Описание
golang.org/x/crypto before v0.0.0-20200220183623-bac4c82f6975 for Go allows a panic during signature verification in the golang.org/x/crypto/ssh package. A client can attack an SSH server that accepts public keys. Also, a server can attack any SSH client.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support, was needed |
| devel | not-affected | 1:0.0~git20200221.2aa609c-1 |
| eoan | ignored | end of life |
| esm-apps/bionic | needed | |
| esm-apps/focal | not-affected | 1:0.0~git20200221.2aa609c-1 |
| esm-apps/jammy | not-affected | 1:0.0~git20200221.2aa609c-1 |
| esm-apps/noble | not-affected | 1:0.0~git20200221.2aa609c-1 |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/xenial | needed | |
| focal | not-affected | 1:0.0~git20200221.2aa609c-1 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | not-affected | |
| eoan | not-affected | code-not-present |
| esm-apps/focal | not-affected | code-not-present |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/bionic | not-affected | |
| esm-infra/xenial | not-affected | |
| focal | not-affected | code-not-present |
| groovy | not-affected | code-not-present |
| hirsute | not-affected | code-not-present |
| impish | not-affected | code-not-present |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support, was needs-triage |
| devel | DNE | |
| eoan | ignored | end of life |
| esm-apps/bionic | needs-triage | |
| esm-apps/focal | needs-triage | |
| esm-infra-legacy/trusty | DNE | |
| focal | ignored | end of standard support, was needs-triage |
| groovy | DNE | |
| hirsute | DNE | |
| impish | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | not-affected | |
| devel | not-affected | |
| eoan | not-affected | |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/bionic | not-affected | |
| esm-infra/focal | not-affected | |
| esm-infra/xenial | not-affected | |
| focal | not-affected | |
| groovy | not-affected | |
| hirsute | not-affected |
Показывать по
5 Medium
CVSS2
7.5 High
CVSS3
Связанные уязвимости
golang.org/x/crypto before v0.0.0-20200220183623-bac4c82f6975 for Go allows a panic during signature verification in the golang.org/x/crypto/ssh package. A client can attack an SSH server that accepts public keys. Also, a server can attack any SSH client.
golang.org/x/crypto before v0.0.0-20200220183623-bac4c82f6975 for Go allows a panic during signature verification in the golang.org/x/crypto/ssh package. A client can attack an SSH server that accepts public keys. Also, a server can attack any SSH client.
golang.org/x/crypto before v0.0.0-20200220183623-bac4c82f6975 for Go a ...
Improper Verification of Cryptographic Signature in golang.org/x/crypto
5 Medium
CVSS2
7.5 High
CVSS3