Go TLS 1.3 Handshake Message Processing Vulnerability

A vulnerability exists in the Go programming language's TLS 1.3 implementation, specifically in versions prior to 1.24.12 and between 1.25.0 and 1.25.6. During the TLS 1.3 handshake, if multiple messages are sent in records that cross encryption level boundaries, subsequent messages may be processed before the encryption level has properly changed. This issue could lead to minor information disclosure if a network-local attacker is able to inject messages during the handshake.

Impact

Exploitation of this vulnerability could result in improper handling of TLS handshake messages, potentially allowing for information disclosure.

Reproduction

To reproduce this vulnerability, initiate a TLS 1.3 handshake and send multiple messages in records that span encryption level boundaries. The first message should include the Client Hello, followed by the Encrypted Extensions. If a network-local attacker injects messages during this process, the vulnerability can be exploited.

Remediation

Users can upgrade to Go versions 1.24.12 or 1.25.6 to address this vulnerability.