Lucene search
GoogleOSV:GO-2021-0356HistoryApr 25, 2022 - 8:38 p.m.
Denial of service via crafted Signer in golang.org/x/crypto/ssh
2022-04-2520:38:40
Google
osv.dev
16
0.003 Low
EPSS
Percentile
65.4%
Attackers can cause a crash in SSH servers when the server has been configured by passing a Signer to ServerConfig.AddHostKey such that
- the Signer passed to AddHostKey does not implement AlgorithmSigner, and
- the Signer passed to AddHostKey returns a key of type “ssh-rsa” from its PublicKey method.
Servers that only use Signer implementations provided by the ssh package are unaffected.
| CPE | Name | Operator | Version |
|---|---|---|---|
| golang.org/x/crypto | lt | 0.0.0-20220314234659-1baeb1ce4c0b |
Related
fedora
fedora
[SECURITY] Fedora 35 Update: chisel-1.7.7-2.fc35
2022-04-28 05:53:35
[SECURITY] Fedora 35 Update: golang-github-prometheus-2.32.1-4.fc35
2022-04-28 05:53:37
[SECURITY] Fedora 35 Update: golang-storj-drpc-0.0.16-5.fc35
2022-04-28 05:53:39
cgr
cgr
CVE-2022-27191 vulnerabilities
2024-05-19 03:07:16
openvas
openvas
ubuntucve
ubuntucve
CVE-2022-27191
2022-03-18 00:00:00
gitlab
gitlab
Use of a Broken or Risky Cryptographic Algorithm
2022-03-19 00:00:00
redhat
redhat
veracode
veracode
Denial Of Service (DoS)
2022-04-14 18:23:16
osv
osv
golang.org/x/crypto/ssh Denial of service via crafted Signer
2022-03-19 00:01:02
rocky
rocky
buildah security and bug fix update
2023-01-26 21:50:01
redhatcve
redhatcve
CVE-2022-27191
2022-03-16 12:16:43
prion
prion
Code injection
2022-03-18 07:15:00
alpinelinux
alpinelinux
CVE-2022-27191
2022-03-18 07:15:06
debiancve
debiancve
CVE-2022-27191
2022-03-18 07:15:06