CVE-2020-29652
Aliases:GHSA-3vm4-22fp-5rfmGO-2021-0227
Advisory lineage Upstream: 0 Downstream: 4
Modified
Published: 17 Dec 2020, 04:12
Last modified:04 Aug 2024, 16:55
Vulnerability Summary
Overall Risk (default)
medium
30/100 CVSS Score
7.5 HIGH
v3.1 (nvd)
EPSS Score
0.03% LOW
0% probability 0.00%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
17 Dec 2020, 04:12
Published
Vulnerability first disclosed
04 Aug 2024, 16:55
Last Modified
Vulnerability information updated
Description
A nil pointer dereference in the golang.org/x/crypto/ssh component through v0.0.0-20201203163018-be400aefbc4c for Go allows remote attackers to cause a denial of service against SSH servers.
CVSS Metrics
- v3.1•HIGH•Score: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
- v2.0•MEDIUM•Score: 5AV:N/AC:L/Au:N/C:N/I:N/A:P
EPSS Trends
Current EPSS score: 0.03%• Percentile: 9%
Techniques & Countermeasures
- CWE-476•NULL Pointer Dereference
The product dereferences a pointer that it expects to be valid but is NULL.
Affected Systems
- golang.org/x•crypto
< 0.0.0-20201216223049-8b5274cf687f
- golang•ssh
≤ 0.0.0-20201203163018-be400aefbc4c
References (8)
- https://groups.google.com/g/golang-announce/c/ouZIlBimOsE?pli=1
- https://go-review.googlesource.com/c/crypto/+/278852
- https://lists.apache.org/thread.html/r68032132c0399c29d6cdc7bd44918535da54060a10a12b1591328bff%40%3Cnotifications.skywalking.apache.org%3E
- https://nvd.nist.gov/vuln/detail/CVE-2020-29652
- https://go.dev/cl/278852
- https://go.googlesource.com/crypto/+/8b5274cf687fd9316b4108863654cc57385531e8
- https://lists.apache.org/thread.html/r68032132c0399c29d6cdc7bd44918535da54060a10a12b1591328bff@%3Cnotifications.skywalking.apache.org%3E
- https://pkg.go.dev/vuln/GO-2021-0227