Lucene search
K

4 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2023/11/16 9:35 p.m.40 views

Security Bulletin: IBM Storage Fusion may be vulnerable to Denial of Service via use of golang.org/x/net, x/crypto, and x/text (CVE-2022-30633, CVE-2022-27664, CVE-2022-28131, CVE-2022-41721, CVE-2021-43565, CVE-2022-27191, CVE-2022-32149)

Summary Golang's x/net, x/crypto and x/text are used by IBM Storage Fusion for networking, cryptography and internationalization. Vulnerabilities in these libraries include Inconsistent Interpretation of HTTP Requests, Uncontrolled Recursion, and Missing Release of Resource that could lead to a...

7.5CVSS8.8AI score0.03931EPSS
Exploits1Affected Software1
RedhatCVE
RedhatCVE
added 2022/04/30 1:10 p.m.150 views

CVE-2021-43565

There's an input validation flaw in golang.org/x/crypto's readCipherPacket function. An unauthenticated attacker who sends an empty plaintext packet to a program linked with golang.org/x/crypto/ssh could cause a panic, potentially leading to denial of service...

7.5CVSS7.2AI score0.00948EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2022/04/13 3:33 p.m.76 views

golang.org/x/crypto: empty plaintext packet causes panic

There's an input validation flaw in golang.org/x/crypto's readCipherPacket function. An unauthenticated attacker who sends an empty plaintext packet to a program linked with golang.org/x/crypto/ssh could cause a panic, potentially leading to denial of service...

7.5CVSS6.8AI score0.00948EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2022/04/07 6:2 p.m.2 views

golang.org/x/crypto: empty plaintext packet causes panic

There's an input validation flaw in golang.org/x/crypto's readCipherPacket function. An unauthenticated attacker who sends an empty plaintext packet to a program linked with golang.org/x/crypto/ssh could cause a panic, potentially leading to denial of service...

7.5CVSS6.8AI score0.00948EPSS
Exploits0References4
Rows per page
Query Builder