Published: 20/02/2020 Updated: 07/11/2023

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 506

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

golang.org/x/crypto before v0.0.0-20200220183623-bac4c82f6975 for Go allows a panic during signature verification in the golang.org/x/crypto/ssh package. A client can attack an SSH server that accepts public keys. Also, a server can attack any SSH client.

Vulnerable Product	Search on Vulmon	Subscribe to Product
golang package ssh 0.0.0-20200220183623-bac4c82f6975
debian debian linux 9.0

Debian Bug report logs - #952462 golang-gocrypto: CVE-2020-9283 Package: src:golang-gocrypto; Maintainer for src:golang-gocrypto is Debian Go Packaging Team <team+pkg-go@trackerdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 24 Feb 2020 19:54:02 UTC Severity: important Tags: security ...

Synopsis Low: OpenShift Container Platform 4340 security and bug fix update Type/Severity Security Advisory: Low Topic An update is now available for Red Hat OpenShift Container Platform 43Red Hat Product Security has rated this update as having a security impact of Low A Common Vulnerability Scoring S ...

Synopsis Low: OpenShift Container Platform 455 security update Type/Severity Security Advisory: Low Topic An update for atomic-openshift-descheduler-container and ose-cluster-kube-descheduler-operator-container is now available for Red Hat OpenShift Container Platform 45Red Hat Product Security has rate ...

Synopsis Low: OpenShift Container Platform 4414 ose-cluster-machine-approver-container security update Type/Severity Security Advisory: Low Topic An update for ose-cluster-machine-approver-container is now available for Red Hat OpenShift Container Platform 44Red Hat Product Security has rated this updat ...

Synopsis Low: OpenShift Container Platform 4412 ose-cloud-credential-operator-container security update Type/Severity Security Advisory: Low Topic An update for ose-cloud-credential-operator-container is now available for Red Hat OpenShift Container Platform 44Red Hat Product Security has rated this upd ...

Synopsis Moderate: OpenShift Container Platform 4338 container image security update Type/Severity Security Advisory: Moderate Topic An update for openshift-enterprise-hyperkube-container and sriov-dp-admission-controller-container is now available for Red Hat OpenShift Container Platform 43Red Hat Prod ...

Synopsis Low: OpenShift Container Platform 4411 atomic-openshift-descheduler-container security update Type/Severity Security Advisory: Low Topic An update for atomic-openshift-descheduler-container is now available for Red Hat OpenShift Container Platform 44Red Hat Product Security has rated this updat ...

Synopsis Low: OpenShift Container Platform 4411 ose-azure-machine-controllers-container security update Type/Severity Security Advisory: Low Topic An update for ose-azure-machine-controllers-container is now available for Red Hat OpenShift Container Platform 44Red Hat Product Security has rated this upd ...

Synopsis Moderate: Red Hat OpenShift Service Mesh 3scale-istio-adapter-rhel8-container security update Type/Severity Security Advisory: Moderate Topic An update for 3scale-istio-adapter-rhel8-container is now available for OpenShift Service MeshRed Hat Product Security has rated this update as having a sec ...

Synopsis Low: OpenShift Container Platform 4411 ose-baremetal-operator-container security update Type/Severity Security Advisory: Low Topic An update for ose-baremetal-operator-container is now available for Red Hat OpenShift Container Platform 44Red Hat Product Security has rated this update as having ...

Synopsis Moderate: Red Hat OpenShift Service Mesh security update Type/Severity Security Advisory: Moderate Topic An update is now available for OpenShift Service Mesh 11Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) bas ...

Synopsis Moderate: OpenShift Container Platform 461 image security update Type/Severity Security Advisory: Moderate Topic An update is now available for Red Hat OpenShift Container Platform 46Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability S ...

An attacker can craft an ssh-ed25519 or sk-ssh-ed25519@opensshcom public key, such that the library will panic when trying to verify a signature with it Clients can deliver such a public key and signature to any golangorg/x/crypto/ssh server with a PublicKeyCallback, and servers can deliver them to any golangorg/x/crypto/ssh client ...

# Exploit Title: Go SSH servers 002 - Denial of Service (PoC) # Author: Mark Adams # Date: 2020-02-21 # Link: githubcom/mark-adams/exploits/blob/master/CVE-2020-9283/pocpy # CVE: CVE-2020-9283 # # Running this script may crash the remote SSH server if it is vulnerable # The GitHub repository contains a vulnerable and fixed SSH server f ...

Go SSH server version 002 suffers from a denial of service vulnerability ...

Exploit for CVE-2020-9283 based on Go

Exploit for CVE-2020-9283 This project is inspired by the original POC found here githubcom/mark-adams/exploits/CVE-2020-9283 I was curious as to how the Go SSH library was implemented so decided to implement the PoC using go A short writeup can be found here devto/brompwnie/modifying-go-s-crypto-ssh-library-for-cve-2020-9283-26a7 What does this do? This invokes a p

My personal repo that's all about me

Hi there 👋 🔭 Product Security at HashiCorp 📫 How to reach me: @brompwniebskysocial 😄 Pronouns: He/Him Public Speaking Engagements Blackhat EU 2019 - Reverse Engineering and Exploiting Builds in the Cloud USA 2019 - BOtB EU 2018 - Uitkyk USA 2017 - Kwetza USA 2017 - Rattler EU 2015 - Jack Defcon 27 Cloud Village Hacking 2019 DevSecCon London 2019 - Build t

Secure Shell Protocol: Introduction and Some Cryptographic Attacks

Secure Shell Protocol: Introduction and Some Cryptographic Attacks Abstract In this project, we will delve into the world of Secure Shell (SSH), a widely used cryptographic network protocol for secure remote access to systems and secure file transfers We will begin with an introduction to SSH, exploring its key features and benefits We will also discuss the fundamental princi

CWE-347 http://packetstormsecurity.com/files/156480/Go-SSH-0.0.2-Denial-Of-Service.html https://lists.debian.org/debian-lts-announce/2020/10/msg00014.html https://lists.debian.org/debian-lts-announce/2020/11/msg00027.html https://lists.debian.org/debian-lts-announce/2020/11/msg00031.html https://lists.debian.org/debian-lts-announce/2023/06/msg00017.html https://groups.google.com/forum/#%21topic/golang-announce/3L45YRc91SY https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=952462 https://nvd.nist.gov https://www.exploit-db.com/exploits/48121 https://github.com/brompwnie/CVE-2020-9283 https://security.archlinux.org/CVE-2020-9283

Get Started

CVE-2020-9283

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect