Fluid Attacks Database

Description

golang.org/x/crypto/ssh Denial of service via crafted Signer The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to crash a server in certain circumstances involving AddHostKey.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 12	golang-go.crypto	>=0 <1:0.0~git20220315.3147a52-1	1:0.0~git20220315.3147a52-1
debian 11	golang-go.crypto	=1:0.0~git20201221.eec23a3-1 \|\| =1:0.0~git20210817.32db794-1 \|\| =1:0.0~git20211202.5770296-1 \|\| =1:0.0~git20220315.3147a52-1 \|\| =1:0.0~git20220829.c86fa9a-1 \|\| =1:0.0~git20220829.c86fa9a-1~bpo11+1 \|\| =1:0.1.0-1 \|\| =1:0.10.0-1 \|\| =1:0.12.0-1 \|\| =1:0.13.0-1 \|\| =1:0.14.0-1 \|\| =1:0.16.0-1 \|\| =1:0.17.0-1 \|\| =1:0.18.0-1 \|\| =1:0.19.0-1 \|\| =1:0.21.0-1 \|\| =1:0.22.0-1 \|\| =1:0.23.0-1 \|\| =1:0.24.0-1 \|\| =1:0.24.0-2 \|\| =1:0.25.0-1 \|\| =1:0.25.0-1~bpo12+1 \|\| =1:0.33.0-1~exp1 \|\| =1:0.36.0-1~exp1 \|\| =1:0.4.0-1 \|\| =1:0.41.0-1~exp1 \|\| =1:0.42.0-1 \|\| =1:0.42.0-1~exp1 \|\| =1:0.42.0-2 \|\| =1:0.42.0-3 \|\| =1:0.42.0-4 \|\| =1:0.43.0-1 \|\| =1:0.43.0-2 \|\| =1:0.45.0-1 \|\| =1:0.46.0-1 \|\| =1:0.47.0-1 \|\| =1:0.50.0-1	-
debian 13	golang-go.crypto	>=0 <1:0.0~git20220315.3147a52-1	1:0.0~git20220315.3147a52-1
go	golang.org/x/crypto	>=0 <0.0.0-20220314234659-1baeb1ce4c0b	0.0.0-20220314234659-1baeb1ce4c0b
go	golang.org/x/crypto/ssh	>=0 <=0.0.0-20220214200702-86341886e292	0.0.0-20220315160706-3147a52a75dd
debian 14	golang-go.crypto	>=0 <1:0.0~git20220315.3147a52-1	1:0.0~git20220315.3147a52-1
rpm rhel9	buildah	<1:1.27.0-2.el9	1:1.27.0-2.el9
rpm rhel9	podman	<2:4.2.0-3.el9	2:4.2.0-3.el9

Aliases

1. CVE-2022-271912. NVD-2022-271913. OSV-DEBIAN-2022-271914. OSV-2022-271915. GHSA-8c26-wmh5-6g9v6. GCVE-2022-271917. SECURITY-TRACKER-CVE-2022-27191

References