CVE-2021-43565
Aliases:GHSA-gwc9-m7rh-j2wwGO-2022-0968
Advisory lineage Upstream: 0 Downstream: 17
Modified
Published: 06 Sept 2022, 17:03
Last modified:04 Aug 2024, 04:03
Vulnerability Summary
Overall Risk (default)
medium
30/100 CVSS Score
7.5 HIGH
v3.1 (nvd)
EPSS Score
0.03% LOW
0% probability 0.00%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
06 Sept 2022, 17:03
Published
Vulnerability first disclosed
04 Aug 2024, 04:03
Last Modified
Vulnerability information updated
Description
The x/crypto/ssh package before 0.0.0-20211202192323-5770296d904e of golang.org/x/crypto allows an attacker to panic an SSH server.
CVSS Metrics
- v3.1•HIGH•Score: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Trends
Current EPSS score: 0.03%• Percentile: 8%
Affected Systems
- golang.org/x•crypto
< 0.0.0-20211202192323-5770296d904e
- golang•ssh
< 0.0.0-20211202192323-5770296d904e
References (8)
- https://groups.google.com/forum/#%21forum/golang-announce
- https://groups.google.com/g/golang-announce/c/2AR1sKiM-Qs
- https://nvd.nist.gov/vuln/detail/CVE-2021-43565
- https://go.dev/cl/368814
- https://go.dev/issues/49932
- https://groups.google.com/forum/#!forum/golang-announce
- https://pkg.go.dev/vuln/GO-2022-0968
- https://go.dev/cl/368814/