Home

Description

SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption.

PUBLISHED Reserved 2025-08-27 | Published 2025-11-19 | Updated 2025-11-20 | Assigner Go

Problem types

CWE-1284

Product status

Default status
unaffected

Any version before 0.45.0
affected

Credits

Jakub Ciolek

References

groups.google.com/g/golang-announce/c/w-oX3UxNcZA

go.dev/cl/721961

go.dev/issue/76363

pkg.go.dev/vuln/GO-2025-4134

cve.org (CVE-2025-58181)

nvd.nist.gov (CVE-2025-58181)

Download JSON