Lucene search
K

27 matches found

Redos
Redos
added 6 days ago6 views

ROS-20260710-73-0004

The vulnerability of the url.Parse function in the host/authority component of the Go programming language is related to improper syntax validation of input. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely...

7.5CVSS6.3AI score0.0052EPSS
Exploits0
RedHat Linux
RedHat Linux
added last week7 views

golang.org/x/crypto/ssh: golang: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate

A flaw was found in golang.org/x/crypto/ssh. SSH servers configured to use CertChecker as a public key callback, without explicitly setting IsUserAuthority or IsHostAuthority, are vulnerable. A remote attacker can exploit this by presenting a specially crafted certificate, causing the server to...

7.5CVSS5.9AI score0.00394EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/07/08 3:52 p.m.4 views

golang.org/x/crypto/ssh: golang: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate

A flaw was found in golang.org/x/crypto/ssh. SSH servers configured to use CertChecker as a public key callback, without explicitly setting IsUserAuthority or IsHostAuthority, are vulnerable. A remote attacker can exploit this by presenting a specially crafted certificate, causing the server to...

7.5CVSS6AI score0.00394EPSS
Exploits0References8
EUVD
EUVD
added 2026/06/25 10:15 p.m.12 views

EUVD-2026-31393

golang.org/x/crypto/ssh is vulnerable to invoking server panic during CheckHostKey/Authenticate flow...

5.3CVSS5.8AI score0.00394EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/06/25 10:0 a.m.4 views

net/url: Incorrect parsing of IPv6 host literals in net/url

The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...

7.5CVSS7.3AI score0.0052EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/06/22 9:1 p.m.7 views

net/url: Incorrect parsing of IPv6 host literals in net/url

The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...

7.5CVSS7.4AI score0.0052EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/05/22 2:31 a.m.85 views

CVE-2026-39835 Invoking server panic during CheckHostKey/Authenticate in golang.org/x/crypto/ssh

SSH servers which use CertChecker as a public key callback without setting IsUserAuthority or IsHostAuthority could be caused to panic by a client presenting a certificate. CertChecker now returns an error instead of panicking when these callbacks are nil...

0.00394EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/22 2:31 a.m.8 views

CVE-2026-39835

SSH servers which use CertChecker as a public key callback without setting IsUserAuthority or IsHostAuthority could be caused to panic by a client presenting a certificate. CertChecker now returns an error instead of panicking when these callbacks are nil...

5.8AI score0.00394EPSS
Exploits0References5
CVE
CVE
added 2026/05/22 2:31 a.m.64 views

CVE-2026-39835

CVE-2026-39835 affects golang.org/x/crypto/ssh where CertChecker used as a public key callback could panic if IsUserAuthority or IsHostAuthority callbacks were nil during a client certificate authentication flow. The concrete fix implemented is that CertChecker now returns an error instead of pan...

7.5CVSS5.8AI score0.00394EPSS
Exploits0References27Affected Software1
OSV
OSV
added 2026/05/22 2:8 a.m.10 views

GO-2026-5015 Invoking server panic during CheckHostKey/Authenticate in golang.org/x/crypto/ssh

SSH servers which use CertChecker as a public key callback without setting IsUserAuthority or IsHostAuthority could be caused to panic by a client presenting a certificate. CertChecker now returns an error instead of panicking when these callbacks are nil...

7.5CVSS5.8AI score0.00394EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/05/19 6:25 p.m.15 views

net/url: Incorrect parsing of IPv6 host literals in net/url

The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...

7.5CVSS7.3AI score0.0052EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/05/19 4:19 p.m.17 views

net/url: Incorrect parsing of IPv6 host literals in net/url

The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...

7.5CVSS7.3AI score0.0052EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/05/19 4:15 p.m.18 views

net/url: Incorrect parsing of IPv6 host literals in net/url

The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...

7.5CVSS7.3AI score0.0052EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/05/19 1:17 p.m.21 views

net/url: Incorrect parsing of IPv6 host literals in net/url

The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...

7.5CVSS7.3AI score0.0052EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/04/30 3:3 a.m.15 views

net/url: Incorrect parsing of IPv6 host literals in net/url

The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...

7.5CVSS7.9AI score0.0052EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/04/20 5:0 p.m.18 views

net/url: Incorrect parsing of IPv6 host literals in net/url

The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...

7.5CVSS5.8AI score0.0052EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/04/20 2:38 a.m.9 views

net/url: Incorrect parsing of IPv6 host literals in net/url

The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...

7.5CVSS7.4AI score0.0052EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/04/20 1:22 a.m.13 views

net/url: Incorrect parsing of IPv6 host literals in net/url

The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...

7.5CVSS5.8AI score0.0052EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/04/15 3:31 p.m.6 views

net/url: Incorrect parsing of IPv6 host literals in net/url

The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...

7.5CVSS7.2AI score0.0052EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/04/13 2:53 a.m.11 views

net/url: Incorrect parsing of IPv6 host literals in net/url

The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...

7.5CVSS7.2AI score0.0052EPSS
Exploits0References8
Rows per page
Query Builder