Fluid Attacks Database

Description

Previously, CVE-2024-45337 fixed an authorization bypass for misused ssh server configurations; if any other type of callback is passed other than public key, then the source-address validation would be skipped.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
go	golang.org/x/crypto	>=0 <0.52.0	0.52.0
debian 13	golang-go.crypto	=1:0.25.0-1 \|\| =1:0.33.0-1~exp1 \|\| =1:0.36.0-1~exp1 \|\| =1:0.41.0-1~exp1 \|\| =1:0.42.0-1 \|\| =1:0.42.0-1~exp1 \|\| =1:0.42.0-2 \|\| =1:0.42.0-3 \|\| =1:0.42.0-4 \|\| =1:0.43.0-1 \|\| =1:0.43.0-2 \|\| =1:0.45.0-1 \|\| =1:0.46.0-1 \|\| =1:0.47.0-1 \|\| =1:0.50.0-1 \|\| =1:0.52.0-1	-
debian 11	golang-go.crypto	=1:0.0~git20201221.eec23a3-1 \|\| =1:0.0~git20210817.32db794-1 \|\| =1:0.0~git20211202.5770296-1 \|\| =1:0.0~git20220315.3147a52-1 \|\| =1:0.0~git20220829.c86fa9a-1 \|\| =1:0.0~git20220829.c86fa9a-1~bpo11+1 \|\| =1:0.1.0-1 \|\| =1:0.10.0-1 \|\| =1:0.12.0-1 \|\| =1:0.13.0-1 \|\| =1:0.14.0-1 \|\| =1:0.16.0-1 \|\| =1:0.17.0-1 \|\| =1:0.18.0-1 \|\| =1:0.19.0-1 \|\| =1:0.21.0-1 \|\| =1:0.22.0-1 \|\| =1:0.23.0-1 \|\| =1:0.24.0-1 \|\| =1:0.24.0-2 \|\| =1:0.25.0-1 \|\| =1:0.25.0-1~bpo12+1 \|\| =1:0.33.0-1~exp1 \|\| =1:0.36.0-1~exp1 \|\| =1:0.4.0-1 \|\| =1:0.41.0-1~exp1 \|\| =1:0.42.0-1 \|\| =1:0.42.0-1~exp1 \|\| =1:0.42.0-2 \|\| =1:0.42.0-3 \|\| =1:0.42.0-4 \|\| =1:0.43.0-1 \|\| =1:0.43.0-2 \|\| =1:0.45.0-1 \|\| =1:0.46.0-1 \|\| =1:0.47.0-1 \|\| =1:0.50.0-1 \|\| =1:0.52.0-1	-
debian 12	golang-go.crypto	=1:0.10.0-1 \|\| =1:0.12.0-1 \|\| =1:0.13.0-1 \|\| =1:0.14.0-1 \|\| =1:0.16.0-1 \|\| =1:0.17.0-1 \|\| =1:0.18.0-1 \|\| =1:0.19.0-1 \|\| =1:0.21.0-1 \|\| =1:0.22.0-1 \|\| =1:0.23.0-1 \|\| =1:0.24.0-1 \|\| =1:0.24.0-2 \|\| =1:0.25.0-1 \|\| =1:0.25.0-1~bpo12+1 \|\| =1:0.33.0-1~exp1 \|\| =1:0.36.0-1~exp1 \|\| =1:0.4.0-1 \|\| =1:0.41.0-1~exp1 \|\| =1:0.42.0-1 \|\| =1:0.42.0-1~exp1 \|\| =1:0.42.0-2 \|\| =1:0.42.0-3 \|\| =1:0.42.0-4 \|\| =1:0.43.0-1 \|\| =1:0.43.0-2 \|\| =1:0.45.0-1 \|\| =1:0.46.0-1 \|\| =1:0.47.0-1 \|\| =1:0.50.0-1 \|\| =1:0.52.0-1	-
debian 14	golang-go.crypto	=1:0.25.0-1 \|\| =1:0.33.0-1~exp1 \|\| =1:0.36.0-1~exp1 \|\| =1:0.41.0-1~exp1 \|\| =1:0.42.0-1 \|\| =1:0.42.0-1~exp1 \|\| =1:0.42.0-2 \|\| =1:0.42.0-3 \|\| =1:0.42.0-4 \|\| =1:0.43.0-1 \|\| =1:0.43.0-2 \|\| =1:0.45.0-1 \|\| =1:0.46.0-1 \|\| =1:0.47.0-1 \|\| =1:0.50.0-1 \|\| >=0 <1:0.52.0-1	1:0.52.0-1

Aliases

1. CVE-2026-465952. NVD-2026-465953. OSV-GO-2026-50234. OSV-2026-465955. OSV-DEBIAN-2026-465956. GCVE-2026-465957. SECURITY-TRACKER-CVE-2026-46595

References

1. https://go.dev/issue/795702. https://groups.google.com/g/golang-announce/c/a082jnz-LvI3. https://go.dev/cl/781642

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.