Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2025-61730

Опубликовано: 28 янв. 2026
Источник: debian
EPSS Низкий

Описание

During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries (for instance the Client Hello and Encrypted Extensions messages), the subsequent messages may be processed before the encryption level changes. This can cause some minor information disclosure if a network-local attacker can inject messages during the handshake.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
golang-1.25fixed1.25.6-1package
golang-1.24fixed1.24.12-1package
golang-1.24no-dsatrixiepackage
golang-1.19removedpackage
golang-1.19no-dsabookwormpackage
golang-1.15removedpackage
golang-1.15postponedbullseyepackage

Примечания

  • https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc

  • https://github.com/golang/go/issues/76443

  • Fixed by: https://github.com/golang/go/commit/525dd853633f90d6038719d9a48cba3770ca71ea (go1.25.6)

  • Fixed by: https://github.com/golang/go/commit/ad2cd043db66cd36e1f55359638729d2c8ff3d99 (go1.24.12)

EPSS

Процентиль: 1%
0.00009
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2025-61730

CVSS3: 5.3
ubuntu
2 месяца назад

During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries (for instance the Client Hello and Encrypted Extensions messages), the subsequent messages may be processed before the encryption level changes. This can cause some minor information disclosure if a network-local attacker can inject messages during the handshake.

nvd логотип

CVE-2025-61730

CVSS3: 5.3
nvd
2 месяца назад

During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries (for instance the Client Hello and Encrypted Extensions messages), the subsequent messages may be processed before the encryption level changes. This can cause some minor information disclosure if a network-local attacker can inject messages during the handshake.

github логотип

GHSA-gr56-3gp6-6gmj

CVSS3: 6.2
github
2 месяца назад

During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries (for instance the Client Hello and Encrypted Extensions messages), the subsequent messages may be processed before the encryption level changes. This can cause some minor information disclosure if a network-local attacker can inject messages during the handshake.

fstec логотип

BDU:2026-03603

CVSS3: 5.3
fstec
2 месяца назад

Уязвимость языка программирования Golang, связанная с недостатками контроля доступа, позволяющая нарушителю повысить свои привилегии

redos логотип

ROS-20260209-73-0045

CVSS3: 5.3
redos
около 2 месяцев назад

Уязвимость golang

EPSS

Процентиль: 1%
0.00009
Низкий