CVE-2025-58181

EUVD-2025-198228
SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 40%
Affected Products (NVD)
VendorProductVersion
golangcrypto
𝑥
< 0.45.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
golang-go.crypto
bookworm
no-dsa
bullseye
postponed
forky
1:0.53.0-1
fixed
sid
1:0.53.0-1
fixed
trixie
no-dsa
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
golang-go.crypto
bionic
needs-triage
focal
needs-triage
jammy
needs-triage
noble
needs-triage
plucky
ignored
questing
needs-triage
resolute
needs-triage
xenial
needs-triage
google-guest-agent
bionic
Fixed 20241011.01-0ubuntu1~18.04.0+esm2
released
focal
Fixed 20250116.00-0ubuntu1~20.04.0+esm2
released
jammy
Fixed 20250116.00-0ubuntu1~22.04.2
released
noble
Fixed 20250116.00-0ubuntu1~24.04.3
released
plucky
Fixed 20250116.00-0ubuntu2.2
released
questing
Fixed 20250506.01-0ubuntu1.1
released
resolute
Fixed 20250506.01-0ubuntu2
released
xenial
Fixed 20240716.00-0ubuntu1~16.04.0+esm2
released
lxd
bionic
needs-triage
focal
not-affected
jammy
dne
noble
dne
plucky
dne
questing
dne
resolute
dne
xenial
needs-triage
snapd
bionic
needs-triage
focal
needs-triage
jammy
needs-triage
noble
needs-triage
plucky
ignored
questing
needs-triage
resolute
needs-triage
xenial
needs-triage
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
apptainer
suse enterprise server 15 SP6
1.4.5-150600.4.12.1
fixed
apptainer-sle15_6
suse enterprise server 15 SP6
1.4.5-150600.4.12.1
fixed
containerized-data-importer-manifests
suse enterprise sap 15 SP7
1.64.0-150700.9.11.1
fixed
suse enterprise server 15 SP7
1.64.0-150700.9.11.1
fixed
cosign
suse enterprise desktop 15 SP7
3.0.5-150400.3.35.1
fixed
suse enterprise sap 15 SP7
3.0.5-150400.3.35.1
fixed
suse enterprise server 15 SP4
3.0.5-150400.3.35.1
fixed
suse enterprise server 15 SP7
3.0.5-150400.3.35.1
fixed
cosign-bash-completion
suse enterprise desktop 15 SP7
3.0.5-150400.3.35.1
fixed
suse enterprise sap 15 SP7
3.0.5-150400.3.35.1
fixed
suse enterprise server 15 SP7
3.0.5-150400.3.35.1
fixed
cosign-zsh-completion
suse enterprise desktop 15 SP7
3.0.5-150400.3.35.1
fixed
suse enterprise sap 15 SP7
3.0.5-150400.3.35.1
fixed
suse enterprise server 15 SP7
3.0.5-150400.3.35.1
fixed
docker-buildx
suse enterprise desktop 15 SP7
0.33.0-150000.250.1
fixed
suse enterprise sap 15 SP7
0.33.0-150000.250.1
fixed
suse enterprise server 15 SP4
0.33.0-150000.250.1
fixed
suse enterprise server 15 SP5
0.33.0-150000.250.1
fixed
suse enterprise server 15 SP6
0.33.0-150000.250.1
fixed
suse enterprise server 15 SP7
0.33.0-150000.250.1
fixed
google-guest-agent
suse enterprise server 15 SP4
20260529.00-150000.1.70.1
fixed
kubevirt-manifests
suse enterprise sap 15 SP7
1.7.4-150700.3.24.2
fixed
suse enterprise server 15 SP7
1.7.4-150700.3.24.2
fixed
kubevirt-virtctl
suse enterprise sap 15 SP7
1.7.4-150700.3.24.2
fixed
suse enterprise server 15 SP7
1.7.4-150700.3.24.2
fixed
libsquashfuse0
suse enterprise server 15 SP6
0.5.0-150600.3.2.1
fixed
squashfuse
suse enterprise server 15 SP6
0.5.0-150600.3.2.1
fixed
squashfuse-tools
suse enterprise server 15 SP6
0.5.0-150600.3.2.1
fixed
Amazon Linux logo
Amazon Linux Releases
Amazon Package
Release
amazon-cloudwatch-agent
Amazon Linux 2
0:1.300062.1-1.amzn2
fixed
Amazon Linux 2023
0:1.300062.1-1.amzn2023
fixed
docker
Amazon Linux 2023
0:25.0.14-1.amzn2023.0.1
fixed
docker-debuginfo
Amazon Linux 2023
0:25.0.14-1.amzn2023.0.1
fixed
docker-debugsource
Amazon Linux 2023
0:25.0.14-1.amzn2023.0.1
fixed
nerdctl
Amazon Linux 2
0:2.2.1-1.amzn2.0.1
fixed
Amazon Linux 2023
0:2.2.1-1.amzn2023.0.1
fixed
nerdctl-debuginfo
Amazon Linux 2
0:2.2.1-1.amzn2.0.1
fixed
runfinch-finch
Amazon Linux 2023
0:1.10.0-1.amzn2023.0.6
fixed