golang›github.com/microsoft/go-crypto-winnative›CVE-2025-251997.5 HIGHgo-crypto-winnative BCryptGenerateSymmetricKey memory leakCalls to cng.TLS1PRF don't release the key handle, producing a small memory leak every time.