CVE-2025-58181

Опубликовано: 19 нояб. 2025

Источник: debian

Описание

SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
golang-go.crypto	fixed	1:0.45.0-1		package
golang-go.crypto	no-dsa		trixie	package
golang-go.crypto	no-dsa		bookworm	package
golang-go.crypto	postponed		bullseye	package

Примечания

https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA?pli=1
https://github.com/golang/go/issues/76363
Fixed by: https://github.com/golang/crypto/commit/e79546e28b85ea53dd37afe1c4102746ef553b9c (v0.45.0)

Связанные уязвимости

CVE-2025-58181

CVSS3: 5.3

ubuntu

4 месяца назад

SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption.

CVE-2025-58181

CVSS3: 5.3

redhat

4 месяца назад

SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption.

CVE-2025-58181

CVSS3: 5.3

nvd

4 месяца назад

SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption.

openSUSE-SU-2026:20249-1

suse-cvrf

около 1 месяца назад

Security update for docker

SUSE-SU-2026:0772-1

suse-cvrf

24 дня назад

Security update for docker