GHSA-hcg3-q754-cr77
Suggest an improvement- Source
- https://github.com/advisories/GHSA-hcg3-q754-cr77
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/04/GHSA-hcg3-q754-cr77/GHSA-hcg3-q754-cr77.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-hcg3-q754-cr77
- Aliases
- Downstream
- Related
- Published
- 2025-04-12T00:30:26Z
- Modified
- 2025-04-14T16:11:58.203211Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- golang.org/x/crypto Vulnerable to Denial of Service (DoS) via Slow or Incomplete Key Exchange
- Details
-
SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted.
- Database specific
{ "nvd_published_at": "2025-02-26T08:14:24Z", "github_reviewed_at": "2025-04-14T15:38:58Z", "cwe_ids": [ "CWE-770" ], "severity": "HIGH", "github_reviewed": true }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2025-22869
- https://github.com/golang/crypto/commit/7292932d45d55c7199324ab0027cc86e8198aa22
- https://github.com/golang/crypto
- https://go-review.googlesource.com/c/crypto/+/652135
- https://go.dev/cl/652135
- https://go.dev/issue/71931
- https://pkg.go.dev/vuln/GO-2025-3487
- https://security.netapp.com/advisory/ntap-20250411-0010
Affected packages
Go / golang.org/x/crypto
Package
- Name
- golang.org/x/crypto
- View open source insights on deps.dev
- Purl
- pkg:golang/golang.org/x/crypto