1 results (0.003 seconds)
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-22868 – Unexpected memory consumption during token parsing in golang.org/x/oauth2
https://notcve.org/view.php?id=CVE-2025-22868
26 Feb 2025 — An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing. A flaw was found in the `golang.org/x/oauth2/jws` package in the token parsing component. This vulnerability is made possible because of the use of `strings.Split(token, ".")` to split JWT tokens, which can lead to excessive memory consumption when processing maliciously crafted tokens with a large number of `.` characters. An attacker could exploit this functionality by sending numerous malformed ... • https://go.dev/cl/652155 • CWE-1286: Improper Validation of Syntactic Correctness of Input •