6.5

CVSS Score

3.1

Basic Information

CVE ID

GHSA ID

GHSA-pmc3-p9hx-jq96

EPSS Score

CWE

CWE-693

Published

4/23/2025

Updated

4/23/2025

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

GHSA-pmc3-p9hx-jq96

GHSA-pmc3-p9hx-jq96: uTLS ServerHellos are accepted without checking TLS 1.3 downgrade canaries

Description

Before version 1.7.0, utls did not implement the TLS 1.3 downgrade protection mechanism specified in RFC 8446 Section 4.1.3 when using a utls ClientHello spec. This allowed an active network adversary to downgrade TLS 1.3 connections initiated by a utls client to a lower TLS version (e.g., TLS 1.2) by modifying the ClientHello message to exclude the SupportedVersions extension, causing the server to respond with a TLS 1.2 ServerHello (along with a downgrade canary in the ServerHello random field). Because utls did not check the downgrade canary in the ServerHello random field, clients would accept the downgraded connection without detecting the attack. This attack could also be used by an active network attacker to fingerprint utls connections.

Fix Commit or Pull Request

refraction-networking/utls#337, specifically refraction-networking/utls@f8892761e2a4d29054264651d3a86fda83bc83f9

References

https://github.com/refraction-networking/utls/issues/181

(GitHub Advisory)

6.5

CVSS Score

3.1

Basic Information

CVE ID

GHSA ID

GHSA-pmc3-p9hx-jq96

EPSS Score

CWE

CWE-693

Published

4/23/2025

Updated

4/23/2025

KEV Status

Technology

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
github.com/refraction-networking/utls	go	< 1.7.0	1.7.0

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability description clearly states that utls did not implement the TLS 1.3 downgrade protection mechanism, specifically by not checking the downgrade canary in the ServerHello random field. The provided commit f8892761e2a4d29054264651d3a86fda83bc83f9 shows modifications to the u_handshake_client.go file. The patch introduces a check for these downgrade canaries within the clientHandshake method of the UConn struct. This function is where the ServerHello is processed. The absence of this check before the patch made this function vulnerable to the described downgrade attack. Therefore, (*UConn).clientHandshake is identified as the vulnerable function.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

### **s*ription ***or* v*rsion *.*.*, utls *i* not impl*m*nt t** TLS *.* *own*r*** prot**tion m****nism sp**i*i** in R** **** S**tion *.*.* w**n usin* * utls *li*nt**llo sp**. T*is *llow** *n **tiv* n*twork **v*rs*ry to *own*r*** TLS *.* *onn**tions

Reasoning

T** vuln*r**ility **s*ription *l**rly st*t*s t**t utls *i* not impl*m*nt t** TLS *.* *own*r*** prot**tion m****nism, sp**i*i**lly *y not ****kin* t** *own*r*** **n*ry in t** S*rv*r**llo r*n*om *i*l*. T** provi*** *ommit `*****************************

6.5

Basic Information

Concerned about an active attack path?

GHSA-pmc3-p9hx-jq96: uTLS ServerHellos are accepted without checking TLS 1.3 downgrade canaries

Description

Fix Commit or Pull Request

References

6.5

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI