GHSA-pjcq-xvwq-hhpj

Suggest an improvement

Source

https://github.com/advisories/GHSA-pjcq-xvwq-hhpj

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/04/GHSA-pjcq-xvwq-hhpj/GHSA-pjcq-xvwq-hhpj.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-pjcq-xvwq-hhpj

Aliases

CVE-2026-32952

Downstream

MINI-29jg-6xf5-vh84

MINI-32f8-w2f3-4w7p

MINI-32wv-8f3r-4c73

MINI-39v9-jcf7-wxgj

MINI-3q26-226w-33cc

MINI-3rgm-78wp-jvr6

MINI-3v97-5v8f-4rmm

MINI-44gg-j6wm-g57v

MINI-5f5r-84px-947x

MINI-5jqr-686j-f66m

MINI-6224-2m67-wfpc

MINI-62xw-3pxh-87qp

MINI-662w-8vv5-jhv9

MINI-66f3-qgxg-qgp7

MINI-6f29-jv5w-fjm5

MINI-6fv7-4hcc-pwfm

MINI-6pp6-55mx-47f6

MINI-6rp8-5fqp-g6mq

MINI-6rwv-cfv3-38xh

MINI-6v8p-7xvh-c4x3

MINI-8rh7-66q6-c48j

MINI-8v8v-qw7j-ggg2

MINI-95wx-mq3v-f969

MINI-974m-3rh6-wr55

MINI-996f-gmhf-6w62

MINI-997m-xm59-4hp2

MINI-c3hq-m2fx-gx32

MINI-cmxh-72x2-9hgq

MINI-crcr-c839-7r37

MINI-cvx9-2pvm-5v9h

MINI-f2cr-x74x-p837

MINI-f36x-rv8q-4gw2

MINI-f49v-2pgf-7vj9

MINI-fxrf-66v6-2654

MINI-g4p7-hcj8-g7vp

MINI-g86f-37xx-4vqf

MINI-gr6c-235w-4rq6

MINI-gr78-9886-7mj3

MINI-h7cg-5p9c-46f7

MINI-h94r-w9vj-qj59

MINI-hfq3-45cj-c33f

MINI-hp4v-wvvf-cgr6

MINI-hr9m-4prq-p8f3

MINI-j432-99vg-prg9

MINI-j993-g3rw-r23h

MINI-j9f2-r8gx-rg65

MINI-jgx3-4x2f-xmjp

MINI-jh98-7869-9q27

MINI-jv2r-j6qw-9qhc

MINI-m27r-746h-7vp2

MINI-m9xq-h2c3-3m9f

MINI-mh52-qwrr-4ffx

MINI-p3vc-pgpr-cgq7

MINI-p6hr-vrmv-7j6j

MINI-p7cp-vcrp-m2f2

MINI-p9vr-r3rv-3v5j

MINI-pghr-jgv5-4mwp

MINI-qcq6-24vv-3x7w

MINI-qfgp-pwwc-6hfj

MINI-qg7w-r7c7-q8jx

MINI-qwpp-6cf2-8vp5

MINI-qxfj-83f6-6hhw

MINI-r4vh-crph-wm4v

MINI-r6rw-pjch-qhmg

MINI-rp6x-xj7v-2982

MINI-v2m5-qwwj-qj3q

MINI-v9hc-qm2p-xg5q

MINI-vg74-rhq2-vr3p

MINI-wcrj-fxm3-8c9f

MINI-wg26-qm3m-46jf

MINI-wq86-xpc3-rww2

MINI-wq8f-4fgh-7xxr

MINI-wrff-r5jr-rfjw

MINI-x9fp-5ghp-cgvr

MINI-x9m3-q7f3-4cqj

MINI-xcjw-4cv9-8hpr

Related

CGA-v428-8cc9-79f8

Published

2026-04-23T21:21:58Z

Modified

2026-05-05T16:09:27.394899Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVSS Calculator

Summary

go-ntlmssp NTLM challenges can panic on malformed payloads

Details

go-ntlmssp is a Go package that provides NTLM/Negotiate authentication over HTTP. Prior to version 0.1.1, a malicious NTLM challenge message can causes an slice out of bounds panic, which can crash any Go process using ntlmssp.Negotiator as an HTTP transport. Version 0.1.1 patches the issue.

Database specific

{
    "severity": "MODERATE",
    "cwe_ids": [
        "CWE-190"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-04-23T21:21:58Z",
    "nvd_published_at": "2026-04-24T03:16:07Z"
}

References

Affected packages

Go / github.com/Azure/go-ntlmssp

Package

Name: github.com/Azure/go-ntlmssp; View open source insights on deps.dev
Purl: pkg:golang/github.com/Azure/go-ntlmssp

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.1.1

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/04/GHSA-pjcq-xvwq-hhpj/GHSA-pjcq-xvwq-hhpj.json"