Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
Delve Update Fixes Multiple Security Risks
ALSA-2026:3864
Summary
Update Delve to the latest version to prevent a malicious certificate from causing a denial of service, fix a memory leak when parsing URL query parameters, and resolve an issue with unexpected TLS session resumptions. These vulnerabilities can be exploited by attackers to disrupt or compromise your system. Apply the update as soon as possible to ensure the security of your Go development environment.
What to do
- Update almalinux delve to version 1.25.2-2.el10_1.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| almalinux | delve | <= 1.25.2-2.el10_1 | 1.25.2-2.el10_1 |
Original title
Important: delve security update
Original description
Delve is a debugger for the Go programming language. The goal of the project is to provide a simple, full featured debugging tool for Go. Delve should be easy to invoke and easy to use. Chances are if you're using a debugger, things aren't going your way. With that in mind, Delve should stay out of your way as much as possible.
Security Fix(es):
* crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate (CVE-2025-61729)
* golang: net/url: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)
* crypto/tls: Unexpected session resumption in crypto/tls (CVE-2025-68121)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Security Fix(es):
* crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate (CVE-2025-61729)
* golang: net/url: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)
* crypto/tls: Unexpected session resumption in crypto/tls (CVE-2025-68121)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- https://access.redhat.com/errata/RHSA-2026:3864 Vendor Advisory
- https://access.redhat.com/security/cve/CVE-2025-61726 Third Party Advisory
- https://access.redhat.com/security/cve/CVE-2025-61729 Third Party Advisory
- https://access.redhat.com/security/cve/CVE-2025-68121 Third Party Advisory
- https://bugzilla.redhat.com/2418462 Third Party Advisory
- https://bugzilla.redhat.com/2434432 Third Party Advisory
- https://bugzilla.redhat.com/2437111 Third Party Advisory
- https://errata.almalinux.org/10/ALSA-2026-3864.html Vendor Advisory
Published: 5 Mar 2026 · Updated: 13 Mar 2026 · First seen: 13 Mar 2026