CVE-2022-27191
published 2022-03-18CVE-2022-27191: The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to crash a server in certain circumstances involving…
high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to crash a server in certain circumstances involving AddHostKey.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | golang-go.crypto | < golang-go.crypto 1:0.0~git20220315.3147a52-1 (bookworm) | golang-go.crypto 1:0.0~git20220315.3147a52-1 (bookworm) |
| fedoraproject | extra_packages_for_enterprise_linux | — | — |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| golang.org | x_crypto | >= 0 < 0.0.0-20220314234659-1baeb1ce4c0b | 0.0.0-20220314234659-1baeb1ce4c0b |
| golang | ssh | < 0.0.0-20220314234659-1baeb1ce4c0b | 0.0.0-20220314234659-1baeb1ce4c0b |
| redhat | advanced_cluster_management_for_kubernetes | — | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
osv7.5HIGH