Ignore GO-2025-4013

author: Markus Pettersson <markus.pettersson@mullvad.net> 2025-10-30 09:59:33 +0100
committer: Markus Pettersson <markus.pettersson@mullvad.net> 2025-10-30 15:07:31 +0100
commit: 0cb9e6f90867f15a2e628fc3737849efe7bf6ed2 (patch)
tree: e2fb6b27ce0b736a877d6f95b6cf0bb55dd7370c
parent: 43103684b3f58a8dd1962d84d900c271130419f8 (diff)
download: mullvadvpn-0cb9e6f90867f15a2e628fc3737849efe7bf6ed2.tar.xz
mullvadvpn-0cb9e6f90867f15a2e628fc3737849efe7bf6ed2.zip
1 files changed, 7 insertions, 0 deletions
diff --git a/wireguard-go-rs/libwg/osv-scanner.toml b/wireguard-go-rs/libwg/osv-scanner.toml
index b91ed33854..dfc9ede9bc 100644
--- a/wireguard-go-rs/libwg/osv-scanner.toml
+++ b/wireguard-go-rs/libwg/osv-scanner.toml
@@ -143,3 +143,10 @@ reason = "wireguard-go does not use encoding/asn1"
 id = "CVE-2025-58186" # GO-2025-4012
 ignoreUntil = 2026-10-30
 reason = "wireguard-go does not use net/http"
+
+# Panic when validating certificates with DSA public keys (crypto/x509)
+# This affects programs which validate arbitrary certificate chains
+[[IgnoredVulns]]
+id = "CVE-2025-58188" # GO-2025-4013
+ignoreUntil = 2026-10-30
+reason = "'This affects programs which validate arbitrary certificate chains.' wireguard-go does not do that"
author	Markus Pettersson <markus.pettersson@mullvad.net>	2025-10-30 09:59:33 +0100
committer	Markus Pettersson <markus.pettersson@mullvad.net>	2025-10-30 15:07:31 +0100
commit	0cb9e6f90867f15a2e628fc3737849efe7bf6ed2 (patch)
tree	e2fb6b27ce0b736a877d6f95b6cf0bb55dd7370c
parent	43103684b3f58a8dd1962d84d900c271130419f8 (diff)
download	mullvadvpn-0cb9e6f90867f15a2e628fc3737849efe7bf6ed2.tar.xz mullvadvpn-0cb9e6f90867f15a2e628fc3737849efe7bf6ed2.zip