Skip to content

CVE-2025-22869 #69

New issue
New issue
Open
Open
CVE-2025-22869#69
Labels
bugSomething isn't workingdependenciesPull requests that update a dependency filegoPull requests that update Go code
@TechSolomon

Description

@TechSolomon
TechSolomon
opened on Feb 24, 2025

We have tagged version v0.35.0 of golang.org/x/crypto in order to address a security issue.

Version v0.35.0 of golang.org/x/crypto fixes a vulnerability in the golang.org/x/crypto/ssh package which could cause a denial of service.

SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted.

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't workingdependenciesPull requests that update a dependency filegoPull requests that update Go code

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions