Go Standard Library Crypto Tls vulnerabilities

10 known vulnerabilities affecting go_standard_library/crypto_tls.

Total CVEs
10
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH5MEDIUM3LOW1

Vulnerabilities

Page 1 of 1
CVE-2026-32283HIGHCVSS 7.5fixed in 1.25.9≥ 1.26.0-0, < 1.26.22026-04-08
CVE-2026-32283 [HIGH] CVE-2026-32283: If one side of the TLS connection sends multiple key update messages post-handshake in a single reco If one side of the TLS connection sends multiple key update messages post-handshake in a single record, the connection can deadlock, causing uncontrolled consumption of resources. This can lead to a denial of service. This only affects TLS 1.3.
cvelistv5nvd
CVE-2025-68121CRITICALCVSS 10.0fixed in 1.24.13≥ 1.25.0-0, < 1.25.7+1 more2026-02-05
CVE-2025-68121 [CRITICAL] CWE-295 CVE-2025-68121: During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs field During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This
cvelistv5nvd
CVE-2025-61730MEDIUMCVSS 5.3fixed in 1.24.12≥ 1.25.0, < 1.25.62026-01-28
CVE-2025-61730 [MEDIUM] CVE-2025-61730: During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level bou During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries (for instance the Client Hello and Encrypted Extensions messages), the subsequent messages may be processed before the encryption level changes. This can cause some minor information disclosure if a network-local attacker can inject messages during th
cvelistv5nvd
CVE-2025-58189MEDIUMCVSS 5.3fixed in 1.24.8≥ 1.25.0, < 1.25.22025-10-29
CVE-2025-58189 [MEDIUM] CWE-532 CVE-2025-58189: When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information (the ALPN protocols sent by the client) which is not escaped.
cvelistv5nvd
CVE-2023-45287HIGHCVSS 7.5fixed in 1.20.02023-12-05
CVE-2023-45287 [HIGH] CWE-203 CVE-2023-45287: Before Go 1.20, the RSA based TLS key exchanges used the math/big library, which is not constant tim Before Go 1.20, the RSA based TLS key exchanges used the math/big library, which is not constant time. RSA blinding was applied to prevent timing attacks, but analysis shows this may not have been fully effective. In particular it appears as if the removal of PKCS#1 padding may leak timing information, which in turn could be used to recover session ke
cvelistv5nvd
CVE-2023-39321HIGHCVSS 7.5≥ 1.21.0-0, < 1.21.12023-09-08
CVE-2023-39321 [HIGH] CWE-400 CVE-2023-39321: Processing an incomplete post-handshake message for a QUIC connection can cause a panic. Processing an incomplete post-handshake message for a QUIC connection can cause a panic.
cvelistv5nvd
CVE-2023-39322HIGHCVSS 7.5≥ 1.21.0-0, < 1.21.12023-09-08
CVE-2023-39322 [HIGH] CWE-770 CVE-2023-39322: QUIC connections do not set an upper bound on the amount of data buffered when reading post-handshak QUIC connections do not set an upper bound on the amount of data buffered when reading post-handshake messages, allowing a malicious QUIC connection to cause unbounded memory growth. With fix, connections now consistently reject messages larger than 65KiB in size.
cvelistv5nvd
CVE-2023-29409MEDIUMCVSS 5.3fixed in 1.19.12≥ 1.20.0-0, < 1.20.7+1 more2023-08-02
CVE-2023-29409 [MEDIUM] CWE-400 CVE-2023-29409: Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU t Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to <= 8192 bits. Based on a survey of publicly trusted RSA keys, there are currently only three certificates in circulation with keys larger than this
cvelistv5nvd
CVE-2022-41724HIGHCVSS 7.5fixed in 1.19.6≥ 1.20.0-0, < 1.20.12023-02-28
CVE-2022-41724 [HIGH] CWE-400 CVE-2022-41724: Large handshake records may cause panics in crypto/tls. Both clients and servers may send large TLS Large handshake records may cause panics in crypto/tls. Both clients and servers may send large TLS handshake records which cause servers and clients, respectively, to panic when attempting to construct responses. This affects all TLS 1.3 clients, TLS 1.2 clients which explicitly enable session resumption (by setting Config.ClientSessionCache to a non-
cvelistv5nvd
CVE-2022-30629LOWCVSS 3.1fixed in 1.17.11≥ 1.18.0-0, < 1.18.32022-08-10
CVE-2022-30629 [LOW] CWE-330 CVE-2022-30629: Non-random values for ticket_age_add in session tickets in crypto/tls before Go 1.17.11 and Go 1.18. Non-random values for ticket_age_add in session tickets in crypto/tls before Go 1.17.11 and Go 1.18.3 allow an attacker that can observe TLS handshakes to correlate successive connections by comparing ticket ages during session resumption.
cvelistv5nvd