CVE-2021-43565Improper Input Validation in X Crypto

CWE-20Improper Input Validation9 documents7 sources
Severity
7.5HIGHNVD
EPSS
0.0%
top 96.86%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Golang.org X CryptoGolang SSH
Timeline
PublishedSep 6
Latest updateSep 13

Description

The x/crypto/ssh package before 0.0.0-20211202192323-5770296d904e of golang.org/x/crypto allows an attacker to panic an SSH server.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

Gogolang.org/x_crypto< 0.0.0-20211202192323-5770296d904e
NVDgolang/ssh< 0.0.0-20211202192323-5770296d904e

🔴Vulnerability Details

5
OSV
Panic on malformed packets in golang.org/x/crypto/ssh2022-09-13
OSV
x/crypto/ssh vulnerable to panic via malformed packets2022-09-07
GHSA
x/crypto/ssh vulnerable to panic via malformed packets2022-09-07
OSV
CVE-2021-43565: The x/crypto/ssh package before 02022-09-06
CVEList
CVE-2021-43565: The x/crypto/ssh package before 02022-09-06

📋Vendor Advisories

3
Microsoft
The x/crypto/ssh package before 0.0.0-20211202192323-5770296d904e of golang.org/x/crypto allows an attacker to panic an SSH server.2022-09-13
Red Hat
golang.org/x/crypto: empty plaintext packet causes panic2021-12-02
Debian
CVE-2021-43565: golang-go.crypto - The x/crypto/ssh package before 0.0.0-20211202192323-5770296d904e of golang.org/...2021
CVE-2021-43565 — Improper Input Validation in X Crypto | cvebase