15 matches found
Missing Release of Resource after Effective Lifetime
Overview github.com/golang/crypto/ssh is a SSH client and server Affected versions of this package are vulnerable to Missing Release of Resource after Effective Lifetime through the repeated opening of channels by an authenticated SSH client that are subsequently rejected by the server. An attack...
Missing Release of Resource after Effective Lifetime
Overview golang.org/x/crypto/ssh is a SSH client and server Affected versions of this package are vulnerable to Missing Release of Resource after Effective Lifetime through the repeated opening of channels by an authenticated SSH client that are subsequently rejected by the server. An attacker ca...
Incorrect Type Conversion or Cast
Overview github.com/golang/crypto/ssh is a SSH client and server Affected versions of this package are vulnerable to Incorrect Type Conversion or Cast due to an incorrectly placed cast from bytes to int in the AES-GCM packet decoder process. An attacker can cause a server-side panic by sending...
Incorrect Authorization
Overview github.com/golang/crypto/ssh is a SSH client and server Affected versions of this package are vulnerable to Incorrect Authorization due to improper enforcement of permissions in the VerifiedPublicKeyCallback process. An attacker can bypass source-address validation by passing a callback...
CVE-2026-39827 Invoking memory leak when rejecting channels can lead to DoS in golang.org/x/crypto/ssh
An authenticated SSH client that repeatedly opened channels which were rejected by the server caused unbounded memory growth, eventually crashing the server process and affecting all connected users. Rejected channels are now properly removed from the connection's internal state and released for...
RHEL 9 : podman (RHSA-2026:5222)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:5222 advisory. The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods...
MiracleLinux 9 : buildah-1.41.8-1.el9_7 (AXSA:2026-029:01)
The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2026-029:01 advisory. golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSHAGENTSUCCESS CVE-2025-47913 Tenable has extracted the...
CVE-2025-47914 Malformed constraint may cause denial of service in golang.org/x/crypto/ssh/agent
SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read...
podman security update
An update is available for podman. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The podman tool manages pods, container images, and containers. It is part of...
RLSA-2025:7462 Important: podman security update
The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes. Security Fixes: go-jose: Go JOSE's Parsing Vulnerable to Denial of Service CVE-2025-27144...
SUSE-SU-2025:1018-1 Security update for buildah
This update for buildah fixes the following issues: - CVE-2025-22869: Fixed Denial of Service in the Key Exchange of golang.org/x/crypto/ssh bsc1239339...
CVE-2021-43565
The x/crypto/ssh package before 0.0.0-20211202192323-5770296d904e of golang.org/x/crypto allows an attacker to panic an SSH server...
AZL-43344 CVE-2021-43565 affecting package moby-buildx for versions less than 0.7.1-20
The x/crypto/ssh package before 0.0.0-20211202192323-5770296d904e of golang.org/x/crypto allows an attacker to panic an SSH server...
UBUNTU-CVE-2022-27191
The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to crash a server in certain circumstances involving AddHostKey...
DEBIAN-CVE-2020-29652
A nil pointer dereference in the golang.org/x/crypto/ssh component through v0.0.0-20201203163018-be400aefbc4c for Go allows remote attackers to cause a denial of service against SSH servers...