CVE-2025-22868

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-22868

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-22868.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2025-22868

Aliases

Downstream

MINI-22w5-vf5x-2274

MINI-34gx-9hvw-4vc5

MINI-36hv-qr47-j9q3

MINI-3c2f-25v7-jpph

MINI-3mm8-9qj4-mpr6

MINI-3r59-mfg2-rjrr

MINI-3xq4-fpcc-96r5

MINI-46xq-q96x-vq8f

MINI-4c6j-vmq5-99c2

MINI-4hxv-pjpr-g7c7

MINI-59m4-6g23-33hc

MINI-5v44-776v-9qvv

MINI-647p-cpmr-gc66

MINI-6rq2-9588-g8gv

MINI-7c46-g2f6-23wj

MINI-7f8p-48j8-c595

MINI-7pww-qq5p-9vcv

MINI-7q4g-j4wg-wrg6

MINI-8xww-9fq6-ffp6

MINI-9h7j-mxxh-8q3q

MINI-c848-cg3m-gx64

MINI-cgh9-vp55-j4gq

MINI-cwqx-p856-rf3h

MINI-fcpf-847f-c9pm

MINI-fj64-g64v-fxh8

MINI-gpr2-x5g8-mj82

MINI-gxhw-jqrm-x6h5

MINI-mqq4-7cm9-83g5

MINI-q2j6-q4x9-xwc5

MINI-q789-4cfg-mjc4

MINI-q9jw-8496-4hff

MINI-rf84-7r82-8m64

MINI-w59v-3wqm-hwph

MINI-w9mj-646w-m3fq

MINI-x258-f483-h9m6

MINI-xvwx-97xw-w5xm

MINI-xw3w-ccqq-328r

RHSA-2025:3335

RHSA-2025:3593

RHSA-2025:7407

RHSA-2025:7479

SUSE-SU-2025:02014-1

SUSE-SU-2025:02046-1

SUSE-SU-2025:02097-1

SUSE-SU-2025:0770-1

SUSE-SU-2025:0852-1

SUSE-SU-2025:0872-1

SUSE-SU-2025:0881-1

SUSE-SU-2025:0882-1

SUSE-SU-2025:1005-1

SUSE-SU-2025:1006-1

SUSE-SU-2025:1062-1

SUSE-SU-2025:1102-1

SUSE-SU-2025:1332-1

SUSE-SU-2025:1333-1

UBUNTU-CVE-2025-22868

openSUSE-SU-2025:0091-1

openSUSE-SU-2025:0103-1

openSUSE-SU-2025:14839-1

openSUSE-SU-2025:14843-1

openSUSE-SU-2025:14868-1

openSUSE-SU-2025:14869-1

openSUSE-SU-2025:14870-1

openSUSE-SU-2025:14874-1

openSUSE-SU-2025:14904-1

openSUSE-SU-2025:14905-1

openSUSE-SU-2025:14923-1

openSUSE-SU-2025:14985-1

openSUSE-SU-2025:14988-1

openSUSE-SU-2025:14990-1

Related

Published

2025-02-26T08:14:24Z

Modified

2025-07-18T17:44:16.560364Z

Summary

[none]

Details

An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing.

References

Affected packages

Debian:11 / golang-golang-x-oauth2

Package

Name: golang-golang-x-oauth2
Purl: pkg:deb/debian/golang-golang-x-oauth2?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.0~git20190604.0f29369-2

0.0~git20210819.2bc19b1-1

0.0~git20211104.d3ed0bb-1~bpo11+1

0.0~git20211104.d3ed0bb-1

0.0~git20221006.b44042a-1

0.1.0-1

0.3.0-1~bpo11+1

0.3.0-1

0.4.0-1

0.13.0-1

0.15.0-1~bpo12+1

0.15.0-1

0.26.0-1

0.27.0-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / golang-golang-x-oauth2

Package

Name: golang-golang-x-oauth2
Purl: pkg:deb/debian/golang-golang-x-oauth2?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.3.0-1

0.4.0-1

0.13.0-1

0.15.0-1~bpo12+1

0.15.0-1

0.26.0-1

0.27.0-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / golang-golang-x-oauth2

Package

Name: golang-golang-x-oauth2
Purl: pkg:deb/debian/golang-golang-x-oauth2?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.27.0-1

Affected versions

0.*

0.3.0-1

0.4.0-1

0.13.0-1

0.15.0-1~bpo12+1

0.15.0-1

0.26.0-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}