Описание
SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| golang-go.crypto | fixed | 1:0.45.0-1 | package | |
| golang-go.crypto | no-dsa | trixie | package | |
| golang-go.crypto | no-dsa | bookworm | package | |
| golang-go.crypto | postponed | bullseye | package |
Примечания
https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA?pli=1
https://github.com/golang/go/issues/76363
Fixed by: https://github.com/golang/crypto/commit/e79546e28b85ea53dd37afe1c4102746ef553b9c (v0.45.0)
Связанные уязвимости
SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption.
SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption.
golang.org/x/crypto/ssh allows an attacker to cause unbounded memory consumption
Уязвимость SSH-сервера библиотеки для языка программирования Go crypto, позволяющая нарушителю оказать воздействие на доступность защищаемой информации
