Microsoft Go-Crypto-Winnative vulnerabilities

1 known vulnerability affecting microsoft/go-crypto-winnative.

Total CVEs
1
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH1

Vulnerabilities

Page 1 of 1
CVE-2025-25199HIGHCVSS 7.5fixed in 1.23.6-2fixed in 1.22.12-2+1 more2025-02-12
CVE-2025-25199 [HIGH] CWE-401 CVE-2025-25199: go-crypto-winnative Go crypto backend for Windows using Cryptography API: Next Generation (CNG). Pri go-crypto-winnative Go crypto backend for Windows using Cryptography API: Next Generation (CNG). Prior to commit f49c8e1379ea4b147d5bff1b3be5b0ff45792e41, calls to `cng.TLS1PRF` don't release the key handle, producing a small memory leak every time. Commit f49c8e1379ea4b147d5bff1b3be5b0ff45792e41 contains a fix for the issue. The fix is included in ve
nvd