Описание
A malicious SSH peer could send unsolicited global request responses to fill an internal buffer, blocking the connection's read loop. The blocked goroutine could not be released by calling Close(), resulting in a resource leak per connection. Unsolicited global responses are now discarded.
A flaw was found in golang.org/x/crypto/ssh. A remote malicious SSH peer can exploit this by sending unsolicited global request responses, which fills an internal buffer and blocks the connection's read loop. This prevents the associated resources from being released, leading to a resource leak per connection. The consequence is a Denial of Service (DoS) for the affected system.
Отчет
This is an Important denial of service flaw in golang.org/x/crypto/ssh. A remote, unauthenticated attacker can exploit this vulnerability by sending unsolicited global request responses to an affected SSH server, leading to resource exhaustion and a denial of service. The impact is considered Important due to the potential for unauthenticated remote disruption of services utilizing the vulnerable SSH library.
Меры по смягчению последствий
To mitigate this denial of service vulnerability, restrict network access to any service that utilizes the golang.org/x/crypto/ssh library and is exposed to untrusted networks. Implement firewall rules to allow connections only from trusted hosts or networks. This action limits the ability of malicious peers to send unsolicited global request responses. A restart of the affected service may be necessary for the new network rules to be applied effectively.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Assisted Installer for Red Hat OpenShift Container Platform 2 | assisted/agent-preinstall-image-builder-rhel9 | Affected | ||
| Builds for Red Hat OpenShift | openshift-builds/openshift-builds-controller-rhel9 | Affected | ||
| Builds for Red Hat OpenShift | openshift-builds/openshift-builds-git-cloner-rhel9 | Affected | ||
| Builds for Red Hat OpenShift | openshift-builds/openshift-builds-image-bundler-rhel9 | Affected | ||
| Builds for Red Hat OpenShift | openshift-builds/openshift-builds-image-processing-rhel9 | Affected | ||
| Builds for Red Hat OpenShift | openshift-builds/openshift-builds-waiters-rhel9 | Affected | ||
| Builds for Red Hat OpenShift | openshift-builds/openshift-builds-webhook-rhel9 | Affected | ||
| cert-manager Operator for Red Hat OpenShift | cert-manager/jetstack-cert-manager-acmesolver-rhel9 | Affected | ||
| cert-manager Operator for Red Hat OpenShift | cert-manager/jetstack-cert-manager-rhel9 | Affected | ||
| Confidential Compute Attestation | openshift-sandboxed-containers/osc-cloud-api-adaptor-rhel9 | Affected |
Показывать по
Дополнительная информация
Статус:
EPSS
7.5 High
CVSS3
Связанные уязвимости
A malicious SSH peer could send unsolicited global request responses to fill an internal buffer, blocking the connection's read loop. The blocked goroutine could not be released by calling Close(), resulting in a resource leak per connection. Unsolicited global responses are now discarded.
A malicious SSH peer could send unsolicited global request responses to fill an internal buffer, blocking the connection's read loop. The blocked goroutine could not be released by calling Close(), resulting in a resource leak per connection. Unsolicited global responses are now discarded.
Invoking client can cause server deadlock on unexpected responses in golang.org/x/crypto/ssh
A malicious SSH peer could send unsolicited global request responses t ...
golang.org/x/crypto/ssh: Invoking client can cause server deadlock on unexpected responses
EPSS
7.5 High
CVSS3