Описание
SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| golang-go.crypto | fixed | 1:0.42.0-1 | package | |
| golang-go.crypto | no-dsa | trixie | package | |
| golang-go.crypto | no-dsa | bookworm | package | |
| golang-go.crypto | ignored | bullseye | package |
Примечания
https://github.com/advisories/GHSA-hcg3-q754-cr77
https://github.com/golang/go/issues/71931
https://go-review.googlesource.com/c/crypto/+/652135
Fixed by: https://github.com/golang/crypto/commit/7292932d45d55c7199324ab0027cc86e8198aa22 (v0.35.0
https://pkg.go.dev/vuln/GO-2025-3487
EPSS
Связанные уязвимости
SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted.
SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted.
SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted.
EPSS