5 matches found
Invoking bypass of certificate restrictions in golang.org/x/crypto/ssh
...
Invoking infinite loop on large channel writes in golang.org/x/crypto/ssh
...
Invoking server panic during CheckHostKey/Authenticate in golang.org/x/crypto/ssh
...
CVE-2026-46595
CVE-2026-46595 affects golang.org/x/crypto/ssh. The issue arises when VerifiedPublicKeyCallback is invoked with a callback type other than public key, causing the source-address validation to be bypassed and enabling an authorization bypass. The description notes this is a continuation of CVE-202...
golang.org/x/crypto: empty plaintext packet causes panic
There's an input validation flaw in golang.org/x/crypto's readCipherPacket function. An unauthenticated attacker who sends an empty plaintext packet to a program linked with golang.org/x/crypto/ssh could cause a panic, potentially leading to denial of service...