{"id":"CVE-2025-58181","details":"SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption.","aliases":["GHSA-j5w8-q4qc-rx2x","GO-2025-4134"],"modified":"2026-05-19T06:44:23.176362407Z","published":"2025-11-19T21:15:50.850Z","related":["CGA-r6rp-rr52-3cqp","SUSE-SU-2026:0439-1","SUSE-SU-2026:0592-1","SUSE-SU-2026:0666-1","SUSE-SU-2026:0772-1","SUSE-SU-2026:0777-1","SUSE-SU-2026:0972-1","SUSE-SU-2026:1118-1","SUSE-SU-2026:20176-1","SUSE-SU-2026:20244-1","SUSE-SU-2026:20357-1","SUSE-SU-2026:20539-1","SUSE-SU-2026:20578-1","SUSE-SU-2026:20651-1","SUSE-SU-2026:20694-1","SUSE-SU-2026:20904-1","openSUSE-RU-2026:20010-1","openSUSE-SU-2025:15761-1","openSUSE-SU-2025:15763-1","openSUSE-SU-2025:15771-1","openSUSE-SU-2025:15773-1","openSUSE-SU-2025:15774-1","openSUSE-SU-2025:15841-1","openSUSE-SU-2025:20143-1","openSUSE-SU-2025:20177-1","openSUSE-SU-2026:10013-1","openSUSE-SU-2026:10042-1","openSUSE-SU-2026:10127-1","openSUSE-SU-2026:10142-1","openSUSE-SU-2026:10143-1","openSUSE-SU-2026:10230-1","openSUSE-SU-2026:10232-1","openSUSE-SU-2026:10255-1","openSUSE-SU-2026:10543-1","openSUSE-SU-2026:20132-1","openSUSE-SU-2026:20249-1","openSUSE-SU-2026:20366-1","openSUSE-SU-2026:20386-1","openSUSE-SU-2026:20620-1","openSUSE-SU-2026:20730-1"],"references":[{"type":"ADVISORY","url":"https://pkg.go.dev/vuln/GO-2025-4134"},{"type":"REPORT","url":"https://go.dev/issue/76363"},{"type":"FIX","url":"https://go.dev/cl/721961"},{"type":"ARTICLE","url":"https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/golang/crypto","events":[{"introduced":"0"},{"fixed":"4e0068c0098be10d7025c99ab7c50ce454c1f0f9"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"0.45.0"}]}}],"versions":["v0.1.0","v0.10.0","v0.11.0","v0.12.0","v0.13.0","v0.14.0","v0.15.0","v0.16.0","v0.17.0","v0.18.0","v0.19.0","v0.2.0","v0.20.0","v0.21.0","v0.22.0","v0.23.0","v0.24.0","v0.25.0","v0.26.0","v0.27.0","v0.28.0","v0.29.0","v0.3.0","v0.30.0","v0.31.0","v0.32.0","v0.33.0","v0.34.0","v0.35.0","v0.36.0","v0.37.0","v0.38.0","v0.39.0","v0.4.0","v0.40.0","v0.41.0","v0.42.0","v0.43.0","v0.44.0","v0.5.0","v0.6.0","v0.7.0","v0.8.0","v0.9.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-58181.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}]}