encoding/pem: quadratic complexity when parsing some invalid inputs (CVE-2025-61723)

[neild]

Due to the design of the PEM parsing function, the processing time for some
inputs scales non-linearly with respect to the size of the input.

This affects programs which parse untrusted PEM inputs.

Thanks to Jakub Ciolek for reporting this issue.

This is CVE-2025-61723 and Go issue https://go.dev/issue/75676.

---

This is a PRIVATE issue for CVE-2025-61723, tracked in http://b/442561478 and fixed by https://go-internal-review.git.corp.google.com/c/go/+/2921.

/cc @golang/security and @golang/release

[neild]

@gopherbot please open backport issues for this security fix

[gopherbot]

Backport issue(s) opened: #75708 (for 1.24), #75709 (for 1.25).

Remember to create the cherry-pick CL(s) as soon as the patch is submitted to master, according to https://go.dev/wiki/MinorReleases.

[gopherbot]

Change https://go.dev/cl/709842 mentions this issue: [release-branch.go1.24] encoding/pem: make Decode complexity linear

[gopherbot]

Change https://go.dev/cl/709851 mentions this issue: [release-branch.go1.25] encoding/pem: make Decode complexity linear

[gopherbot]

Change https://go.dev/cl/709858 mentions this issue: encoding/pem: make Decode complexity linear