16 matches found
EUVD-2026-31389
golang.org/x/crypto/ssh/agent doesn't enforce invoking key constraints...
GHSA-JPPX-RXG9-JMRX golang.org/x/crypto doesn't enforce invoking key constraints
The in-memory keyring returned by NewKeyring silently accepted keys with the ConfirmBeforeUse constraint but never enforced it. The key would sign without any confirmation prompt, with no indication to the caller that the constraint was not in effect. NewKeyring now returns an error when...
golang.org/x/crypto doesn't enforce invoking key constraints
The in-memory keyring returned by NewKeyring silently accepted keys with the ConfirmBeforeUse constraint but never enforced it. The key would sign without any confirmation prompt, with no indication to the caller that the constraint was not in effect. NewKeyring now returns an error when...
Important: rclone
Issue Overview: The RSA and DSA public key parsers did not enforce size limits on key parameters. A crafted public key with an excessively large modulus or DSA parameter could cause several minutes of CPU consumption during signature verification. This could be triggered by unauthenticated client...
CVE-2026-39833
A flaw was found in golang.org/x/crypto/ssh/agent. The NewKeyring function, which creates an in-memory keyring, failed to enforce the ConfirmBeforeUse constraint on keys. This allowed keys configured to require user confirmation before use to perform signing operations without any prompt or...
Linux Distros Unpatched Vulnerability : CVE-2026-39833
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The in-memory keyring returned by NewKeyring silently accepted keys with the ConfirmBeforeUse constraint but never enforced it. The key would sign without any...
SUSE CVE-2026-39833
The in-memory keyring returned by NewKeyring silently accepted keys with the ConfirmBeforeUse constraint but never enforced it. The key would sign without any confirmation prompt, with no indication to the caller that the constraint was not in effect. NewKeyring now returns an error when...
Missing Authorization
Overview Affected versions of this package are vulnerable to Missing Authorization due to the NewKeyring function not enforcing the ConfirmBeforeUse constraint. An attacker can perform unauthorized signing operations by adding keys with constraints that are silently ignored. Remediation Upgrade...
CVE-2026-39833
The in-memory keyring returned by NewKeyring silently accepted keys with the ConfirmBeforeUse constraint but never enforced it. The key would sign without any confirmation prompt, with no indication to the caller that the constraint was not in effect. NewKeyring now returns an error when...
CVE-2026-39833
The CVE-2026-39833 issue affects the in-memory keyring used by golang.org/x/crypto/ssh/agent. The ConfirmBeforeUse constraint was silently accepted but not enforced by NewKeyring(), allowing keys to sign without a required confirmation prompt and without notifying the caller. The patch fixes this...
CVE-2026-39833 Invoking key constraints not enforced in golang.org/x/crypto/ssh/agent
The in-memory keyring returned by NewKeyring silently accepted keys with the ConfirmBeforeUse constraint but never enforced it. The key would sign without any confirmation prompt, with no indication to the caller that the constraint was not in effect. NewKeyring now returns an error when...
CVE-2026-39833
The in-memory keyring returned by NewKeyring silently accepted keys with the ConfirmBeforeUse constraint but never enforced it. The key would sign without any confirmation prompt, with no indication to the caller that the constraint was not in effect. NewKeyring now returns an error when...
CVE-2026-39833 Invoking key constraints not enforced in golang.org/x/crypto/ssh/agent
The in-memory keyring returned by NewKeyring silently accepted keys with the ConfirmBeforeUse constraint but never enforced it. The key would sign without any confirmation prompt, with no indication to the caller that the constraint was not in effect. NewKeyring now returns an error when...
GO-2026-5005 Invoking key constraints not enforced in golang.org/x/crypto/ssh/agent
The in-memory keyring returned by NewKeyring silently accepted keys with the ConfirmBeforeUse constraint but never enforced it. The key would sign without any confirmation prompt, with no indication to the caller that the constraint was not in effect. NewKeyring now returns an error when...
Google Go 安全漏洞
Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from the American company Google. There is a security vulnerability in Google Go, which stems from keys that accept the ConfirmBeforeUse constraint but never enforce it, resulting in...
PT-2026-42712
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description The in-memory keyring returned by the NewKeyring function silently accepted keys with the ConfirmBeforeUse constraint but failed to enforce it. This allowed keys...