Skip to main content

EUVDEUVD-2026-25374

| CVE-2026-32952 MEDIUM
Integer Overflow or Wraparound (CWE-190)
2026-04-23 https://github.com/Azure/go-ntlmssp GHSA-pjcq-xvwq-hhpj
5.3
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
5.3 MEDIUM
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
SUSE
MEDIUM
qualitative
Red Hat
5.3 MEDIUM
qualitative

Primary rating from GitHub Advisory.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
Low

Lifecycle Timeline

3
Patch released
Apr 24, 2026 - 02:30 nvd
Patch available
EUVD ID Assigned
Apr 23, 2026 - 21:45 euvd
EUVD-2026-25374
CVE Published
Apr 23, 2026 - 21:21 nvd
MEDIUM 5.3

DescriptionGitHub Advisory

A malicious NTLM challenge message can causes an slice out of bounds panic, which can crash any Go process using ntlmssp.Negotiator as an HTTP transport.

Analysis

A malicious NTLM challenge message can causes an slice out of bounds panic, which can crash any Go process using ntlmssp.Negotiator as an HTTP transport.

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
openSUSE Tumbleweed Fixed

Share

EUVD-2026-25374 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy