An attacker can craft an ssh-ed25519 or [email protected] public key, such that the library will panic when trying to verify a signature with it. If verifying signatures using user supplied public keys, this may be used as a denial of service vector.

CPENameOperatorVersion
golang.org/x/cryptolt0.0.0-20200220183623-bac4c82f6975

CPE	Name	Operator	Version
	golang.org/x/crypto	lt	0.0.0-20200220183623-bac4c82f6975

References

go.dev/cl/220357

go.googlesource.com/crypto/+/bac4c82f69751a6dd76e702d54b3ceb88adab236

groups.google.com/g/golang-announce/c/3L45YRc91SY

openvas 4

debian 4

exploitpack 1

nessus 6

debiancve 1

cvelist 1

redhat 15

ibm 13

cgr 1

osv 5

veracode 1

zdt 1

hackerone 1

wolfi 1

checkpoint_advisories 1

cve 1

githubexploit 1

archlinux 1

github 1

redhatcve 1

packetstorm 1

ubuntucve 1

nvd 1

prion 1

gitlab 1

exploitdb 1

openvas

Debian: Security Advisory (DLA-2453-1)

2020-11-17 00:00:00

Debian: Security Advisory (DLA-2455-1)

2020-11-19 00:00:00

Debian: Security Advisory (DLA-2402-1)

2020-10-08 00:00:00

debian

[SECURITY] [DLA 2455-1] packer security update

2020-11-18 21:02:24

[SECURITY] [DLA 2453-1] restic security update

2020-11-16 21:49:41

[SECURITY] [DLA 3455-1] golang-go.crypto security update

2023-06-16 21:31:09

exploitpack

Go SSH servers 0.0.2 - Denial of Service (PoC)

2020-02-24 00:00:00

nessus

Debian DLA-2455-1 : packer security update

2020-11-19 00:00:00

Debian DLA-2453-1 : restic security update

2020-11-17 00:00:00

Debian DLA-2402-1 : golang-go.crypto security update

2020-10-08 00:00:00

debiancve

CVE-2020-9283

2020-02-20 20:15:10

cvelist

CVE-2020-9283

2020-02-20 00:00:00

redhat

(RHSA-2020:2789) Low: OpenShift Container Platform 4.4.11 ose-baremetal-operator-container security update

2020-07-06 20:25:04

(RHSA-2020:3414) Low: OpenShift Container Platform 4.5.5 security update

2020-08-12 04:43:08

(RHSA-2020:2878) Low: OpenShift Container Platform 4.4.12 ose-cloud-credential-operator-container security update

2020-07-14 01:16:05

ibm

Security Bulletin: GO is is vulnerable to a denial of service on IBM Watson Machine Learning on CP4D

2021-05-03 15:17:07

Security Bulletin: A vulnerability exists in golang x/crypto (CVE-2020-9283) which is consumed by IBM CICS TX Standard

2023-02-14 21:14:53

Security Bulletin: A vulnerability exists in golang x/crypto (CVE-2020-9283) which is consumed by IBM CICS TX Advanced

2023-02-14 21:04:36

cgr

CVE-2020-9283 vulnerabilities

2024-05-19 03:07:16

osv

restic - security update

2020-11-17 00:00:00

packer - security update

2020-11-19 00:00:00

Improper Verification of Cryptographic Signature in golang.org/x/crypto

2021-05-18 15:29:31

veracode

Signature Verification With Malformed Public Keys

2020-02-21 05:23:31

zdt

Go SSH servers 0.0.2 - Denial of Service Exploit

2020-02-24 00:00:00

hackerone

Sifchain: SSH server due to Improper Signature Verification

2021-08-06 17:07:57

wolfi

CVE-2020-9283 vulnerabilities

2024-07-05 21:08:40

checkpoint_advisories

Google Golang Crypto Denial of Service (CVE-2020-9283)

2020-10-25 00:00:00

cve

CVE-2020-9283

2020-02-20 20:15:10

githubexploit

Exploit for Improper Verification of Cryptographic Signature in Golang Package Ssh

2020-06-02 10:55:37

archlinux

[ASA-202003-4] golang-golang-x-crypto: denial of service

2020-03-08 00:00:00

github

Improper Verification of Cryptographic Signature in golang.org/x/crypto

2021-05-18 15:29:31

redhatcve

CVE-2020-9283

2021-08-15 06:09:30

packetstorm

Go SSH 0.0.2 Denial Of Service

2020-02-23 00:00:00

ubuntucve

CVE-2020-9283

2020-02-20 00:00:00

nvd

CVE-2020-9283

2020-02-20 20:15:10

prion

Code injection

2020-02-20 20:15:00

gitlab

Improper Verification of Cryptographic Signature

2020-02-20 00:00:00

exploitdb

Go SSH servers 0.0.2 - Denial of Service (PoC)

2020-02-24 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

0.244 Low

EPSS

Percentile

96.6%

JSON

Related for OSV:GO-2020-0012