CVE-2024-45337
published 2024-12-12CVE-2024-45337: Applications and libraries which misuse connection.serverAuthenticate (via callback field ServerConfig.PublicKeyCallback) may be susceptible to an…
PriorityP262critical9.1CVSS 3.1
AVNACLPRNUINSUCHIHAN
EPSS
3.09%
86.1th percentile
Applications and libraries which misuse connection.serverAuthenticate (via callback field ServerConfig.PublicKeyCallback) may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that "A call to this function does not guarantee that the key offered is in fact used to authenticate." Specifically, the SSH protocol allows clients to inquire about whether a public key is acceptable before proving control of the corresponding private key. PublicKeyCallback may be called with multiple keys, and the order in which the keys were provided cannot be used to infer which key the client successfully authenticated with, if any. Some applications, which store the key(s) passed to PublicKeyCallback (or derived information) and make security relevant determinations based on it once the connection is established, may make incorrect assumptions. For example, an attacker may send public keys A and B, and then authenticate with A. PublicKeyCallback would be called only twice, first with A and then with B. A vulnerable application may then make authorization decisions based on key B for which the attacker does not actually control the private key. Since this API is widely misused, as a partial mitigation golang.org/x/[email protected] enforces the property that, when successfully authenticating via public key, the last key passed to ServerConfig.PublicKeyCallback will be the key used to authenticate the connection. PublicKeyCallback will now be called multiple times with the same key, if necessary. Note that the client may still not control the last key passed to PublicKeyCallback if the connection is then authenticated with a different method, such as PasswordCallback, KeyboardInteractiveCallback, or NoClientAuth. Users should be using the Extensions field of the Permissions return value from the various authentication callbacks to record data associated with the authentication attempt instead of referencing external state. Once the connectio
Affected
72 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| advanced-cluster-security | rhacs-main-rhel8 | — | — |
| assisted | agent-preinstall-image-builder-rhel9 | — | — |
| buildah_project | buildah | — | — |
| cert-manager | jetstack-cert-manager-rhel9 | — | — |
| compliance | openshift-security-profiles-rhel8-operator | — | — |
| confidential-containers | trustee | — | — |
| container-tools_rhel8 | buildah | — | — |
| container-tools_rhel8 | podman | — | — |
| cryostat | cryostat-storage-rhel9 | — | — |
| debian | golang-go.crypto | < golang-go.crypto 1:0.42.0-1 (forky) | golang-go.crypto 1:0.42.0-1 (forky) |
| devspaces | traefik-rhel9 | — | — |
| devworkspace | devworkspace-rhel9-operator | — | — |
| external-secrets-operator | external-secrets-rhel9 | — | — |
| go-toolset_rhel8 | golang | — | — |
| golang.org | x_crypto | >= 0 < 0.31.0 | 0.31.0 |
| golang.org | x_crypto_golang.org_x_crypto_ssh | < 0.52.0 | 0.52.0 |
| golang.org | x_crypto_ssh | >= 0 < 0.52.0 | 0.52.0 |
| golang | crypto | < 0.52.0 | 0.52.0 |
| kubernetes | cri-o | — | — |
| kubevirt | kubevirt | — | — |
| msrc | azl3_cert-manager_1.12.13-2 | — | — |
| msrc | azl3_cf-cli_8.7.11-3 | — | — |
| msrc | azl3_cf-cli_8.7.3-4 | — | — |
| msrc | azl3_docker-buildx_0.14.0-2 | — | — |
| msrc | azl3_docker-buildx_0.14.0-5 | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect SSH clients sending multiple public keys during authentication (key A then key B) without proving control of the last key — a pattern indicative of CVE-2024-45337 exploitation attempts against vulnerable Go SSH servers using PublicKeyCallback. ↗
- →Flag Go SSH server applications using ServerConfig.PublicKeyCallback that store keys or derived information from the callback and make authorization decisions after connection establishment — these are the vulnerable code patterns for CVE-2024-45337. ↗
- →Monitor for SSH authentication sequences where the final key presented to PublicKeyCallback differs from the key actually used to complete authentication (e.g., connection authenticated via PasswordCallback, KeyboardInteractiveCallback, or NoClientAuth after public key inquiry). ↗
- →Audit Go binaries and container images linking golang.org/x/crypto/ssh versions prior to v0.31.0 — the partial mitigation enforcing last-key consistency was introduced at that version. ↗
- ·The fix in golang.org/x/[email protected] is only a PARTIAL mitigation. If the SSH connection is ultimately authenticated via a non-public-key method (PasswordCallback, KeyboardInteractiveCallback, NoClientAuth), the last key passed to PublicKeyCallback may still not be the one the client controls, leaving the bypass possible. ↗
- ·Applications must use the Extensions field of the Permissions return value from authentication callbacks to record authentication-attempt data, and retrieve final state via ServerConn.Permissions — relying on external state shared across attempts is the root vulnerable pattern. ↗
- ·Some third-party libraries misuse the Permissions type by sharing it across authentication attempts; consumers of such libraries remain vulnerable even after upgrading golang.org/x/crypto and must consult those upstream projects separately. ↗
- ·RHEL 8/9 packages (Podman, Buildah, containers-common, gvisor-tap-vsock) are assessed NOT affected because those projects do not call ServerConfig.PublicKeyCallback; do not conflate package presence with exploitability. ↗
- ·A related follow-on vulnerability (CVE-2026-46595) was identified where, even after the CVE-2024-45337 fix, passing a non-public-key callback type causes source-address validation to be skipped entirely — environments that applied the v0.31.0 patch should also track this successor issue. ↗
CVSS provenance
nvdv3.19.1CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
ghsa9.1CRITICAL
osv9.1CRITICAL
vendor_debian9.1CRITICAL
vendor_msrc9.1CRITICAL
vendor_redhat9.1CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Authorization bypass due to skipped source-address validation
vendor_redhat·2026-05-22·CVSS 9.1
CVE-2026-46595 [CRITICAL] CWE-303 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Authorization bypass due to skipped source-address validation
golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Authorization bypass due to skipped source-address validation
Previously, CVE-2024-45337 fixed an authorization bypass for misused ssh server configurations; if any other type of callback is passed other than public key, then the source-address validation would be skipped.
