CVE-2025-61730

Name
CVE-2025-61730
Description
During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries (for instance the Client Hello and Encrypted Extensions messages), the subsequent messages may be processed before the encryption level changes. This can cause some minor information disclosure if a network-local attacker can inject messages during the handshake.
NVD Severity
unknown
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
security@golang.org https://go.dev/cl/724120
security@golang.org https://go.dev/issue/76443
security@golang.org https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc
security@golang.org https://pkg.go.dev/vuln/GO-2026-4340

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:golang:go:*:*:*:*:*:*:*:* go >= None < 1.24.12
cpe:2.3:a:golang:go:*:*:*:*:*:*:*:* go >= 1.25.0 < 1.25.6

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
go edge-community 1.25.6-r0 Achill Gilgenast <achill@achill.org> fixed
go edge-community 1.25.5-r0 Achill Gilgenast <achill@achill.org> possibly vulnerable
go edge-community 1.25.4-r0 Achill Gilgenast <achill@achill.org> possibly vulnerable
go edge-community 1.25.3-r0 Achill Gilgenast <achill@achill.org> possibly vulnerable
go edge-community 1.25.2-r0 Achill Gilgenast <achill@achill.org> possibly vulnerable
go edge-community 1.25.1-r0 Achill Gilgenast <achill@achill.org> possibly vulnerable
go edge-community 1.25.0-r0 Achill Gilgenast <achill@achill.org> possibly vulnerable
go edge-community 1.24.6-r1 Achill Gilgenast <achill@achill.org> possibly vulnerable
go edge-community 1.24.6-r0 fossdd <fossdd@pwned.life> possibly vulnerable
go edge-community 1.24.5-r1 fossdd <fossdd@pwned.life> possibly vulnerable
go edge-community 1.24.5-r0 fossdd <fossdd@pwned.life> possibly vulnerable
go edge-community 1.24.4-r0 fossdd <fossdd@pwned.life> possibly vulnerable
go edge-community 1.24.3-r1 None possibly vulnerable
go edge-community 1.24.3-r0 Sören Tempel <soeren+alpine@soeren-tempel.net> possibly vulnerable
go edge-community 1.24.2-r1 Sören Tempel <soeren+alpine@soeren-tempel.net> possibly vulnerable
go edge-community 1.24.2-r0 Sören Tempel <soeren+alpine@soeren-tempel.net> possibly vulnerable
go edge-community 1.24.1-r1 Sören Tempel <soeren+alpine@soeren-tempel.net> possibly vulnerable
go edge-community 1.24.1-r0 Sören Tempel <soeren+alpine@soeren-tempel.net> possibly vulnerable
go edge-community 1.24.0-r0 Sören Tempel <soeren+alpine@soeren-tempel.net> possibly vulnerable
go edge-community 1.23.6-r0 Sören Tempel <soeren+alpine@soeren-tempel.net> possibly vulnerable
go edge-community 1.23.5-r0 Sören Tempel <soeren+alpine@soeren-tempel.net> possibly vulnerable
go edge-community 1.23.4-r0 Sören Tempel <soeren+alpine@soeren-tempel.net> possibly vulnerable
go edge-community 1.23.3-r0 Sören Tempel <soeren+alpine@soeren-tempel.net> possibly vulnerable
go edge-community 1.23.2-r0 Sören Tempel <soeren+alpine@soeren-tempel.net> possibly vulnerable
go edge-community 1.23.1-r0 Sören Tempel <soeren+alpine@soeren-tempel.net> possibly vulnerable
go edge-community 1.22.6-r0 Sören Tempel <soeren+alpine@soeren-tempel.net> possibly vulnerable
go edge-community 1.22.5-r0 Sören Tempel <soeren+alpine@soeren-tempel.net> possibly vulnerable
go edge-community 1.22.4-r1 Sören Tempel <soeren+alpine@soeren-tempel.net> possibly vulnerable
go edge-community 1.22.4-r0 None possibly vulnerable
go edge-community 1.22.3-r0 Sören Tempel <soeren+alpine@soeren-tempel.net> possibly vulnerable
go edge-community 1.22.2-r0 Sören Tempel <soeren+alpine@soeren-tempel.net> possibly vulnerable
go edge-community 1.22.1-r2 Sören Tempel <soeren+alpine@soeren-tempel.net> possibly vulnerable
go edge-community 1.22.1-r1 Sören Tempel <soeren+alpine@soeren-tempel.net> possibly vulnerable
go edge-community 1.22.1-r0 Sören Tempel <soeren+alpine@soeren-tempel.net> possibly vulnerable
go edge-community 1.22.0-r1 Sören Tempel <soeren+alpine@soeren-tempel.net> possibly vulnerable
go edge-community 1.22.0-r0 Sören Tempel <soeren+alpine@soeren-tempel.net> possibly vulnerable
go edge-community 1.21.6-r0 Sören Tempel <soeren+alpine@soeren-tempel.net> possibly vulnerable
