Uncaught Exception

Overview github.com/golang/crypto/ssh is a SSH client and server Affected versions of this package are vulnerable to Uncaught Exception in the CertChecker component when used as a public key callback without setting IsUserAuthority or IsHostAuthority. An attacker can cause the server to panic by...

Allocation of Resources Without Limits or Throttling

Overview github.com/golang/crypto/ssh is a SSH client and server Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the public key parsers. An attacker can exhaust CPU resources by submitting crafted RSA or DSA public keys with excessively...

crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages

A flaw was found in the crypto/tls package within the Go golang standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock,...

crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages

A flaw was found in the crypto/tls package within the Go golang standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock,...

crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages

A flaw was found in the crypto/tls package within the Go golang standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock,...

crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages

A flaw was found in the crypto/tls package within the Go golang standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock,...

crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages

A flaw was found in the crypto/tls package within the Go golang standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock,...

Merkle Tree Certificate Post-Quantum PKI for Kubernetes and Cloud-Native 5G/B5G Core

Post-quantum signature schemes such as ML-DSA-65 produce signatures of 3,309 bytes and public keys of 1,952 bytes over 50 times larger than classical Ed25519. In TLS-authenticated environments like Kubernetes control planes and 5G Core networks, where every inter-component connection is mutually...

RockyLinux 10 : buildah (RLSA-2026:0436)

The remote RockyLinux 10 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:0436 advisory. golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSHAGENTSUCCESS CVE-2025-47913 Tenable has extracted the precedi...

USN-7956-1: Google Guest Agent vulnerability

Jakub Ciolek discovered that the Go Cryptography module included in Google Guest Agent did not validate GSSAPI authentication requests during SSH operations. An attacker could possibly use this issue to cause a denial of service...

The 2025 Go Cryptography State of the Union

This past August, I delivered my traditional Go Cryptography State of the Union talk at GopherCon US 2025 in New York. It goes into everything that happened at the intersection of Go and cryptography over the last year. You can watch the video with manually edited subtitles, for my fellow subtitl...

Ubuntu: Security Advisory (USN-7839-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-7839-2 google-guest-agent vulnerability

USN-7839-1 fixed vulnerabilities in Go Cryptography. This update provides the corresponding update in the Go Cryptography module included in Google Guest Agent. Original advisory details: Damien Tournoud, Patrick Dawkins, Vince Parker, and Jules Duvivier discovered that Go Cryptography incorrectl...

USN-7839-2: Google Guest Agent vulnerability

USN-7839-1 fixed vulnerabilities in Go Cryptography. This update provides the corresponding update in the Go Cryptography module included in Google Guest Agent. Original advisory details: Damien Tournoud, Patrick Dawkins, Vince Parker, and Jules Duvivier discovered that Go Cryptography incorrectl...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS : Go Cryptography vulnerability (USN-7839-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-7839-1 advisory. Damien Tournoud, Patrick Dawkins, Vince Parker, and Jules Duvivier discovered that Go Cryptography incorrectly...

USN-7839-1 golang-go.crypto vulnerability

Damien Tournoud, Patrick Dawkins, Vince Parker, and Jules Duvivier discovered that Go Cryptography incorrectly handled public keys during SSH operations. An attacker could possibly use this issue to bypass authorization mechanisms...

USN-7839-1: Go Cryptography vulnerability

Damien Tournoud, Patrick Dawkins, Vince Parker, and Jules Duvivier discovered that Go Cryptography incorrectly handled public keys during SSH operations. An attacker could possibly use this issue to bypass authorization mechanisms...

EUVD-2022-28738

Malicious code in bioql PyPI...

EUVD-2022-5700

Malicious code in bioql PyPI...

EUVD-2022-5096

Malicious code in bioql PyPI...