{"id":"GO-2025-3485","summary":"DoS in go-jose Parsing in github.com/go-jose/go-jose","details":"DoS in go-jose Parsing in github.com/go-jose/go-jose","aliases":["CVE-2025-27144","GHSA-c6gw-w398-hv78"],"modified":"2026-03-17T04:49:31.964180Z","published":"2025-03-03T16:11:01Z","related":["CGA-p64v-w3j6-xg5w"],"database_specific":{"url":"https://pkg.go.dev/vuln/GO-2025-3485","review_status":"REVIEWED"},"references":[{"type":"ADVISORY","url":"https://github.com/go-jose/go-jose/security/advisories/GHSA-c6gw-w398-hv78"},{"type":"FIX","url":"https://github.com/go-jose/go-jose/commit/99b346cec4e86d102284642c5dcbe9bb0cacfc22"},{"type":"WEB","url":"https://github.com/go-jose/go-jose/releases/tag/v4.0.5"},{"type":"WEB","url":"https://go.dev/issue/71490"},{"type":"WEB","url":"https://go.dev/issue/71490"}],"affected":[{"package":{"name":"github.com/go-jose/go-jose","ecosystem":"Go","purl":"pkg:golang/github.com/go-jose/go-jose"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"}]}],"ecosystem_specific":{},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2025-3485.json"}},{"package":{"name":"github.com/go-jose/go-jose/v3","ecosystem":"Go","purl":"pkg:golang/github.com/go-jose/go-jose/v3"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"3.0.4"}]}],"ecosystem_specific":{"imports":[{"symbols":["ParseDetached","ParseEncrypted","ParseSigned","rawJSONWebEncryption.sanitized","rawJSONWebSignature.sanitized"],"path":"github.com/go-jose/go-jose/v3"}]},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2025-3485.json"}},{"package":{"name":"github.com/go-jose/go-jose/v4","ecosystem":"Go","purl":"pkg:golang/github.com/go-jose/go-jose/v4"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"4.0.5"}]}],"ecosystem_specific":{"imports":[{"symbols":["ParseEncrypted","ParseEncryptedCompact","ParseSignedCompact"],"path":"github.com/go-jose/go-jose/v4"}]},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2025-3485.json"}},{"package":{"name":"github.com/square/go-jose","ecosystem":"Go","purl":"pkg:golang/github.com/square/go-jose"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"}]}],"ecosystem_specific":{},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2025-3485.json"}}],"schema_version":"1.7.5"}