5.3

CVE-2025-61730

Handshake messages may be processed at the incorrect encryption level in crypto/tls

During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries (for instance the Client Hello and Encrypted Extensions messages), the subsequent messages may be processed before the encryption level changes. This can cause some minor information disclosure if a network-local attacker can inject messages during the handshake.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GolangGo Version < 1.24.12
GolangGo Version >= 1.25.0 < 1.25.6
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.28% 0.191
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.3 3.9 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc
Release Notes
https://go.dev/cl/724120
Patch
https://go.dev/issue/76443
Patch
https://pkg.go.dev/vuln/GO-2026-4340
Vendor Advisory