GHSA-3vm4-22fp-5rfm
Suggest an improvement- Source
- https://github.com/advisories/GHSA-3vm4-22fp-5rfm
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-3vm4-22fp-5rfm/GHSA-3vm4-22fp-5rfm.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-3vm4-22fp-5rfm
- Aliases
- Related
- Published
- 2022-05-24T22:01:25Z
- Modified
- 2023-11-08T04:03:31.720348Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- golang.org/x/crypto/ssh NULL Pointer Dereference vulnerability
- Details
-
A nil pointer dereference in the golang.org/x/crypto/ssh component through v0.0.0-20201203163018-be400aefbc4c for Go allows remote attackers to cause a denial of service against SSH servers. An attacker can craft an authentication request message for the
gssapi-with-micmethod which will cause NewServerConn to panic via a nil pointer dereference if ServerConfig.GSSAPIWithMICConfig is nil. - References
-
- https://nvd.nist.gov/vuln/detail/CVE-2020-29652
- https://go-review.googlesource.com/c/crypto/+/278852
- https://go.dev/cl/278852
- https://go.googlesource.com/crypto/+/8b5274cf687fd9316b4108863654cc57385531e8
- https://groups.google.com/g/golang-announce/c/ouZIlBimOsE?pli=1
- https://lists.apache.org/thread.html/r68032132c0399c29d6cdc7bd44918535da54060a10a12b1591328bff@%3Cnotifications.skywalking.apache.org%3E
- https://pkg.go.dev/vuln/GO-2021-0227
Affected packages
Go / golang.org/x/crypto
Package
- Name
- golang.org/x/crypto
- View open source insights on deps.dev
- Purl
- pkg:golang/golang.org/x/crypto