CVE-2025-58189

EUVD-2025-36737
When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information (the ALPN protocols sent by the client) which is not escaped.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CISA-ADPADP
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 2%
Affected Products (NVD)
VendorProductVersion
golanggo
𝑥
< 1.24.8
golanggo
1.25.0 ≤
𝑥
< 1.25.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
golang-1.15
bookworm
no-dsa
bullseye
vulnerable
trixie
no-dsa
golang-1.19
bookworm
vulnerable
bullseye
postponed
trixie
no-dsa
golang-1.24
bookworm
no-dsa
bullseye
postponed
forky
1.24.13-2
fixed
sid
1.24.13-2
fixed
trixie
no-dsa
golang-1.25
bookworm
no-dsa
bullseye
postponed
forky
1.25.7-2
fixed
sid
1.25.7-2
fixed
trixie
no-dsa
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
golang
jammy
dne
noble
dne
plucky
dne
questing
dne
golang-1.6
jammy
dne
noble
dne
plucky
dne
questing
dne
xenial
needs-triage
golang-1.8
bionic
needs-triage
jammy
dne
noble
dne
plucky
dne
questing
dne
golang-1.9
bionic
needs-triage
jammy
dne
noble
dne
plucky
dne
questing
dne
golang-1.10
bionic
needs-triage
jammy
dne
noble
dne
plucky
dne
questing
dne
trusty
needs-triage
xenial
needs-triage
golang-1.13
bionic
needs-triage
focal
needs-triage
jammy
needs-triage
noble
dne
plucky
dne
questing
dne
xenial
needs-triage
golang-1.14
focal
needs-triage
jammy
dne
noble
dne
plucky
dne
questing
dne
golang-1.16
bionic
needs-triage
focal
needs-triage
jammy
dne
noble
dne
plucky
dne
questing
dne
golang-1.17
jammy
needs-triage
noble
dne
plucky
dne
questing
dne
golang-1.18
bionic
needs-triage
focal
needs-triage
jammy
needs-triage
noble
dne
plucky
dne
questing
dne
xenial
needs-triage
golang-1.20
focal
needs-triage
jammy
needs-triage
noble
dne
plucky
dne
questing
dne
golang-1.21
focal
needs-triage
jammy
needs-triage
noble
needs-triage
plucky
dne
questing
dne
golang-1.22
focal
needs-triage
jammy
needs-triage
noble
needs-triage
plucky
dne
questing
dne
golang-1.23
jammy
needs-triage
noble
needs-triage
plucky
ignored
questing
needs-triage
golang-1.24
jammy
dne
noble
dne
plucky
ignored
questing
needs-triage
golang-1.25
jammy
dne
noble
dne
plucky
dne
questing
needs-triage
Common Weakness Enumeration
References
https://go.dev/cl/707776
https://go.dev/issue/75652
https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI
https://pkg.go.dev/vuln/GO-2025-4008
http://www.openwall.com/lists/oss-security/2025/10/08/1