4 matches found
golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via crafted public key with excessive parameters
A flaw was found in golang.org/x/crypto/ssh. The RSA and DSA public key parsers in the affected component did not enforce size limits on key parameters. This vulnerability allows an unauthenticated client to provide a crafted public key with an excessively large modulus or DSA parameter during...
Azure Linux 3.0 Security Update: CBL-Mariner Releases (CVE-2026-39829)
The version of CBL-Mariner Releases installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2026-39829 advisory. - The RSA and DSA public key parsers did not enforce size limits on key parameters. A crafted...
Allocation of Resources Without Limits or Throttling
Overview github.com/golang/crypto/ssh is a SSH client and server Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the public key parsers. An attacker can exhaust CPU resources by submitting crafted RSA or DSA public keys with excessively...
The vulnerability of the functions DH_check(), DH_check_ex(), or EVP_PKEY_param_check() in the OpenSSL library allows a attacker to cause a service failure.
The vulnerability of the DHcheck, DHcheckex, or EVPPKEYparamcheck functions in the OpenSSL library is related to the use of a regular expression with inefficient computational complexity. Exploiting this vulnerability could allow a remote attacker to cause service interruptions...