Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
golang ssh vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2021-33198
In Go prior to 1.15.13 and 1.16.x prior to 1.16.5, there can be a panic for a large exponent to the math/big.Rat SetString or UnmarshalText method.
Golang Go
7.5
CVSSv3
CVE-2021-27918
encoding/xml in Go prior to 1.15.9 and 1.16.x prior to 1.16.1 has an infinite loop if a custom TokenReader (for xml.NewTokenDecoder) returns EOF in the middle of an element. This can occur in the Decode, DecodeElement, or Skip method.
Golang Go
5.5
CVSSv3
CVE-2021-27919
archive/zip in Go 1.16.x prior to 1.16.1 allows malicious users to cause a denial of service (panic) upon attempted use of the Reader.Open API for a ZIP archive in which ../ occurs at the beginning of any filename.
Golang Go
Fedoraproject Fedora 34
Fedoraproject Fedora 35
7.5
CVSSv3
CVE-2020-29652
A nil pointer dereference in the golang.org/x/crypto/ssh component through v0.0.0-20201203163018-be400aefbc4c for Go allows remote malicious users to cause a denial of service against SSH servers.
Golang Ssh
2 Github repositories
7.5
CVSSv3
CVE-2020-28362
Go prior to 1.14.12 and 1.15.x prior to 1.15.4 allows Denial of Service.
Golang Go
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Netapp Trident -
Netapp Cloud Insights Telegraf Agent -
7.5
CVSSv3
CVE-2020-9283
golang.org/x/crypto before v0.0.0-20200220183623-bac4c82f6975 for Go allows a panic during signature verification in the golang.org/x/crypto/ssh package. A client can attack an SSH server that accepts public keys. Also, a server can attack any SSH client.
Golang Package Ssh 0.0.0-20200220183623-bac4c82f6975
Debian Debian Linux 9.0
1 EDB exploit
3 Github repositories
7.5
CVSSv3
CVE-2019-17596
Go prior to 1.12.11 and 1.3.x prior to 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. There are several attack scenarios, such as traffic from a client to a server that verifies client certificates.
Golang Go
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Fedoraproject Fedora 30
Fedoraproject Fedora 31
Redhat Enterprise Linux 8.0
Redhat Developer Tools 1.0
Redhat Enterprise Linux Server 8.1
Opensuse Leap 15.0
Opensuse Leap 15.1
Arista Mos
Arista Eos
Arista Cloudvision Portal 2019.1.2
Arista Cloudvision Portal 2019.1.1
Arista Cloudvision Portal 2019.1.0
Arista Cloudvision Portal
Arista Terminattr
1 Github repository
8.1
CVSSv3
CVE-2017-3204
The Go SSH library (x/crypto/ssh) by default does not verify host keys, facilitating man-in-the-middle attacks. Default behavior changed in commit e4e2799 to require explicitly registering a hostkey verification mechanism.
Golang Crypto
1 Github repository
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4946
CVE-2024-30309
CVE-2024-4761
CVE-2024-30051
type confusion
memory leak
CVE-2024-30293
reflected XSS
CVE-2024-3126
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4