GitHub

encoding/asn1: pre-allocating memory when parsing DER payload can cause memory exhaustion (CVE-2025-58185)

When parsing DER payloads, memories were being allocated prior to fully validating the payloads. This permits an attacker to craft a big empty DER payload to cause memory exhaustion in functions such ...
GitHub

Update the XML security documentation

An attacker can abuse XML features to carry out denial of service attacks, access local files, generate network connections to other machines, or circumvent firewalls. It then goes on to list the ...