Due to the design of the name constraint checking algorithm, the processing time
of some inputs scales non-linearly with respect to the size of the certificate.

This affects programs which validate arbitrary certificate chains.

Thanks to Jakub Ciolek for reporting this issue.

This is CVE-2025-58187 and Go issue https://go.dev/issue/75681.

This is a PRIVATE issue for CVE-2025-58187, tracked in http://b/443719585 and fixed by https://go-internal-review.git.corp.google.com/c/go/+/2820.

/cc @golang/security and @golang/release