VDB
GO-2024-3282
GO-2024-3282
PUBLISHED
CVSS 8.699999809265137 HIGH
Potential slowdown / DoS when parsing specially crafted PEM inputs in github.com/cert-manager/cert-manager
Risk Scores
CVSS v4.0
8.699999809265137
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| github.com | cert-manager/cert-manager | 1.16.0-alpha.0, 1.13.0-alpha.0, 0 |
Timeline
- Nov 21, 2024 CVE Published
- Feb 4, 2026 CVE Updated
References
- https://github.com/cert-manager/cert-manager/security/advisories/GHSA-r4pg-vg54-wxx4 advisory
- https://github.com/cert-manager/cert-manager/commit/3a4c9eb55e2e43570679840bbe3217869fbc8efc patch
- https://github.com/cert-manager/cert-manager/commit/f22f78c8c0a64d718e203b326bc844c488ad7850 patch
- https://github.com/cert-manager/cert-manager/pull/7400 patch
- https://github.com/cert-manager/cert-manager/pull/7401 patch
- https://github.com/cert-manager/cert-manager/pull/7402 patch
- https://github.com/cert-manager/cert-manager/pull/7403 patch
- https://go.dev/issue/50116 report