Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv3

CVE-2020-29652

Published: 17/12/2020 Updated: 07/11/2023
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 446
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Golang

Vulnerability Summary

A nil pointer dereference in the golang.org/x/crypto/ssh component through v0.0.0-20201203163018-be400aefbc4c for Go allows remote malicious users to cause a denial of service against SSH servers.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

golang ssh

Vendor Advisories

Amazon Linux 2: ALAS2-2022-1830
A null pointer dereference vulnerability was found in golang When using the library's ssh server without specifying an option for GSSAPIWithMICConfig, it is possible for an attacker to craft an ssh client connection using the authentication method and cause the server to panic resulting in a denial of service The highest threat from this vulnera ...
Arch Linux Issues:
A null pointer dereference in the golangorg/x/crypto/ssh component through v000-20201203163018-be400aefbc4c for Go allows remote attackers to cause a denial of service against SSH servers ...

Github Repositories

https://github.com/EFX-PXT1/govuln

govuln Desire to learn how to patch a vulnerability indirectly lifted into a Go Lang application in a manner which satsfies Twistlock scanning This is important where indirect libraries are not well maintained Approach A simple example importing an old version of client-go to trigger x/crypto vulnerability Upgrading client-go is not a solution since in the general case of an

https://github.com/intercloud/gobinsec

Tool to perform security check on dependencies embedded in given Go binary

Gobinsec This tool parses Go binary dependencies and calls NVD database to produce a vulnerability report Binaries must have been built with module support to be analyzed with Gobinsec Table of Contents Installation Usage Configuration Cache Memcachier Memcached File Timeout and Expiration Versions How to Fix Vulnerabilities Information about vulnerabilities How Gobinsec

References

CWE-476https://go-review.googlesource.com/c/crypto/+/278852https://groups.google.com/g/golang-announce/c/ouZIlBimOsE?pli=1https://lists.apache.org/thread.html/r68032132c0399c29d6cdc7bd44918535da54060a10a12b1591328bff%40%3Cnotifications.skywalking.apache.org%3Ehttps://nvd.nist.govhttps://github.com/EFX-PXT1/govulnhttps://github.com/intercloud/gobinsechttps://alas.aws.amazon.com/AL2/ALAS-2022-1830.html
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-21991CVE-2024-32674path traversalCVE-2023-21987denial of servicedosCVE-2024-4647CVE-2024-25519CVE-2024-33612
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook