303 matches found
ROOT-APP-GOBINARY-CVE-2025-58181 CVE-2025-58181 in rootio-golang.org/x/crypto - Patched by Root
Root has patched CVE-2025-58181 in the rootio-golang.org/x/crypto package for Root:Go. Multiple fixed versions available...
GHSA-RM3J-F69W-WQMQ golang.org/x/crypto/ssh vulnerable to infinite loop on large channel writes
When writing data larger than 4GB in a single Write call on an SSH channel, an integer overflow in the internal payload size calculation caused the write loop to spin indefinitely, sending empty packets without making progress. The size comparison now uses int64 to prevent truncation...
GHSA-W879-237Q-WC7R golang.org/x/crypto/ssh: Invoking pathological RSA/DSA parameters may cause DoS
The RSA and DSA public key parsers did not enforce size limits on key parameters. A crafted public key with an excessively large modulus or DSA parameter could cause several minutes of CPU consumption during signature verification. This could be triggered by unauthenticated clients during public...
GHSA-Q4H4-GMJ2-QVW2 golang.org/x/crypto/ssh: Invoking byte arithmetic causes underflow and panic
An incorrectly placed cast from bytes to int allowed for server-side panic in the AES-GCM packet decoder for well-crafted inputs...
GHSA-JPPX-RXG9-JMRX golang.org/x/crypto/ssh/agent doesn't enforce invoking key constraints
The in-memory keyring returned by NewKeyring silently accepted keys with the ConfirmBeforeUse constraint but never enforced it. The key would sign without any confirmation prompt, with no indication to the caller that the constraint was not in effect. NewKeyring now returns an error when...
crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages
A flaw was found in the crypto/tls package within the Go golang standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock,...
crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building
A flaw was found in the Go standard library packages crypto/x509 and crypto/tls. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being...
crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages
A flaw was found in the crypto/tls package within the Go golang standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock,...
Astra Linux – Vulnerability in mbedtls
The ECDSA signature implementation in ecdsa.c in Arm Mbed Crypto 2.1 and Mbed TLS from 2.19.1 onwards does not reduce the blinded scalar before computing the inverse. This allows a local attacker to recover the private key through side-channel attacks...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: crypto: acomp – Fixed CFI failures due to type punning. To avoid crashes when control flow integrity is enabled, ensure that the workspace “stream” uses a consistent type for function calls, and invoke functions through a functio...
Astra Linux – Vulnerability in golang-go.crypto
The x/crypto/ssh package in version 0.0.0-20211202192323-5770296d904e of golang.org/x/crypto allows an attacker to cause a panic in an SSH server...
Astra Linux – Vulnerability in Golang-1.15
In Go versions before 1.14.14 and 1.15.x, as well as before 1.15.7, the crypto/elliptic/p224.go file may generate incorrect outputs due to a underflow of the lowest limb during the final complete reduction of the P-224 field...
crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building
A flaw was found in the Go standard library packages crypto/x509 and crypto/tls. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being...
MGASA-2026-0179 Updated golang-x-crypto & golang-x-sys-devel packages fix security vulnerability
fixes a protocol weakness in the golang.org/x/crypto/ssh package that allowed a MITM attacker to compromise the integrity of the secure channel before it was established, allowing them to prevent transmission of a number of messages immediately after the secure channel was established without...
crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages
A flaw was found in the crypto/tls package within the Go golang standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock,...
crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages
A flaw was found in the crypto/tls package within the Go golang standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock,...
crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building
A flaw was found in the Go standard library packages crypto/x509 and crypto/tls. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being...
Allocation of Resources Without Limits or Throttling
Overview golang.org/x/crypto/ssh is a SSH client and server Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the public key parsers. An attacker can exhaust CPU resources by submitting crafted RSA or DSA public keys with excessively larg...
GO-2026-5020 Invoking infinite loop on large channel writes in golang.org/x/crypto/ssh
When writing data larger than 4GB in a single Write call on an SSH channel, an integer overflow in the internal payload size calculation caused the write loop to spin indefinitely, sending empty packets without making progress. The size comparison now uses int64 to prevent truncation...
crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages
A flaw was found in the crypto/tls package within the Go golang standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock,...