Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

GSA_kwCzR0hTQS1oY2czLXE3NTQtY3I3N84ABGuf

High EPSS: 0.00127% (0.32932 Percentile) EPSS:
Permalink JSON

golang.org/x/crypto Vulnerable to Denial of Service (DoS) via Slow or Incomplete Key Exchange

Affected Packages Affected Versions Fixed Versions
go:golang.org/x/crypto < 0.35.0 0.35.0
125,672 Dependent packages
269,003 Dependent repositories

Affected Version Ranges

All affected versions

0.1.0, 0.2.0, 0.3.0, 0.4.0, 0.5.0, 0.6.0, 0.7.0, 0.8.0, 0.9.0, 0.10.0, 0.11.0, 0.12.0, 0.13.0, 0.14.0, 0.15.0, 0.16.0, 0.17.0, 0.18.0, 0.19.0, 0.20.0, 0.21.0, 0.22.0, 0.23.0, 0.24.0, 0.25.0, 0.26.0, 0.27.0, 0.28.0, 0.29.0, 0.30.0, 0.31.0, 0.32.0, 0.33.0, 0.34.0

All unaffected versions

0.35.0, 0.36.0, 0.37.0, 0.38.0, 0.39.0, 0.40.0

SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted.

References:

Identifiers

GHSA-hcg3-q754-cr77

CVE-2025-22869

Risk

Severity

High

EPSS

EPSS Percentage: 0.00127

EPSS Percentile: 0.32932

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/golang/crypto

Date and time

Published

4 months ago

Updated

3 months ago

API

JSON