GitHub Advisory DatabaseGHSA-8C26-WMH5-6G9Vgolang.org/x/crypto/ssh Denial of service via crafted Signer
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
0.003 Low
EPSS
Percentile
64.8%
The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to crash a server in certain circumstances involving AddHostKey.
| CPE | Name | Operator | Version |
|---|---|---|---|
| golang.org/x/crypto | lt | 0.0.0+20220314234659+1baeb1ce4c0b |
References
github.com/advisories/GHSA-8c26-wmh5-6g9v
go.dev/cl/392355
go.googlesource.com/crypto/+/1baeb1ce4c0b006eff0f294c47cb7617598dfb3d
groups.google.com/g/golang-announce
groups.google.com/g/golang-announce/c/-cp44ypCT5s
lists.fedoraproject.org/archives/list/[email protected]/message/DLUJZV3HBP56ADXU6QH2V7RNYUPMVBXQ/
lists.fedoraproject.org/archives/list/[email protected]/message/EZ3S7LB65N54HXXBCB67P4TTOHTNPP5O/
lists.fedoraproject.org/archives/list/[email protected]/message/HHGBEGJ54DZZGTXFUQNS7ZIG3E624YAF/
lists.fedoraproject.org/archives/list/[email protected]/message/J5WPM42UR6XIBQNQPNQHM32X7S4LJTRX/
lists.fedoraproject.org/archives/list/[email protected]/message/QTFOIDHQRGNI4P6LYN6ILH5G443RYYKB/
lists.fedoraproject.org/archives/list/[email protected]/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6/
lists.fedoraproject.org/archives/list/[email protected]/message/YHYRQB7TRMHDB3NEHW5XBRG7PPMUTPGV/
lists.fedoraproject.org/archives/list/[email protected]/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5/
lists.fedoraproject.org/archives/list/[email protected]/message/ZFUNHFHQVJSADNH7EZ3B53CYDZVEEPBP/
lists.fedoraproject.org/archives/list/[email protected]/message/ZQNPPQWSTP2IX7SHE6TS4SP4EVMI5EZK/
lists.fedoraproject.org/archives/list/[email protected]/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR/
nvd.nist.gov/vuln/detail/CVE-2022-27191
pkg.go.dev/vuln/GO-2021-0356
raw.githubusercontent.com/golang/vulndb/df2d3d326300e2ae768f00351ffa96cc2c56cf54/reports/GO-2021-0356.yaml
security.netapp.com/advisory/ntap-20220429-0002/
Related
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
0.003 Low
EPSS
Percentile
64.8%