Skip to content

CVE Fix for x-crypto component in caddy #672

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
bunnichx wants to merge 1 commit into
base: 3.0-dev
Choose a base branch
from
Open

CVE Fix for x-crypto component in caddy #672

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
53 changes: 53 additions & 0 deletions SPECS/caddy/CVE-2025-58181.patch
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,53 @@
From e79546e28b85ea53dd37afe1c4102746ef553b9c Mon Sep 17 00:00:00 2001
From: Neal Patel <[email protected]>
Date: Wed, 19 Nov 2025 13:35:12 -0500
Subject: [PATCH] ssh: curb GSSAPI DoS risk by limiting number of specified
OIDs

Previously, an attacker could specify an integer up to 0xFFFFFFFF
that would directly allocate memory despite the observability of
the rest of the payload. This change places a hard cap on the
amount of mechanisms that can be specified and encoded in the
payload. Additionally, it performs a small sanity check to deny
payloads whose stated size is contradictory to the observed payload.

Thank you to Jakub Ciolek for reporting this issue.

Fixes CVE-2025-58181
Fixes golang/go#76363

Change-Id: I0307ab3e906a3f2ae763b5f9f0310f7073f84485
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/721961
Auto-Submit: Roland Shoemaker <[email protected]>
Reviewed-by: Damien Neil <[email protected]>
LUCI-TryBot-Result: Go LUCI <[email protected]>
---
vendor/golang.org/x/crypto/ssh/ssh_gss.go | 8 +++++++-
1 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/vendor/golang.org/x/crypto//ssh/ssh_gss.go b/vendor/golang.org/x/crypto/ssh/ssh_gss.go
index 24bd7c8e83..a6249a1227 100644
--- a/vendor/golang.org/x/crypto/ssh/ssh_gss.go
+++ b/vendor/golang.org/x/crypto/ssh/ssh_gss.go
@@ -106,6 +106,13 @@ func parseGSSAPIPayload(payload []byte) (*userAuthRequestGSSAPI, error) {
if !ok {
return nil, errors.New("parse uint32 failed")
}
+ // Each ASN.1 encoded OID must have a minimum
+ // of 2 bytes; 64 maximum mechanisms is an
+ // arbitrary, but reasonable ceiling.
+ const maxMechs = 64
+ if n > maxMechs || int(n)*2 > len(rest) {
+ return nil, errors.New("invalid mechanism count")
+ }
s := &userAuthRequestGSSAPI{
N: n,
OIDS: make([]asn1.ObjectIdentifier, n),
@@ -122,7 +129,6 @@ func parseGSSAPIPayload(payload []byte) (*userAuthRequestGSSAPI, error) {
if rest, err = asn1.Unmarshal(desiredMech, &s.OIDS[i]); err != nil {
return nil, err
}
-
}
return s, nil
}
6 changes: 5 additions & 1 deletion SPECS/caddy/caddy.spec
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
Summary: Web server with automatic HTTPS
Name: caddy
Version: 2.9.1
Release: 13%{?dist}
Release: 15%{?dist}
Distribution: Edge Microvisor Toolkit
Vendor: Intel Corporation
# main source code is Apache-2.0
Expand All @@ -30,6 +30,7 @@ Patch1: 0001-Disable-commands-that-can-alter-the-binary.patch
Patch2: CVE-2025-22869.patch
Patch3: CVE-2024-45339.patch
Patch4: CVE-2025-22872.patch
Patch5: CVE-2025-58181.patch
BuildRequires: go-rpm-macros
# https://github.com/caddyserver/caddy/commit/2028da4e74cd41f0f7f94222c6599da1a371d4b8
BuildRequires: golang >= 1.24.4
Expand Down Expand Up @@ -453,6 +454,9 @@ fi
%{_datadir}/fish/vendor_completions.d/caddy.fish

%changelog
* Fri Jan 09 2026 Basavarajx unniche <[email protected]> - 2.9.1-15
- Include patch for CVE-2025-58181.

* Tue DEc 16 2025 Andy <[email protected]> - 2.9.1-14
- Update go version to use below 1.25

Expand Down
Loading