26 matches found
Invoking client can cause server deadlock on unexpected responses in golang.org/x/crypto/ssh
...
SUSE-SU-2025:1037-1 Security update for podman
This update for podman fixes the following issues: - CVE-2025-22869: Fixed Denial of Service in the Key Exchange of golang.org/x/crypto/ssh bsc1239330...
golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh
A flaw was found in the golang.org/x/crypto/ssh package. SSH clients and servers are vulnerable to increased resource consumption, possibly leading to memory exhaustion and a DoS. This can occur during key exchange when the other party is slow to respond during key exchange...
RHEL 7 / 8 : OpenShift Virtualization 4.11.0 RPMs (RHSA-2022:6527)
The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:6527 advisory. OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift...
ROS-20240412-06
A vulnerability in the OpenSSL library's implementation of the SM2 cryptographic algorithm is related to buffer copying without checking the size of the input data. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code by transmitting specially crafte...
RHCOS 4 / 9 : OpenShift Container Platform 4.13.2 (RHSA-2023:3366)
The remote Red Hat Enterprise Linux CoreOS 4 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3366 advisory. - golang: crash in a golang.org/x/crypto/ssh server CVE-2022-27191 - golang: path/filepath: path-filepath filepath.Clean path...
Rocky Linux 8 : container-tools:rhel8 (RLSA-2021:1796)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:1796 advisory. - A nil pointer dereference in the golang.org/x/crypto/ssh component through v0.0.0-20201203163018-be400aefbc4c for Go allows remote attackers to cause ...
SUSE SLES12 Security Update : containerd (SUSE-SU-2022:4409-1)
The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:4409-1 advisory. Update to containerd v1.6.12 including Docker v20.10.21-ce bsc1206065. Also includes the following fix: - CVE-2022-23471: host memo...
Rocky Linux 8 : container-tools:4.0 (RLSA-2022:7469)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:7469 advisory. - runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. A bug was found in runc prior to version 1.1.2 whe...
AlmaLinux 8 : container-tools:rhel8 (ALSA-2022:7457)
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:7457 advisory. golang: net/http/httputil: panic due to racy read of persistConn after handler panic CVE-2021-36221 cri-o: memory exhaustion on the node when access to th...
AlmaLinux 8 : container-tools:4.0 (ALSA-2022:7469)
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:7469 advisory. cri-o: memory exhaustion on the node when access to the kube api CVE-2022-1708 golang: crash in a golang.org/x/crypto/ssh server CVE-2022-27191 runc:...
CentOS 8 : container-tools:rhel8 (CESA-2022:7457)
The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2022:7457 advisory. - golang: net/http/httputil: panic due to racy read of persistConn after handler panic CVE-2021-36221 - opencontainers: OCI manifest and index parsing...
Amazon Linux 2 : golang-github-kr-pty (ALAS-2022-1864)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2022-1864 advisory. 2023-05-11: CVE-2022-1996 has changed status to NOT AFFECTED for this package and has been removed from this advisory. A flaw was found in golang. The HTTP/1 client accepted invalid...
Code injection
The x/crypto/ssh package before 0.0.0-20211202192323-5770296d904e of golang.org/x/crypto allows an attacker to panic an SSH server...
SUSE SLES15 / openSUSE 15 Security Update : podman (SUSE-SU-2022:2839-1)
The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2839-1 advisory. Updated to version 3.4.7: - CVE-2022-1227: Fixed an issue that could allow an attacker to publish a malicious image t...
SUSE SLES15 / openSUSE 15 Security Update : podman (SUSE-SU-2022:2834-1)
The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2834-1 advisory. Updated to version 3.4.7: - CVE-2022-1227: Fixed an issue that could allow an attacker to publish a malicious image t...
golang.org/x/crypto/ssh NULL Pointer Dereference vulnerability
A nil pointer dereference in the golang.org/x/crypto/ssh component through v0.0.0-20201203163018-be400aefbc4c for Go allows remote attackers to cause a denial of service against SSH servers. An attacker can craft an authentication request message for the gssapi-with-mic method which will cause...
GO-2021-0356 Denial of service via crafted Signer in golang.org/x/crypto/ssh
Attackers can cause a crash in SSH servers when the server has been configured by passing a Signer to ServerConfig.AddHostKey such that 1 the Signer passed to AddHostKey does not implement AlgorithmSigner, and 2 the Signer passed to AddHostKey returns a key of type “ssh-rsa” from its PublicKey...
Use of a Broken or Risky Cryptographic Algorithm
golang.org/x/crypto/ssh before 0.0.0-20220314234659-1baeb1ce4c0b in Go through 1.16.15 and 1.17.x through 1.17.8 allows an attacker to crash a server in certain circumstances involving AddHostKey...
CVE-2022-27191
The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to crash a server in certain circumstances involving AddHostKey...