CVE-2026-27017

NameCVE-2026-27017
DescriptionuTLS is a fork of crypto/tls, created to customize ClientHello for fin ...
SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
golang-refraction-networking-utls (PTS)bullseye0.0~git20201210.2179f28-1fixed
bookworm1.2.1-2fixed
forky, sid, trixie1.2.1-3.1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
golang-refraction-networking-utlssource(unstable)(not affected)

Notes

- golang-refraction-networking-utls <not-affected> (Vulnerable code introduced later)
https://github.com/refraction-networking/utls/security/advisories/GHSA-7m29-f4hw-g2vx
Introduced after: https://github.com/refraction-networking/utls/commit/b4de442d0250c0f55d8873d95e589ff9206a3ae7 (v1.6.0)
Fixed by: https://github.com/refraction-networking/utls/commit/24bd1e05a788c1add7f3037f4532ea552b2cee07 (v1.8.1)
Search for package or bug name: Reporting problems