Correction: The current official patch is not CL 735051 See https://go.dev/issue/77113
Coia Prant <[email protected]> 于2026年1月18日周日 00:20写道: > > Hi, > > I am the original reporter of the vulnerabilities recently addressed > in Go 1.25.6/1.24.x (CVE-2025-61730, CVE-2025-68121). > > I am writing to inform the community that the official fix provided by > the Go security team is critically flawed and causes significant > regressions in the networking ecosystem (notably breaking quic-go). > > 1. Missing Root Cause in Official Advisory > > The official advisory attributes the risk to "misuse of APIs," but the > root cause is a fundamental logic error in Go's TLS 1.3 state machine > during session resumption. > > Specifically, it fails to re-validate the identity of the trust anchor > when a session is resumed, allowing for Cross-CA certificate bypass. > > 2. Flawed Patch Implementation > > The current official patch (CL 735051) contains amateurish errors that > undermine its effectiveness: > > Incorrect Indexing: It attempts to verify peerCertificates instead of > the verifiedChain (that include RootCA). > > Ecosystem Breakage: By aggressively blocking Config.Clone logic to > "fix" the issue, it has paralyzed 0-RTT and session resumption in the > QUIC ecosystem. > > 3. Proposed O(1) Solution > > I have proposed a far more elegant solution that performs a > constant-time SHA-224 fingerprint check of the root CA. > > This fixes the vulnerability without breaking the Config.Clone > semantics or performance. > > Details and Discussion: > > https://github.com/golang/go/issues/77217 > > I encourage downstream maintainers (SUSE, Red Hat, Debian) to review > the fix before deploying it to mission-critical infrastructure. > > Best regards, > Coia Prant (rbqvq)
