fix(deps): update module golang.org/x/crypto to v0.35.0 [security]
This MR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| golang.org/x/crypto | require | minor |
v0.32.0 -> v0.35.0
|
Potential denial of service in golang.org/x/crypto
CVE-2025-22869 / GHSA-hcg3-q754-cr77 / GO-2025-3487
More information
Details
SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted.
Severity
Unknown
References
This data is provided by OSV and the Go Vulnerability Database (CC-BY 4.0).
golang.org/x/crypto Vulnerable to Denial of Service (DoS) via Slow or Incomplete Key Exchange
CVE-2025-22869 / GHSA-hcg3-q754-cr77 / GO-2025-3487
More information
Details
SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted.
Severity
- CVSS Score: 7.5 / 10 (High)
- Vector String:
CVSS:3.1/AV:N/AC:L/MR:N/UI:N/S:U/C:N/I:N/A:H
References
- https://nvd.nist.gov/vuln/detail/CVE-2025-22869
- https://github.com/golang/crypto/commit/7292932d45d55c7199324ab0027cc86e8198aa22
- https://github.com/golang/crypto
- https://go-review.googlesource.com/c/crypto/+/652135
- https://go.dev/cl/652135
- https://go.dev/issue/71931
- https://pkg.go.dev/vuln/GO-2025-3487
- https://security.netapp.com/advisory/ntap-20250411-0010
This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).
Configuration
-
If you want to rebase/retry this MR, check this box
This MR has been generated by Renovate Bot.