go edge-community 1.21.5-r0 Sören Tempel <soeren+alpine@soeren-tempel.net> possibly vulnerable
go edge-community 1.21.4-r0 Sören Tempel <soeren+alpine@soeren-tempel.net> possibly vulnerable
go edge-community 1.21.3-r1 Sören Tempel <soeren+alpine@soeren-tempel.net> possibly vulnerable
go edge-community 1.21.3-r0 Sören Tempel <soeren+alpine@soeren-tempel.net> possibly vulnerable
go edge-community 1.21.2-r0 Sören Tempel <soeren+alpine@soeren-tempel.net> possibly vulnerable
go edge-community 1.21.1-r0 Sören Tempel <soeren+alpine@soeren-tempel.net> possibly vulnerable
go edge-community 1.21.0-r2 Sören Tempel <soeren+alpine@soeren-tempel.net> possibly vulnerable
go edge-community 1.21.0-r1 Sören Tempel <soeren+alpine@soeren-tempel.net> possibly vulnerable
go edge-community 1.21.0-r0 Sören Tempel <soeren+alpine@soeren-tempel.net> possibly vulnerable
go edge-community 1.20.7-r0 Sören Tempel <soeren+alpine@soeren-tempel.net> possibly vulnerable
go edge-community 1.20.6-r0 Sören Tempel <soeren+alpine@soeren-tempel.net> possibly vulnerable
go edge-community 1.20.5-r2 Sören Tempel <soeren+alpine@soeren-tempel.net> possibly vulnerable
go edge-community 1.20.5-r1 Sören Tempel <soeren+alpine@soeren-tempel.net> possibly vulnerable
go edge-community 1.20.5-r0 Sören Tempel <soeren+alpine@soeren-tempel.net> possibly vulnerable
go edge-community 1.20.4-r0 Sören Tempel <soeren+alpine@soeren-tempel.net> possibly vulnerable
go edge-community 1.20.3-r0 Sören Tempel <soeren+alpine@soeren-tempel.net> possibly vulnerable
go edge-community 1.20.2-r1 Sören Tempel <soeren+alpine@soeren-tempel.net> possibly vulnerable
go edge-community 1.20.2-r0 Sören Tempel <soeren+alpine@soeren-tempel.net> possibly vulnerable
go edge-community 1.20.1-r0 Sören Tempel <soeren+alpine@soeren-tempel.net> possibly vulnerable
go edge-community 1.20-r0 Sören Tempel <soeren+alpine@soeren-tempel.net> possibly vulnerable
go edge-community 1.19.5-r0 Sören Tempel <soeren+alpine@soeren-tempel.net> possibly vulnerable
go edge-community 1.19.4-r0 Sören Tempel <soeren+alpine@soeren-tempel.net> possibly vulnerable
go edge-community 1.19.3-r0 Sören Tempel <soeren+alpine@soeren-tempel.net> possibly vulnerable
go edge-community 1.19.2-r0 Sören Tempel <soeren+alpine@soeren-tempel.net> possibly vulnerable
go edge-community 1.19.1-r0 Sören Tempel <soeren+alpine@soeren-tempel.net> possibly vulnerable
go edge-community 1.18.5-r0 Sören Tempel <soeren+alpine@soeren-tempel.net> possibly vulnerable
go edge-community 1.18.4-r0 None possibly vulnerable
go edge-community 1.18.1-r0 None possibly vulnerable
go edge-community 1.17.8-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
go edge-community 1.17.7-r0 None possibly vulnerable
go edge-community 1.17.6-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
go edge-community 1.17.3-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
go edge-community 1.17.2-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
go edge-community 1.17.1-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
go edge-community 1.17-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
go edge-community 1.16.7-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
go edge-community 1.16.6-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
go edge-community 1.16.5-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
go edge-community 1.16.4-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
go edge-community 1.16.2-r0 None possibly vulnerable
go edge-community 1.15.7-r0 None possibly vulnerable
go edge-community 1.15.5-r0 None possibly vulnerable
go edge-community 1.15.2-r0 None possibly vulnerable
go edge-community 1.15-r0 None possibly vulnerable
go edge-community 1.14.5-r0 None possibly vulnerable
go edge-community 1.13.7-r0 None possibly vulnerable
go edge-community 1.13.2-r0 None possibly vulnerable
go edge-community 1.13.1-r0 None possibly vulnerable
go edge-community 1.12.8-r0 None possibly vulnerable
go edge-community 1.11.5-r0 None possibly vulnerable
go edge-community 1.9.4-r0 None possibly vulnerable
go 3.23-community 1.25.6-r0 Achill Gilgenast <achill@achill.org> fixed
go 3.23-community 1.25.5-r0 Achill Gilgenast <achill@achill.org> possibly vulnerable