Get a Demo

Let's Patch It!

Book a short call with one our specialists, we'll walk you through how Endor Patches work, and ask you a few questions about your environment (like your primary programming languages and repository management). We'll also send you an email right after you fill out the form, feel free to reply with any questions you have in advance!

CVE

CVE-2025-68121

During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed...
Back to all
CVE

CVE-2025-68121

During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed...

During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake.

Package Versions Affected

Package Version
patch Availability
No items found.

Automatically patch vulnerabilities without upgrading

Fix Without Upgrading
Detect compatible fix
Apply safe remediation
Fix with a single pull request

CVSS Version

Severity
Base Score
CVSS Version
Score Vector
C
H
U
10
-
3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
C
H
U
0
-
3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
C
H
U
-

Related Resources

No items found.

References

https://groups.google.com/g/golang-announce/c/K09ubi9FQFk, https://pkg.go.dev/vuln/GO-2026-4337, https://go.dev/issue/77217, https://go.dev/cl/737700, https://groups.google.com/g/golang-announce/c/K09ubi9FQFk, https://go.dev/issue/77217

Severity

10

CVSS Score
0
10

Basic Information

Ecosystem
Base CVSS
10
EPSS Probability
0.00016%
EPSS Percentile
0.03387%
Introduced Version
6e676ab2b809d46623acb5988248d95d1eb7939c,0
Fix Available
eaf3bc799a221cc375f188e8699c9330c1caf40a,1.24.12-r0,1.25.6-r0,1.25.7-r0,0:10.2.6-18.el9_7,0:1.25.7-1.el9_7,0:1.25.2-1.0.1.module+el8.10.0+90715+2d4d8dfd,0:1.25.7-1.module+el8.10.0+90804+12f38c29,0:1.7.1-1.amzn2.0.5,0:1.32.0-1.amzn2.0.4,0:1.24.12-1.amzn2.0.1,0:1.0.4-4.amzn2.0.4,0:0.10.1-10.amzn2.0.10,0:2.2.1-1.amzn2.0.2,0:1.3.4-2.amzn2,0:1.14.1-1.amzn2.0.1,0:0.11.0-3.amzn2,0:2.1.5-1.amzn2.0.5,0:0.12.0-1.amzn2.0.3,0:25.0.14-1.amzn2.0.2,0:0-0.7.20200504git325a340.amzn2,0:0.11.0-3.amzn2023,0:1.7.1-1.amzn2023.0.5,0:2.1.5-1.amzn2023.0.5,0:25.0.14-1.amzn2023.0.2,0:1.24.12-1.amzn2023.0.1,0:0.10.1-11.amzn2023.0.6,0:2.73-1.amzn2023.0.6,0:2.2.1-1.amzn2023.0.2,0:0-0.1.20200504git268e3bb.amzn2023.0.8,0:1.3.4-1.amzn2023.0.2,0:1.14.1-1.amzn2023.0.1,0:0.12.0-1.amzn2023.0.3

Fix Critical Vulnerabilities Instantly

Secure your app without upgrading.
Fix Without Upgrading