CVE-2025-58181

Summary

SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption.

Affected Software

VendorProductVersion RangeStatus
golang.org/x/cryptogolang.org/x/crypto/ssh0 < 0.45.0affected

Weaknesses

  • CWE-1284

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References