Lucene search
K

10 matches found

Github Security Blog
Github Security Blog
added 2026/06/25 10:15 p.m.8 views

golang.org/x/crypto is vulnerable to invoking server panic during CheckHostKey/Authenticate flow

SSH servers which use CertChecker as a public key callback without setting IsUserAuthority or IsHostAuthority could be caused to panic by a client presenting a certificate. CertChecker now returns an error instead of panicking when these callbacks are nil...

7.5CVSS6AI score0.00394EPSS
Exploits0References29Affected Software1
EUVD
EUVD
added 2026/06/25 10:15 p.m.12 views

EUVD-2026-31393

golang.org/x/crypto/ssh is vulnerable to invoking server panic during CheckHostKey/Authenticate flow...

5.3CVSS5.8AI score0.00394EPSS
Exploits0References6
OSV
OSV
added 2026/06/25 10:15 p.m.2 views

GHSA-78MQ-XCR3-XM33 golang.org/x/crypto is vulnerable to invoking server panic during CheckHostKey/Authenticate flow

SSH servers which use CertChecker as a public key callback without setting IsUserAuthority or IsHostAuthority could be caused to panic by a client presenting a certificate. CertChecker now returns an error instead of panicking when these callbacks are nil...

5.3CVSS6AI score0.00394EPSS
Exploits0References29
RedhatCVE
RedhatCVE
added 2026/06/05 7:44 p.m.10 views

CVE-2026-39835

A flaw was found in golang.org/x/crypto/ssh. SSH servers configured to use CertChecker as a public key callback, without explicitly setting IsUserAuthority or IsHostAuthority, are vulnerable. A remote attacker can exploit this by presenting a specially crafted certificate, causing the server to...

7.5CVSS5.7AI score0.00394EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/06/02 12:0 a.m.13 views

Azure Linux 3.0 Security Update: CBL-Mariner Releases (CVE-2026-39835)

The version of CBL-Mariner Releases installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2026-39835 advisory. - SSH servers which use CertChecker as a public key callback without setting IsUserAuthority or...

7.5CVSS5.6AI score0.00394EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/25 12:0 a.m.13 views

Linux Distros Unpatched Vulnerability : CVE-2026-39835

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SSH servers which use CertChecker as a public key callback without setting IsUserAuthority or IsHostAuthority could be caused to panic by a client presenting a...

7.5CVSS6AI score0.00394EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/05/23 1:29 a.m.28 views

SUSE CVE-2026-39835

SSH servers which use CertChecker as a public key callback without setting IsUserAuthority or IsHostAuthority could be caused to panic by a client presenting a certificate. CertChecker now returns an error instead of panicking when these callbacks are nil...

7.5CVSS5.8AI score0.00394EPSS
Exploits0References31
OSV
OSV
added 2026/05/22 2:31 a.m.3 views

CVE-2026-39835 Invoking server panic during CheckHostKey/Authenticate in golang.org/x/crypto/ssh

SSH servers which use CertChecker as a public key callback without setting IsUserAuthority or IsHostAuthority could be caused to panic by a client presenting a certificate. CertChecker now returns an error instead of panicking when these callbacks are nil...

5.3CVSS6AI score0.00394EPSS
Exploits0References30
Cvelist
Cvelist
added 2026/05/22 2:31 a.m.85 views

CVE-2026-39835 Invoking server panic during CheckHostKey/Authenticate in golang.org/x/crypto/ssh

SSH servers which use CertChecker as a public key callback without setting IsUserAuthority or IsHostAuthority could be caused to panic by a client presenting a certificate. CertChecker now returns an error instead of panicking when these callbacks are nil...

0.00394EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/22 12:0 a.m.20 views

PT-2026-42714

Name of the Vulnerable Software and Affected Versions SSH servers affected versions not specified Description SSH servers using CertChecker as a public key callback may experience a panic when a client presents a certificate if IsUserAuthority or IsHostAuthority are not set. A panic is a critical...

7.5CVSS5.8AI score0.00394EPSS
Exploits0
Rows per page
Query Builder