Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2021-43565

Version v0.0.0-20211202192323-5770296d904e of golang.org/x/crypto fixes a vulnerability in the golang.org/x/crypto/ssh package which allowed unauthenticated clients to cause a panic in SSH servers. When using AES-GCM or ChaCha20Poly1305, consuming a malformed packet which contains empty plaintext causes a panic, due to the assumption that there will always be at least one byte, containing the number of padding bytes.

Source

Severity Medium

Remote Yes

Type Denial of service

Description

Version v0.0.0-20211202192323-5770296d904e of golang.org/x/crypto fixes a vulnerability in the golang.org/x/crypto/ssh package which allowed unauthenticated clients to cause a panic in SSH servers. When using AES-GCM or ChaCha20Poly1305, consuming a malformed packet which contains empty plaintext causes a panic, due to the assumption that there will always be at least one byte, containing the number of padding bytes.

AVG-1511 golang-golang-x-crypto 0.0.20200303-2 Medium Vulnerable FS#70058

https://groups.google.com/g/golang-announce/c/2AR1sKiM-Qs/m/9LAF9FxvBwAJ
https://github.com/golang/go/issues/49932
https://go-review.googlesource.com/c/crypto/+/368814/
https://github.com/golang/crypto/commit/5770296d904e90f15f38f77dfc2e43fdf5efc083

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

Vulmon Search

About

Products

Connect