CVE-2025-58185 (HIGH): detected in Lambda Docker Images.

[the-lambda-watchdog]

CVE Details

CVE ID	Severity	Affected Package	Installed Version	Fixed Version	Date Published	Date of Scan
CVE-2025-58185	HIGH	stdlib	v1.24.6	1.24.8, 1.25.2	2025-10-29T23:16:19.45Z	2025-10-30T10:18:18.11308275Z

---

Affected Docker Images

Image Name	SHA
public.ecr.aws/lambda/provided:latest	public.ecr.aws/lambda/provided@sha256:838693f555a26743ece11c97cef4d1bb6f90b37766c9844288881da7ef14fa02
public.ecr.aws/lambda/provided:al2023	public.ecr.aws/lambda/provided@sha256:838693f555a26743ece11c97cef4d1bb6f90b37766c9844288881da7ef14fa02
public.ecr.aws/lambda/provided:al2	public.ecr.aws/lambda/provided@sha256:5237e09330b1b06b9f5f7eb2cbd8bd8b091ac4a7e3a9f82d679bd2423e063b35
public.ecr.aws/lambda/python:latest	public.ecr.aws/lambda/python@sha256:289bf644a66a9ddd12de0b5f8b690ed82d125384653e0f1857f9de4c74f7a0f1
public.ecr.aws/lambda/python:3.14-preview	public.ecr.aws/lambda/python@sha256:75413a55af1b3213170328c01d102f81ddbb9d8d1308132656b15a61c12925c4
public.ecr.aws/lambda/python:3.13	public.ecr.aws/lambda/python@sha256:289bf644a66a9ddd12de0b5f8b690ed82d125384653e0f1857f9de4c74f7a0f1
public.ecr.aws/lambda/python:3.12	public.ecr.aws/lambda/python@sha256:029b39e9e42a3859a33f83bb246c7b1a96d3e9b80b929f1cdab66ff594a73cd8
public.ecr.aws/lambda/python:3.11	public.ecr.aws/lambda/python@sha256:660e15adffd02bf04869c93f50133ee304dcdf0a798d6da33807eb47deba17df
public.ecr.aws/lambda/python:3.10	public.ecr.aws/lambda/python@sha256:b161d43bb50c8c2f89699c19eaf537958440ddda7188816dce178cf80fa7bd6d
public.ecr.aws/lambda/python:3.9	public.ecr.aws/lambda/python@sha256:1c76b5301c1f0f6f763c9fa6f72f1df2c8ca2d1de0ef0548327caa84c983fb60
public.ecr.aws/lambda/nodejs:latest	public.ecr.aws/lambda/nodejs@sha256:3289a8e9f108906b9267cc91e79c4c6f1533428d2776c8eb30b7a6cd88a180cc
public.ecr.aws/lambda/nodejs:24-preview	public.ecr.aws/lambda/nodejs@sha256:34d6232bd56a0d825270a15ff047b19d7348c12deaaf7feae18fabda1ba4760e
public.ecr.aws/lambda/nodejs:22	public.ecr.aws/lambda/nodejs@sha256:3289a8e9f108906b9267cc91e79c4c6f1533428d2776c8eb30b7a6cd88a180cc
public.ecr.aws/lambda/nodejs:20	public.ecr.aws/lambda/nodejs@sha256:4a0564393dd4b27ea2a1eee7cf68908032a9d26c555011f1480066575e1fede6
public.ecr.aws/lambda/java:latest	public.ecr.aws/lambda/java@sha256:82e431a1fbde3f4780fbf8a645c61fcce0c2e4dc1a111e1a65de00435131c600
public.ecr.aws/lambda/java:21	public.ecr.aws/lambda/java@sha256:82e431a1fbde3f4780fbf8a645c61fcce0c2e4dc1a111e1a65de00435131c600
public.ecr.aws/lambda/java:17	public.ecr.aws/lambda/java@sha256:c8998493b79255825228ef5cbc2938e89a57776252e8483a1018d1a0ab99aa1d
public.ecr.aws/lambda/java:11	public.ecr.aws/lambda/java@sha256:1ec01e5a90fe75d8240d87a6241a97dc7221971251c7622338d24b275be8f354
public.ecr.aws/lambda/java:8.al2	public.ecr.aws/lambda/java@sha256:cf3461a5267173c946e586c9a35803350a8ca79339aa42748ba9ea98b9994837
public.ecr.aws/lambda/dotnet:latest	public.ecr.aws/lambda/dotnet@sha256:bd29f972eedf0eb29519be8498e8b65148b0b2571a1a5df4c1ee5c8ff0f58071
public.ecr.aws/lambda/dotnet:10-preview	public.ecr.aws/lambda/dotnet@sha256:2042c2b06b438f074b3a9568a9bdff5da41d6276053328facfe3a0608948f4ec
public.ecr.aws/lambda/dotnet:9	public.ecr.aws/lambda/dotnet@sha256:bd29f972eedf0eb29519be8498e8b65148b0b2571a1a5df4c1ee5c8ff0f58071
public.ecr.aws/lambda/dotnet:8	public.ecr.aws/lambda/dotnet@sha256:aadff4d102cc300fa523f95834e96d5cd36b43208bc88737cd1c2f06331e65bc
public.ecr.aws/lambda/ruby:latest	public.ecr.aws/lambda/ruby@sha256:5073e5429f39b962cc128e4c8751b4edf8bd20c48e1a9a27874d2972cc92590b
public.ecr.aws/lambda/ruby:3.4	public.ecr.aws/lambda/ruby@sha256:5073e5429f39b962cc128e4c8751b4edf8bd20c48e1a9a27874d2972cc92590b
public.ecr.aws/lambda/ruby:3.3	public.ecr.aws/lambda/ruby@sha256:e25097da1c4684057d0707b1ba78257fc0bb3f7023b5f8b28d7ba0cdeaaeefe5
public.ecr.aws/lambda/ruby:3.2	public.ecr.aws/lambda/ruby@sha256:d104d2ae7e1290e618324120c885b43941a9704187e6cf2155e583ecf13b429c

---

Description

Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion.

---

Remediation Steps

• Update the affected package stdlib from version v1.24.6 to 1.24.8, 1.25.2.

About this issue

• This issue may not contain all the information about the CVE nor the images it affects.
• This issue will not be updated with new information and the list of affected images may have changed since the creation of this issue.
• For more, visit Lambda Watchdog.
• This issue was created automatically by Lambda Watchdog.