Skip to main content

Crypto CVE-2025-58181

MEDIUM
Allocation of Resources Without Limits or Throttling (CWE-770)
2025-11-19 security@golang.org
5.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.3 MEDIUM
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
SUSE
MEDIUM
qualitative
Red Hat
5.3 MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
Low

Lifecycle Timeline

3
Analysis Generated
Mar 28, 2026 - 19:23 vuln.today
Patch released
Mar 28, 2026 - 19:23 nvd
Patch available
CVE Published
Nov 19, 2025 - 21:15 nvd
MEDIUM 5.3

DescriptionCVE.org

SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption.

AnalysisAI

SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Technical ContextAI

This vulnerability is classified as Allocation of Resources Without Limits (CWE-770), which allows attackers to exhaust system resources through uncontrolled allocation. SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption. Affected products include: Golang Crypto.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Set resource limits, implement rate limiting, validate input sizes.

More in Crypto

View all
CVE-2023-48795 MEDIUM POC
5.9 Dec 18

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remot

CVE-2023-50981 HIGH POC
7.5 Dec 18

ModularSquareRoot in Crypto++ (aka cryptopp) through 8.9.0 allows attackers to cause a denial of service (infinite loop)

CVE-2023-50980 HIGH POC
7.5 Dec 18

gf2n.cpp in Crypto++ (aka cryptopp) through 8.9.0 allows attackers to cause a denial of service (application crash) via

CVE-2023-50979 MEDIUM POC
5.9 Dec 18

Crypto++ (aka cryptopp) through 8.9.0 has a Marvin side channel during decryption with PKCS#1 v1.5 padding. Rated medium

CVE-2021-40530 MEDIUM POC
5.9 Sep 06

The ElGamal implementation in Crypto++ through 8.5 allows plaintext recovery because, during interaction between two cry

CVE-2019-14318 MEDIUM POC
5.9 Jul 30

Crypto++ 8.3.0 and earlier contains a timing side channel in ECDSA signature generation. Rated medium severity (CVSS 5.9

CVE-2019-11841 MEDIUM POC
5.9 May 22

A message-forgery issue was discovered in crypto/openpgp/clearsign/clearsign.go in supplementary Go cryptography librari

CVE-2021-43398 MEDIUM POC
5.3 Nov 04

Crypto++ (aka Cryptopp) 8.6.0 and earlier contains a timing leakage in MakePublicKey(). Rated medium severity (CVSS 5.3)

CVE-2016-9939 HIGH
7.5 Jan 30

Crypto++ (aka cryptopp and libcrypto++) 5.6.4 contained a bug in its ASN.1 BER decoding routine. Rated high severity (CV

CVE-2017-3204 HIGH
8.1 Apr 04

The Go SSH library (x/crypto/ssh) by default does not verify host keys, facilitating man-in-the-middle attacks. Rated hi

CVE-2016-7544 HIGH
7.5 Jan 30

Crypto++ 5.6.4 incorrectly uses Microsoft's stack-based _malloca and _freea functions. Rated high severity (CVSS 7.5), t

CVE-2016-3995 HIGH
7.5 Feb 13

The timing attack protection in Rijndael::Enc::ProcessAndXorBlock and Rijndael::Dec::ProcessAndXorBlock in Crypto++ (aka

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
Container suse/sl-micro/6.0/baremetal-os-container:2.1.3-6.119 Affected
Container suse/sl-micro/6.0/base-os-container:2.1.3-7.86 Affected
Container suse/sl-micro/6.0/kvm-os-container:2.1.3-6.106 Container suse/sl-micro/6.0/rt-os-container:2.1.3-7.120 Affected
Container suse/sl-micro/6.0/toolbox:13.2-9.16 Affected
Container suse/sl-micro/6.1/baremetal-os-container:2.2.1-7.49 Affected

Share

CVE-2025-58181 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy