DEBIAN-CVE-2025-61730

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/CVE-2025-61730

Import Source

https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2025-61730.json

JSON Data

https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2025-61730

Upstream

CVE-2025-61730

Published

2026-01-28T20:16:09.940Z

Modified

2026-02-12T16:18:56.992720Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

[none]

Details

During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries (for instance the Client Hello and Encrypted Extensions messages), the subsequent messages may be processed before the encryption level changes. This can cause some minor information disclosure if a network-local attacker can inject messages during the handshake.

References

https://security-tracker.debian.org/tracker/CVE-2025-61730

Affected packages

Debian:11 / golang-1.15

Package

Name: golang-1.15
Purl: pkg:deb/debian/golang-1.15?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.15.9-6

1.15.15-1~deb11u1

1.15.15-1~deb11u2

1.15.15-1~deb11u3

1.15.15-1~deb11u4

1.15.15-1

1.15.15-2

1.15.15-3

1.15.15-4

1.15.15-5

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2025-61730.json"

Debian:12 / golang-1.19

Package

Name: golang-1.19
Purl: pkg:deb/debian/golang-1.19?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.19.8-2

1.19.9-1

1.19.10-1

1.19.10-2

1.19.11-1

1.19.12-1

1.19.12-2~bpo11+1

1.19.12-2~bpo12+1

1.19.12-2

1.19.13-1~bpo11+1

1.19.13-1~bpo12+1

1.19.13-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2025-61730.json"

Debian:13 / golang-1.24

Package

Name: golang-1.24
Purl: pkg:deb/debian/golang-1.24?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.24.4-1

1.24.4-2

1.24.4-3

1.24.4-4

1.24.7-1

1.24.8-1

1.24.9-1

1.24.12-1

1.24.13-1

1.24.13-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2025-61730.json"

Debian:14 / golang-1.24

Package

Name: golang-1.24
Purl: pkg:deb/debian/golang-1.24?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.24.12-1

Affected versions

1.*

1.24.4-1

1.24.4-2

1.24.4-3

1.24.4-4

1.24.7-1

1.24.8-1

1.24.9-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2025-61730.json"

Debian:14 / golang-1.25

Package

Name: golang-1.25
Purl: pkg:deb/debian/golang-1.25?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.25.6-1

Affected versions

1.*

1.25.0-1

1.25.0-2

1.25.1-1

1.25.2-1

1.25.3-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2025-61730.json"