4 matches found
CVE-2026-52814
Gogs is an open source self-hosted Git service. Prior to 0.14.3, the Gogs built-in Go SSH server is vulnerable to an unauthenticated, asymmetric Denial of Service DoS attack. The application accepts inbound TCP connections and passes them to golang.org/x/crypto/ssh.NewServerConn inside a new...
Incorrect Authorization
Overview golang.org/x/crypto/ssh is a SSH client and server Affected versions of this package are vulnerable to Incorrect Authorization. When an SSH server authentication callback returned PartialSuccessError with non-nil Permissions, those permissions were silently discarded, potentially droppin...
golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via unbounded memory consumption in GSSAPI authentication
A flaw was found in golang.org/x/crypto/ssh. An attacker can exploit this vulnerability by sending specially crafted GSSAPI Generic Security Service Application Program Interface authentication requests to an SSH Secure Shell server. The server fails to validate the number of mechanisms specified...
DEBIAN-CVE-2020-9283
golang.org/x/crypto before v0.0.0-20200220183623-bac4c82f6975 for Go allows a panic during signature verification in the golang.org/x/crypto/ssh package. A client can attack an SSH server that accepts public keys. Also, a server can attack any SSH client...