PT-2025-42742 · Unknown+4 · Golang-1.19+5

Publicado

2025-01-01

·

Atualizado

2026-05-21

·

CVE-2025-58189

CVSS v3.1

9.8

Crítica

VetorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Nome do Software Vulnerável e Versões Afetadas Versões do Go anteriores a 1.24.9-alt1 Fedora 42 Fedora 43
Descrição O problema envolve uma falha no componente crypto/tls da linguagem de programação Go. Especificamente, quando o processo Conn.Handshake falha durante o ALPN (Negociação de Protocolo na Camada de Aplicação), a mensagem de erro resultante inclui dados controlados pelo atacante—os protocolos ALPN propostos pelo cliente—sem a devida sanitização. Isso pode levar à divulgação de informações. A vulnerabilidade também afeta o logging, pois a filtragem ou escape insuficientes de arquivos de log permitem que atacantes remotos potencialmente injetem ou manipulem registros de log. Vários relatos indicam que a vulnerabilidade afeta o Cloud SQL Proxy e é corrigida em atualizações para o Fedora.
Recomendações Atualize o Go para a versão 1.24.9-alt1 ou posterior. Atualize o kustomize para a versão 5.8.0. Reconstrua o k9s para mitigar o risco.

Correção

DoS

Insertion into Log File

Improper Neutralization

Special Elements Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-532CWE-707CWE-74

