{"id":"CVE-2025-22868","details":"An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing.","aliases":["GHSA-6v2p-p543-phr9","GO-2025-3488"],"modified":"2026-03-29T10:59:15.399119Z","published":"2025-02-26T08:14:24.897Z","related":["CGA-9qp8-wmc2-2x5f","SUSE-SU-2025:02014-1","SUSE-SU-2025:02035-1","SUSE-SU-2025:02040-1","SUSE-SU-2025:02041-1","SUSE-SU-2025:02046-1","SUSE-SU-2025:02097-1","SUSE-SU-2025:03540-1","SUSE-SU-2025:03545-1","SUSE-SU-2025:0770-1","SUSE-SU-2025:0852-1","SUSE-SU-2025:0872-1","SUSE-SU-2025:0881-1","SUSE-SU-2025:0882-1","SUSE-SU-2025:1005-1","SUSE-SU-2025:1006-1","SUSE-SU-2025:1062-1","SUSE-SU-2025:1102-1","SUSE-SU-2025:1332-1","SUSE-SU-2025:1333-1","SUSE-SU-2025:20205-1","SUSE-SU-2025:20360-1","SUSE-SU-2025:20377-1","SUSE-SU-2025:20393-1","SUSE-SU-2025:20515-1","SUSE-SU-2026:0592-1","SUSE-SU-2026:0972-1","SUSE-SU-2026:1118-1","SUSE-SU-2026:20550-1","openSUSE-SU-2025:0091-1","openSUSE-SU-2025:0103-1","openSUSE-SU-2025:14839-1","openSUSE-SU-2025:14843-1","openSUSE-SU-2025:14868-1","openSUSE-SU-2025:14869-1","openSUSE-SU-2025:14870-1","openSUSE-SU-2025:14874-1","openSUSE-SU-2025:14904-1","openSUSE-SU-2025:14905-1","openSUSE-SU-2025:14923-1","openSUSE-SU-2025:14985-1","openSUSE-SU-2025:14988-1","openSUSE-SU-2025:14990-1","openSUSE-SU-2025:15184-1","openSUSE-SU-2025:15304-1","openSUSE-SU-2025:15305-1","openSUSE-SU-2025:15454-1","openSUSE-SU-2025:20117-1","openSUSE-SU-2026:10230-1","openSUSE-SU-2026:20279-1"],"references":[{"type":"ADVISORY","url":"https://pkg.go.dev/vuln/GO-2025-3488"},{"type":"FIX","url":"https://go.dev/cl/652155"},{"type":"FIX","url":"https://go.dev/issue/71490"}],"affected":[{"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-22868.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"0.27.0"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}