DEBIAN-CVE-2025-61728

DEBIAN-CVE-2025-61728 PUBLISHED CVSS 6.5 MEDIUM

archive/zip uses a super-linear file name indexing algorithm that is invoked the first time a file in an archive is opened. This can lead to a denial of service when consuming a maliciously constructed ZIP archive.

Risk Scores

CVSS v3.1

6.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Affected Products

Vendor	Product	Versions
Debian:13	golang-1.24	0, 1.24.9-1, 1.24.8-1
Debian:14	golang-1.25	1.25.0-1, 0, 1.25.0-2
Debian:12	golang-1.19	1.19.10-1, 0, 1.19.12-1

Timeline

Jan 28, 2026 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2025-61728 advisory

Open in Interactive Console →