Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2021-43565

Опубликовано: 02 дек. 2021
Источник: redhat
CVSS3: 7.5
EPSS Низкий

Описание

The x/crypto/ssh package before 0.0.0-20211202192323-5770296d904e of golang.org/x/crypto allows an attacker to panic an SSH server.

There's an input validation flaw in golang.org/x/crypto's readCipherPacket() function. An unauthenticated attacker who sends an empty plaintext packet to a program linked with golang.org/x/crypto/ssh could cause a panic, potentially leading to denial of service.

Отчет

go-toolset shipped with Red Hat Developer Tools - Compilers and golang shipped with Red Hat Enterprise Linux 8 are not affected by this flaw because they do not ship the vulnerable code. This flaw was rated to have a Moderate impact because it is not shipped in the Golang standard library and thus has a reduced impact to products compared with other flaws of this type.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Migration Toolkit for Containersrhmtc/openshift-migration-velero-rhel8Will not fix
OpenShift ServerlessCLIAffected
OpenShift Serverlessknative-eventingAffected
OpenShift Service Mesh 1iorOut of support scope
OpenShift Service Mesh 1servicemeshOut of support scope
OpenShift Service Mesh 1servicemesh-operatorOut of support scope
OpenShift Service Mesh 1servicemesh-prometheusOut of support scope
OpenShift Service Mesh 2.0servicemeshAffected
OpenShift Service Mesh 2.0servicemesh-grafanaAffected
OpenShift Service Mesh 2.0servicemesh-operatorAffected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-20
https://bugzilla.redhat.com/show_bug.cgi?id=2030787golang.org/x/crypto: empty plaintext packet causes panic

EPSS

Процентиль: 8%
0.00029
Низкий

7.5 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2021-43565

CVSS3: 7.5
ubuntu
больше 3 лет назад

The x/crypto/ssh package before 0.0.0-20211202192323-5770296d904e of golang.org/x/crypto allows an attacker to panic an SSH server.

nvd логотип

CVE-2021-43565

CVSS3: 7.5
nvd
больше 3 лет назад

The x/crypto/ssh package before 0.0.0-20211202192323-5770296d904e of golang.org/x/crypto allows an attacker to panic an SSH server.

msrc логотип

CVE-2021-43565

CVSS3: 7.5
msrc
около 1 года назад

Описание отсутствует

debian логотип

CVE-2021-43565

CVSS3: 7.5
debian
больше 3 лет назад

The x/crypto/ssh package before 0.0.0-20211202192323-5770296d904e of g ...

suse-cvrf логотип

openSUSE-SU-2022:0526-1

suse-cvrf
почти 4 года назад

Security update for kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container

EPSS

Процентиль: 8%
0.00029
Низкий

7.5 High

CVSS3

Уязвимость CVE-2021-43565