4
Notes