CVE-2025-58189

Опубликовано: 29 окт. 2025

Источник: nvd

CVSS3: 5.3

EPSS Низкий

Описание

When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information (the ALPN protocols sent by the client) which is not escaped.

Ссылки

https://go.dev/cl/707776
Patch
https://go.dev/issue/75652
Issue Tracking
https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI
Mailing List
Release Notes
https://pkg.go.dev/vuln/GO-2025-4008
Vendor Advisory
http://www.openwall.com/lists/oss-security/2025/10/08/1
Mailing List
Release Notes
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*

Версия до 1.24.8 (исключая)

cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*

Версия от 1.25.0 (включая) до 1.25.2 (исключая)

EPSS

Процентиль: 1%

0.00009

Низкий

5.3 Medium

CVSS3

Дефекты

CWE-532

Связанные уязвимости

CVE-2025-58189

CVSS3: 5.3

ubuntu

5 месяцев назад

When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information (the ALPN protocols sent by the client) which is not escaped.

CVE-2025-58189

CVSS3: 5.3

redhat

5 месяцев назад

When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information (the ALPN protocols sent by the client) which is not escaped.

CVE-2025-58189

msrc

5 месяцев назад

ALPN negotiation error contains attacker controlled information in crypto/tls

CVE-2025-58189

CVSS3: 5.3

debian

5 месяцев назад

When Conn.Handshake fails during ALPN negotiation the error contains a ...

GHSA-cxq7-xw9v-rcv3

CVSS3: 5.3

github

5 месяцев назад

When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information (the ALPN protocols sent by the client) which is not escaped.

EPSS

Процентиль: 1%

0.00009

Низкий

5.3 Medium

CVSS3

Дефекты

CWE-532