GO-2024-3282

See a problem?
Please try reporting it to the source first.
Source
https://pkg.go.dev/vuln/GO-2024-3282
Import Source
https://vuln.go.dev/ID/GO-2024-3282.json
JSON Data
https://api.osv.dev/v1/vulns/GO-2024-3282
Aliases
Published
2024-11-21T19:52:52Z
Modified
2024-12-13T16:27:11.743144Z
Summary
Potential slowdown / DoS when parsing specially crafted PEM inputs in github.com/cert-manager/cert-manager
Details

Potential slowdown / DoS when parsing specially crafted PEM inputs in github.com/cert-manager/cert-manager

Database specific 
{
    "review_status": "REVIEWED",
    "url": "https://pkg.go.dev/vuln/GO-2024-3282"
}
References

Affected packages

Go / github.com/cert-manager/cert-manager

Package

Name
github.com/cert-manager/cert-manager
View open source insights on deps.dev
Purl
pkg:golang/github.com/cert-manager/cert-manager

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.12.14
Introduced
1.13.0-alpha.0
Fixed
1.15.4
Introduced
1.16.0-alpha.0
Fixed
1.16.2

Ecosystem specific 

{
    "imports": [
        {
            "path": "github.com/cert-manager/cert-manager/pkg/util/pki",
            "symbols": [
                "CertificateTemplateFromCSRPEM",
                "CertificateTemplateFromCertificateRequest",
                "CertificateTemplateFromCertificateSigningRequest",
                "DecodePrivateKeyBytes",
                "DecodeX509CertificateBytes",
                "DecodeX509CertificateChainBytes",
                "DecodeX509CertificateRequestBytes",
                "DecodeX509CertificateSetBytes",
                "GenerateLocallySignedTemporaryCertificate",
                "ParseSingleCertificateChainPEM",
                "RequestMatchesSpec"
            ]
        },
        {
            "path": "github.com/cert-manager/cert-manager/internal/controller/certificates",
            "symbols": [
                "OutputFormatDER"
            ]
        },
        {
            "path": "github.com/cert-manager/cert-manager/pkg/controller/acmeorders",
            "symbols": [
                "controller.ProcessItem",
                "controller.Sync",
                "controller.finalizeOrder"
            ]
        }
    ]
}