From 885d60ad41dd6b1e9fd9e865c94eee0bcc9dc055 Mon Sep 17 00:00:00 2001
From: Coia Prant <coiaprant@gmail.com>
Date: Fri, 6 Feb 2026 19:14:15 +0800
Subject: [PATCH] Improve GHSA-gr56-3gp6-6gmj

---
 .../GHSA-gr56-3gp6-6gmj.json                  | 49 +++++++++++++++++--
 1 file changed, 46 insertions(+), 3 deletions(-)

diff --git a/advisories/unreviewed/2026/01/GHSA-gr56-3gp6-6gmj/GHSA-gr56-3gp6-6gmj.json b/advisories/unreviewed/2026/01/GHSA-gr56-3gp6-6gmj/GHSA-gr56-3gp6-6gmj.json
index c3dc4a9d6ae27..e6839de6adb9d 100644
--- a/advisories/unreviewed/2026/01/GHSA-gr56-3gp6-6gmj/GHSA-gr56-3gp6-6gmj.json
+++ b/advisories/unreviewed/2026/01/GHSA-gr56-3gp6-6gmj/GHSA-gr56-3gp6-6gmj.json
@@ -1,19 +1,62 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-gr56-3gp6-6gmj",
-  "modified": "2026-01-29T21:30:30Z",
+  "modified": "2026-01-29T21:31:33Z",
   "published": "2026-01-28T21:31:23Z",
   "aliases": [
     "CVE-2025-61730"
   ],
+  "summary": "Handshake messages may be processed at the incorrect encryption level in crypto/tls",
   "details": "During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries (for instance the Client Hello and Encrypted Extensions messages), the subsequent messages may be processed before the encryption level changes. This can cause some minor information disclosure if a network-local attacker can inject messages during the handshake.",
   "severity": [
     {
       "type": "CVSS_V3",
-      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "Go",
+        "name": "crypto/tls"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "1.24.12"
+            }
+          ]
+        }
+      ],
+      "database_specific": {
+        "last_known_affected_version_range": "< 1.24.11"
+      }
+    },
+    {
+      "package": {
+        "ecosystem": "Go",
+        "name": "crypto/tls"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "1.25.0"
+            },
+            {
+              "fixed": "1.25.6"
+            }
+          ]
+        }
+      ]
     }
   ],
-  "affected": [],
   "references": [
     {
       "type": "ADVISORY",