Detections
Analytics

EulerOS 2.0 SP13 : golang (EulerOS-SA-2026-1221)

medium Nessus Plugin ID 297607

Synopsis

The remote EulerOS host is missing multiple security updates.

Description

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

 The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs.(CVE-2025-61723)

 Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion.(CVE-2025-58185)

 When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information (the ALPN protocols sent by the client) which is not escaped.(CVE-2025-58189)

Tenable has extracted the preceding description block directly from the EulerOS golang security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected golang packages.

See Also

http://www.nessus.org/u?dd0fe81e

Plugin Details

Severity: Medium

ID: 297607

File Name: EulerOS_SA-2026-1221.nasl

Version: 1.1

Type: local

Published: 2/2/2026

Updated: 2/2/2026

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Medium

Base Score: 6.4

Temporal Score: 4.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N

CVSS Score Source: CVE-2025-61723

CVSS v3

Risk Factor: Medium

Base Score: 5.3

Temporal Score: 4.6

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

CVSS Score Source: CVE-2025-58189

Vulnerability Information

CPE: p-cpe:/a:huawei:euleros:golang-devel, cpe:/o:huawei:euleros:2.0, p-cpe:/a:huawei:euleros:golang, p-cpe:/a:huawei:euleros:golang-help

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/EulerOS/release, Host/EulerOS/rpm-list, Host/EulerOS/sp

Excluded KB Items: Host/EulerOS/uvp_version

Exploit Ease: No known exploits are available

Patch Publication Date: 2/2/2026

Vulnerability Publication Date: 10/23/2025

Reference Information

CVE: CVE-2025-58185, CVE-2025-58189, CVE-2025-61723

IAVB: 2025-B-0177-S