{"id":"GO-2025-3487","summary":"Potential denial of service in golang.org/x/crypto","details":"SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted.","aliases":["CVE-2025-22869","GHSA-hcg3-q754-cr77"],"modified":"2026-02-05T01:28:49.657684Z","published":"2025-02-26T02:51:51Z","related":["CGA-299c-rxpx-5x42","RHSA-2025:3165","RHSA-2025:3175","RHSA-2025:3184","RHSA-2025:3185","RHSA-2025:3186","RHSA-2025:3210","RHSA-2025:3266","RHSA-2025:3268","RHSA-2025:3336","RHSA-2025:3685","RHSA-2025:3833","RHSA-2025:7391","RHSA-2025:7416","RHSA-2025:7462","RHSA-2025:7484"],"database_specific":{"review_status":"REVIEWED","url":"https://pkg.go.dev/vuln/GO-2025-3487"},"references":[{"type":"FIX","url":"https://go.dev/cl/652135"},{"type":"REPORT","url":"https://go.dev/issue/71931"}],"affected":[{"package":{"name":"golang.org/x/crypto","ecosystem":"Go","purl":"pkg:golang/golang.org/x/crypto"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"0.35.0"}]}],"ecosystem_specific":{"imports":[{"path":"golang.org/x/crypto/ssh","symbols":["Client.Dial","Client.DialContext","Client.DialTCP","Client.Listen","Client.ListenTCP","Client.ListenUnix","Client.NewSession","Dial","DiscardRequests","NewClient","NewClientConn","NewServerConn","Request.Reply","Session.Close","Session.CombinedOutput","Session.Output","Session.RequestPty","Session.RequestSubsystem","Session.Run","Session.SendRequest","Session.Setenv","Session.Shell","Session.Signal","Session.Start","Session.WindowChange","channel.Accept","channel.Close","channel.CloseWrite","channel.Read","channel.ReadExtended","channel.Reject","channel.SendRequest","channel.Write","channel.WriteExtended","connection.SendAuthBanner","curve25519sha256.Client","curve25519sha256.Server","dhGEXSHA.Client","dhGEXSHA.Server","dhGroup.Client","dhGroup.Server","ecdh.Client","ecdh.Server","extChannel.Read","extChannel.Write","handshakeTransport.kexLoop","handshakeTransport.recordWriteError","handshakeTransport.writePacket","mux.OpenChannel","mux.SendRequest","newHandshakeTransport","sessionStdin.Close","sshClientKeyboardInteractive.Challenge","tcpListener.Accept","tcpListener.Close","unixListener.Accept","unixListener.Close"]}]},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2025-3487.json"}}],"schema_version":"1.7.3","credits":[{"name":"Yuichi Watanabe"}]}