{"id":"GO-2025-4013","summary":"Panic when validating certificates with DSA public keys in crypto/x509","details":"Validating certificate chains which contain DSA public keys can cause programs to panic, due to a interface cast that assumes they implement the Equal method.\n\nThis affects programs which validate arbitrary certificate chains.","aliases":["BIT-golang-2025-58188","CVE-2025-58188"],"modified":"2026-05-15T10:59:23.121044977Z","published":"2025-10-29T21:50:08Z","related":["CGA-fmq2-42x2-hvhw","RHSA-2026:7291","RHSA-2026:7385"],"database_specific":{"review_status":"REVIEWED","url":"https://pkg.go.dev/vuln/GO-2025-4013"},"references":[{"type":"FIX","url":"https://go.dev/cl/709853"},{"type":"REPORT","url":"https://go.dev/issue/75675"},{"type":"WEB","url":"https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI"}],"affected":[{"package":{"name":"stdlib","ecosystem":"Go","purl":"pkg:golang/stdlib"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"1.24.8"},{"introduced":"1.25.0"},{"fixed":"1.25.2"}]}],"ecosystem_specific":{"imports":[{"symbols":["Certificate.Verify","alreadyInChain"],"path":"crypto/x509"}]},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2025-4013.json"}}],"schema_version":"1.7.3","credits":[{"name":"Jakub Ciolek"}]}