Lucene search
K

6 matches found

RedHat Linux
RedHat Linux
added 6 days ago4 views

golang.org/x/crypto/ssh: golang: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate

A flaw was found in golang.org/x/crypto/ssh. SSH servers configured to use CertChecker as a public key callback, without explicitly setting IsUserAuthority or IsHostAuthority, are vulnerable. A remote attacker can exploit this by presenting a specially crafted certificate, causing the server to...

7.5CVSS6AI score0.00394EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/06/05 7:44 p.m.10 views

CVE-2026-39835

A flaw was found in golang.org/x/crypto/ssh. SSH servers configured to use CertChecker as a public key callback, without explicitly setting IsUserAuthority or IsHostAuthority, are vulnerable. A remote attacker can exploit this by presenting a specially crafted certificate, causing the server to...

7.5CVSS5.7AI score0.00394EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/05/22 2:31 a.m.9 views

CVE-2026-39835 Invoking server panic during CheckHostKey/Authenticate in golang.org/x/crypto/ssh

SSH servers which use CertChecker as a public key callback without setting IsUserAuthority or IsHostAuthority could be caused to panic by a client presenting a certificate. CertChecker now returns an error instead of panicking when these callbacks are nil...

5.8AI score0.00394EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/22 2:31 a.m.8 views

CVE-2026-39835

SSH servers which use CertChecker as a public key callback without setting IsUserAuthority or IsHostAuthority could be caused to panic by a client presenting a certificate. CertChecker now returns an error instead of panicking when these callbacks are nil...

5.8AI score0.00394EPSS
Exploits0References5
CVE
CVE
added 2026/05/22 2:31 a.m.59 views

CVE-2026-39835

CVE-2026-39835 affects golang.org/x/crypto/ssh where CertChecker used as a public key callback could panic if IsUserAuthority or IsHostAuthority callbacks were nil during a client certificate authentication flow. The concrete fix implemented is that CertChecker now returns an error instead of pan...

7.5CVSS5.8AI score0.00394EPSS
Exploits0References27Affected Software1
OSV
OSV
added 2026/05/22 2:8 a.m.9 views

GO-2026-5015 Invoking server panic during CheckHostKey/Authenticate in golang.org/x/crypto/ssh

SSH servers which use CertChecker as a public key callback without setting IsUserAuthority or IsHostAuthority could be caused to panic by a client presenting a certificate. CertChecker now returns an error instead of panicking when these callbacks are nil...

7.5CVSS5.8AI score0.00394EPSS
Exploits0References3
Rows per page
Query Builder