Identificadores relacionados

ALT-PU-2025-12749
ALT-PU-2025-13232
AZL-78917
BDU:2025-14526
BIT-GOLANG-2025-58189
CLEANSTART-2025-EU07511
CLEANSTART-2026-AB43319
CLEANSTART-2026-AC12204
CLEANSTART-2026-AJ16639
CLEANSTART-2026-AJ76138
CLEANSTART-2026-AQ75465
CLEANSTART-2026-AT12816
CLEANSTART-2026-BD53293
CLEANSTART-2026-BH97849
CLEANSTART-2026-BJ28314
CLEANSTART-2026-BJ35875
CLEANSTART-2026-BM53321
CLEANSTART-2026-CB01846
CLEANSTART-2026-CE02533
CLEANSTART-2026-CT39828
CLEANSTART-2026-CV29689
CLEANSTART-2026-CY03855
CLEANSTART-2026-CY44461
CLEANSTART-2026-DH72490
CLEANSTART-2026-DP30290
CLEANSTART-2026-DR75226
CLEANSTART-2026-DS01292
CLEANSTART-2026-DZ05206
CLEANSTART-2026-EC15228
CLEANSTART-2026-EE52954
CLEANSTART-2026-EL98016
CLEANSTART-2026-ER42900
CLEANSTART-2026-ER93728
CLEANSTART-2026-FF20499
CLEANSTART-2026-FF98917
CLEANSTART-2026-FM65506
CLEANSTART-2026-FS64938
CLEANSTART-2026-FU47971
CLEANSTART-2026-GJ69402
CLEANSTART-2026-GL70025
CLEANSTART-2026-GQ00159
CLEANSTART-2026-GQ03231
CLEANSTART-2026-GS02052
CLEANSTART-2026-GV62494
CLEANSTART-2026-GZ35045
CLEANSTART-2026-HA44046
CLEANSTART-2026-HW19594
CLEANSTART-2026-HX78047
CLEANSTART-2026-HY43775
CLEANSTART-2026-ID24148
CLEANSTART-2026-IG94553
CLEANSTART-2026-IO04548
CLEANSTART-2026-JD75482
CLEANSTART-2026-JJ09127
CLEANSTART-2026-JK84667
CLEANSTART-2026-JO01099
CLEANSTART-2026-JR37040
CLEANSTART-2026-JR48309
CLEANSTART-2026-JT73156
CLEANSTART-2026-JU62670
CLEANSTART-2026-JW58725
CLEANSTART-2026-KC01126
CLEANSTART-2026-KU65968
CLEANSTART-2026-KV78041
CLEANSTART-2026-KZ60560
CLEANSTART-2026-KZ63902
CLEANSTART-2026-LA67881
CLEANSTART-2026-LO42921
CLEANSTART-2026-LS98939
CLEANSTART-2026-LU21824
CLEANSTART-2026-LY33846
CLEANSTART-2026-LZ54652
CLEANSTART-2026-MA32024
CLEANSTART-2026-MF20926
CLEANSTART-2026-MI26039
CLEANSTART-2026-MJ51212
CLEANSTART-2026-MJ60235
CLEANSTART-2026-MK39503
CLEANSTART-2026-ML42911
CLEANSTART-2026-MU17611
CLEANSTART-2026-MX70474
CLEANSTART-2026-ND18869
CLEANSTART-2026-NG75665
CLEANSTART-2026-NJ43712
CLEANSTART-2026-NP17404
CLEANSTART-2026-NP19113
CLEANSTART-2026-NS41924
CLEANSTART-2026-NT80635
CLEANSTART-2026-NV34418
CLEANSTART-2026-NV78596
CLEANSTART-2026-OA33370
CLEANSTART-2026-OL17158
CLEANSTART-2026-OL25917
CLEANSTART-2026-OL32822
CLEANSTART-2026-OL60454
CLEANSTART-2026-ON38469
CLEANSTART-2026-ON62368
CLEANSTART-2026-OO14630
CLEANSTART-2026-OT07577
CLEANSTART-2026-OX06978
CLEANSTART-2026-OX88144
CLEANSTART-2026-PC16040
CLEANSTART-2026-PF41398
CLEANSTART-2026-PG91940
CLEANSTART-2026-PK19530
CLEANSTART-2026-PM59896
CLEANSTART-2026-PN58989
CLEANSTART-2026-PV98664
CLEANSTART-2026-PW02676
CLEANSTART-2026-QB67682
CLEANSTART-2026-QC30410
CLEANSTART-2026-QF85840
CLEANSTART-2026-QK02462
CLEANSTART-2026-QO29688
CLEANSTART-2026-QU88766
CLEANSTART-2026-QZ16523
CLEANSTART-2026-RL45001
CLEANSTART-2026-RQ53330
CLEANSTART-2026-RU37859
CLEANSTART-2026-SB25660
CLEANSTART-2026-SM37781
CLEANSTART-2026-SW55801
CLEANSTART-2026-SY95837
CLEANSTART-2026-TA27786
CLEANSTART-2026-TF98824
CLEANSTART-2026-TH33219
CLEANSTART-2026-TK38210
CLEANSTART-2026-TM31143
CLEANSTART-2026-TS42581
CLEANSTART-2026-TT42218
CLEANSTART-2026-TX25294
CLEANSTART-2026-TY78539
CLEANSTART-2026-TZ10716
CLEANSTART-2026-UJ10620
CLEANSTART-2026-UO76615
CLEANSTART-2026-UR80185
CLEANSTART-2026-UU56048
CLEANSTART-2026-UY60586
CLEANSTART-2026-UY85485
CLEANSTART-2026-UZ79996
CLEANSTART-2026-VC16841
CLEANSTART-2026-VF66781
CLEANSTART-2026-VI85055
CLEANSTART-2026-VJ77782
CLEANSTART-2026-VP44686
CLEANSTART-2026-VS64679
CLEANSTART-2026-VU08393
CLEANSTART-2026-VV68546
CLEANSTART-2026-VY87942
CLEANSTART-2026-VZ85637
CLEANSTART-2026-WP10148
CLEANSTART-2026-WQ07901
CLEANSTART-2026-XR85161
CLEANSTART-2026-YC48827
CLEANSTART-2026-YL27116
CLEANSTART-2026-YQ79300
CLEANSTART-2026-YW12690
CLEANSTART-2026-ZG64300
CLEANSTART-2026-ZM84646
CVE-2025-58189
ECHO-6E83-4DCA-520D
GO-2025-4008
MGASA-2025-0256
OESA-2025-2648
OESA-2025-2649
OPENSUSE-SU-2025:15608-1
OPENSUSE-SU-2025:15609-1
OPENSUSE-SU-2025:15695-1
OPENSUSE-SU-2025:15723-1
OPENSUSE-SU-2025:20157-1
OPENSUSE-SU-2025:20158-1
OPENSUSE-SU-2026:20301-1
OPENSUSE-SU-2026:20308-1
RHSA-2026:7291
RHSA-2026:7385
SUSE-SU-2025:03547-1
SUSE-SU-2025:21192-1
SUSE-SU-2025:21193-1
SUSE-SU-2025:3682-1
SUSE-SU-2026:0296-1
SUSE-SU-2026:0297-1
SUSE-SU-2026:0298-1
SUSE-SU-2026:0308-1
SUSE-SU-2026:20623-1
SUSE-SU-2026:20629-1

Produtos afetados

Alt Linux
Debian
Red Os
Suse
Golang-1.15
Golang-1.19