GHSA-gwc9-m7rh-j2ww

Source
https://github.com/advisories/GHSA-gwc9-m7rh-j2ww
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/09/GHSA-gwc9-m7rh-j2ww/GHSA-gwc9-m7rh-j2ww.json
Aliases
Published
2022-09-07T00:01:52Z
Modified
2023-11-08T04:07:10.523681Z
Details

The x/crypto/ssh package before 0.0.0-20211202192323-5770296d904e of golang.org/x/crypto allows an unauthenticated attacker to panic an SSH server. When using AES-GCM or ChaCha20Poly1305, consuming a malformed packet which contains an empty plaintext causes a panic.

References

Affected packages

Go / golang.org/x/crypto

Package

Affected ranges

Type
SEMVER
Events
Introduced
0The exact introduced commit is unknown
Fixed
0.0.0-20211202192323-5770296d904e