An attacker can craft an ssh-ed25519 or [email protected] public key, such that the library will panic when trying to verify a signature with it. If verifying signatures using user supplied public keys, this may be used as a denial of service vector.
CPE | Name | Operator | Version |
---|---|---|---|
golang.org/x/crypto | lt | 0.0.0-20200220183623-bac4c82f6975 |