DEBIAN-CVE-2026-32952

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/CVE-2026-32952

Import Source

https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2026-32952.json

JSON Data

https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2026-32952

Upstream

CVE-2026-32952

Published

2026-04-24T03:16:07.833Z

Modified

2026-04-28T20:32:45.722696Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVSS Calculator

Summary

[none]

Details

go-ntlmssp is a Go package that provides NTLM/Negotiate authentication over HTTP. Prior to version 0.1.1, a malicious NTLM challenge message can causes an slice out of bounds panic, which can crash any Go process using ntlmssp.Negotiator as an HTTP transport. Version 0.1.1 patches the issue.

References

https://security-tracker.debian.org/tracker/CVE-2026-32952

Affected packages

Debian:11

golang-github-azure-go-ntlmssp

Package

Name: golang-github-azure-go-ntlmssp
Purl: pkg:deb/debian/golang-github-azure-go-ntlmssp?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.0~git20200615.6637195-1

0.0~git20220621.cb9428e-1

0.0~git20221128.754e69321358-1

0.0~git20221128.754e69321358-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2026-32952.json"

Debian:12

golang-github-azure-go-ntlmssp

Package

Name: golang-github-azure-go-ntlmssp
Purl: pkg:deb/debian/golang-github-azure-go-ntlmssp?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.0~git20220621.cb9428e-1

0.0~git20221128.754e69321358-1

0.0~git20221128.754e69321358-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2026-32952.json"

Debian:13

golang-github-azure-go-ntlmssp

Package

Name: golang-github-azure-go-ntlmssp
Purl: pkg:deb/debian/golang-github-azure-go-ntlmssp?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.0~git20220621.cb9428e-1

0.0~git20221128.754e69321358-1

0.0~git20221128.754e69321358-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2026-32952.json"

Debian:14

golang-github-azure-go-ntlmssp

Package

Name: golang-github-azure-go-ntlmssp
Purl: pkg:deb/debian/golang-github-azure-go-ntlmssp?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.0~git20220621.cb9428e-1

0.0~git20221128.754e69321358-1

0.0~git20221128.754e69321358-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2026-32952.json"