CVE-2025-58189

5.3 MEDIUM
Published: October 29, 2025 Modified: January 29, 2026
View on NVD

Description

When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information (the ALPN protocols sent by the client) which is not escaped.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
https://go.dev/cl/707776
Source: security@golang.org
Patch
https://go.dev/issue/75652
Source: security@golang.org
Issue Tracking
https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI
Source: security@golang.org
Mailing List Release Notes
https://pkg.go.dev/vuln/GO-2025-4008
Source: security@golang.org
Vendor Advisory
http://www.openwall.com/lists/oss-security/2025/10/08/1
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List Release Notes Third Party Advisory

5 reference(s) from NVD

Quick Stats

CVSS v3 Score
5.3 / 10.0
EPSS (Exploit Probability)
0.0%
1th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-532

Affected Vendors

golang

Related CVEs

CVE-2026-4906 8.8
CVE-2026-33935 N/A
CVE-2026-33890 N/A
CVE-2026-33747 8.4
CVE-2026-33745 7.4