crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages

A flaw was found in the crypto/tls package within the Go golang standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock,...

CLSA-2026-1779152708 grafana: Fix of CVE-2026-32283

CVE-2026-32283: rebuild against golang = 1.25.7-1.el96.tuxcare.els5 to fix crypto/tls DoS where multiple post-handshake KeyUpdate messages in a single TLS 1.3 record deadlock the connection setReadTrafficSecret reacquired the conn mutex via sendAlert...

CVE-2026-32283 Unauthenticated TLS 1.3 KeyUpdate record can cause persistent connection retention and DoS in crypto/tls

If one side of the TLS connection sends multiple key update messages post-handshake in a single record, the connection can deadlock, causing uncontrolled consumption of resources. This can lead to a denial of service. This only affects TLS 1.3...

CVE-2026-32283

CVE-2026-32283: In TLS 1.3, multiple KeyUpdate messages in a single record can cause a deadlock and DoS. Affected packages were fixed by updating Go to go1.25.9 or go1.26.2 in SUSE/openSUSE advisories (SUSE-SU-2026:1320-1 and 1321-1) and related Leap 16.0 patches. OpenSUSE advisories list CVE-202...