vulnerability

Amazon Linux 2023: CVE-2025-58181: Medium priority package update for runfinch-finch (Multiple Advisories)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:N/AC:L/Au:N/C:N/I:N/A:P)	Nov 19, 2025	Jan 12, 2026	Feb 10, 2026

Severity

CVSS

(AV:N/AC:L/Au:N/C:N/I:N/A:P)

Published

Nov 19, 2025

Added

Jan 12, 2026

Modified

Feb 10, 2026

Description

SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption.

Solutions

amazon-linux-2023-upgrade-amazon-cloudwatch-agentamazon-linux-2023-upgrade-nerdctlamazon-linux-2023-upgrade-runfinch-finch

References

CVE-2025-58181
https://attackerkb.com/topics/CVE-2025-58181
URL-https://alas.aws.amazon.com/AL2023/ALAS-2025-1336.html
URL-https://alas.aws.amazon.com/AL2023/ALAS-2025-1358.html
URL-https://alas.aws.amazon.com/AL2023/ALAS-2026-1400.html
CWE-770

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today