GO-2025-3487
- Source
- https://pkg.go.dev/vuln/GO-2025-3487
- Import Source
- https://vuln.go.dev/ID/GO-2025-3487.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GO-2025-3487
- Aliases
- Related
- Published
- 2025-02-26T02:51:51Z
- Modified
- 2025-04-14T15:56:59.582884Z
- Summary
- Potential denial of service in golang.org/x/crypto
- Details
-
SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted.
- Database specific
{ "url": "https://pkg.go.dev/vuln/GO-2025-3487", "review_status": "REVIEWED" }- References
- Credits
-
-
- Yuichi Watanabe
-
Affected packages
Go / golang.org/x/crypto
Package
- Name
- golang.org/x/crypto
- View open source insights on deps.dev
- Purl
- pkg:golang/golang.org/x/crypto
Affected ranges
- Type
- SEMVER
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed0.35.0
Ecosystem specific
{
"imports": [
{
"path": "golang.org/x/crypto/ssh",
"symbols": [
"Client.Dial",
"Client.DialContext",
"Client.DialTCP",
"Client.Listen",
"Client.ListenTCP",
"Client.ListenUnix",
"Client.NewSession",
"Dial",
"DiscardRequests",
"NewClient",
"NewClientConn",
"NewServerConn",
"Request.Reply",
"Session.Close",
"Session.CombinedOutput",
"Session.Output",
"Session.RequestPty",
"Session.RequestSubsystem",
"Session.Run",
"Session.SendRequest",
"Session.Setenv",
"Session.Shell",
"Session.Signal",
"Session.Start",
"Session.WindowChange",
"channel.Accept",
"channel.Close",
"channel.CloseWrite",
"channel.Read",
"channel.ReadExtended",
"channel.Reject",
"channel.SendRequest",
"channel.Write",
"channel.WriteExtended",
"connection.SendAuthBanner",
"curve25519sha256.Client",
"curve25519sha256.Server",
"dhGEXSHA.Client",
"dhGEXSHA.Server",
"dhGroup.Client",
"dhGroup.Server",
"ecdh.Client",
"ecdh.Server",
"extChannel.Read",
"extChannel.Write",
"handshakeTransport.kexLoop",
"handshakeTransport.recordWriteError",
"handshakeTransport.writePacket",
"mux.OpenChannel",
"mux.SendRequest",
"newHandshakeTransport",
"sessionStdin.Close",
"sshClientKeyboardInteractive.Challenge",
"tcpListener.Accept",
"tcpListener.Close",
"unixListener.Accept",
"unixListener.Close"
]
}
]
}