ThreatCluster

Memory Exhaustion Vulnerabilities in Net/HTTP and ASN.1 Encoding

First seen 18 Feb 2026, 12:23 UTC Api.Msrc.Microsoft 71% similarity 39

Article Content

Browse articles
ThreatCluster

Two vulnerabilities, CVE-2025-58185 and CVE-2025-58186, were published on October 29, 2025. CVE-2025-58185 affects the parsing of DER payloads in encoding/asn1, while CVE-2025-58186 involves a lack of limit when parsing cookies in net/http, both leading to potential memory exhaustion. Affected systems may experience performance issues due to these vulnerabilities.

ThreatCluster AI

Timeline

2025-10-29
CVE-2025-58185 and CVE-2025-58186 published
2026-02-18
Articles published detailing the vulnerabilities

Community

Browse all →