10 matches found
crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages
A flaw was found in the crypto/tls package within the Go golang standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock,...
CVE-2026-39829
CVE-2026-39829 affects golang.org/x/crypto/ssh. The vulnerability arises because the RSA/DSA public key parsers did not enforce size limits on key parameters, allowing crafted keys with oversized modulus or DSA parameters to cause prolonged CPU use during signature verification. Affected behavior...
Security Bulletin: IBM Fusion HCI is vulnerable to Authorization Bypass due to Golang x/crypto (CVE-2024-45337, CVE-2025-22869)
Summary IBM Fusion HCI includes, but does not run or call, an SSH Server that is part of the Golang x/crypto module. This SSH Server is vulnerable to Denial of Service and Authorization Bypass. CVE-2024-45337, CVE-2025-22869 Vulnerability Details CVEID:CVE-2025-22869 DESCRIPTION: SSH servers whic...
golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh
A flaw was found in the golang.org/x/crypto/ssh package. SSH clients and servers are vulnerable to increased resource consumption, possibly leading to memory exhaustion and a DoS. This can occur during key exchange when the other party is slow to respond during key exchange...
AZL-43348 CVE-2021-43565 affecting package libcontainers-common for versions less than 20210626-5
The x/crypto/ssh package before 0.0.0-20211202192323-5770296d904e of golang.org/x/crypto allows an attacker to panic an SSH server...
AZL-43338 CVE-2021-43565 affecting package gh for versions less than 2.13.0-19
The x/crypto/ssh package before 0.0.0-20211202192323-5770296d904e of golang.org/x/crypto allows an attacker to panic an SSH server...
GO-2022-0229 Panic in certificate parsing in crypto/x509 and golang.org/x/crypto/cryptobyte
On 32-bit architectures, a malformed input to crypto/x509 or the ASN.1 parsing functions of golang.org/x/crypto/cryptobyte can lead to a panic. The malformed certificate can be delivered via a crypto/tls connection to a client, or to a server that accepts client certificates. net/http clients can...
Golang Go crypto 加密问题漏洞
Golang Go crypto is a Go language based cryptographic codebase from the Golang community. A cryptographic issue vulnerability exists in Golang Go crypto versions prior to 1.16.15 and 1.17.x through 1.17.8, which stems from golang.org/x/crypto/ssh 0.0.0-20220314234659-1baeb1ce4c0b prior to...
CVE-2019-11840
An issue was discovered in the supplementary Go cryptography library, golang.org/x/crypto, before v0.0.0-20190320223903-b7391e95e576. A flaw was found in the amd64 implementation of the golang.org/x/crypto/salsa20 and golang.org/x/crypto/salsa20/salsa packages. If more than 256 GiB of keystream i...
Path Traversal Via NUL Characters
pkg/crypto in github.com/golang/go is susceptible to path traversal attacks. The attacks are possible because it does not properly handle the NUL bytes if any string arguments to syscall contain them. If the filename contains NUL bytes \x00 , it may allow access to a subdirectory or "root"...