A flaw was found in the `golang.org/x/crypto/ssh` component. This vulnerability allows a remote attacker to bypass source-address validation in certain SSH server configurations. By providing a callback type other than a public key, an attacker can circumvent security checks, potentially leading to unauthorized access.
Package: assisted/agent-preinstall-image-builder-rhel9 (Assisted Installer for Red Hat OpenShift Container Platform 2) - Under investigation
Package: o
Ubuntu
Google Guest Agent vulnerability
vendor_ubuntu·2025-11-03
CVE-2024-45337 Google Guest Agent vulnerability
Title: Google Guest Agent vulnerability
Summary: Google Guest Agent could allow unintended access to network services.
USN-7839-1 fixed vulnerabilities in Go Cryptography. This update provides
the corresponding update in the Go Cryptography module included in Google
Guest Agent.
Original advisory details:
Damien Tournoud, Patrick Dawkins, Vince Parker, and Jules Duvivier
discovered that Go Cryptography incorrectly handled public keys during SSH
operations. An attacker could possibly use this issue to bypass
authorization mechanisms.
Instructions: In general, a standard system update will make all the necessary changes.
Ubuntu
Go Cryptography vulnerability
vendor_ubuntu·2025-10-23
CVE-2024-45337 Go Cryptography vulnerability
Title: Go Cryptography vulnerability
Summary: Go Cryptography could allow unintended access to network services.
Damien Tournoud, Patrick Dawkins, Vince Parker, and Jules Duvivier
discovered that Go Cryptography incorrectly handled public keys during SSH
operations. An attacker could possibly use this issue to bypass
authorization mechanisms.
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto
vendor_redhat·2024-12-11·CVSS 9.1
CVE-2024-45337 [CRITICAL] CWE-285 golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto
golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto
Applications and libraries which misuse connection.serverAuthenticate (via callback field ServerConfig.PublicKeyCallback) may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that "A call to this function does not guarantee that the key offered is in fact used to authenticate." Specifically, the SSH protocol allows clients to inquire about whether a public key is acceptable before proving control of the corresponding private key. PublicKeyCallback may be called with multiple keys, and the order in which the keys were provided cannot be used to infer which key the client successfully authenticated with, if any. Some appl
Microsoft
Misuse of connection.serverAuthenticate may cause authorization bypass in golang.org/x/crypto
vendor_msrc·2024-12-10·CVSS 9.1
CVE-2024-45337 [CRITICAL] Misuse of connection.serverAuthenticate may cause authorization bypass in golang.org/x/crypto
Misuse of connection.serverAuthenticate may cause authorization bypass in golang.org/x/crypto
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to additional products is identified, we will update the CVE to reflect this.
Mariner: Mariner
Go: Go
Customer Action Required: Yes
Remediation: CBL-Mariner Re
Debian
CVE-2024-45337: golang-go.crypto - Applications and libraries which misuse connection.serverAuthenticate (via callb...
vendor_debian·2024·CVSS 9.1
CVE-2024-45337 [CRITICAL] CVE-2024-45337: golang-go.crypto - Applications and libraries which misuse connection.serverAuthenticate (via callb...
Applications and libraries which misuse connection.serverAuthenticate (via callback field ServerConfig.PublicKeyCallback) may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that "A call to this function does not guarantee that the key offered is in fact used to authenticate." Specifically, the SSH protocol allows clients to inquire about whether a public key is acceptable before proving control of the corresponding private key. PublicKeyCallback may be called with multiple keys, and the order in which the keys were provided cannot be used to infer which key the client successfully authenticated with, if any. Some applications, which store the key(s) passed to PublicKeyCallback (or derived information) and make security relevant determin
GHSA
golang.org/x/crypto/ssh: Invoking VerifiedPublicKeyCallback permissions skip enforcement
ghsa·2026-06-25·CVSS 9.1
CVE-2026-46595 [CRITICAL] CWE-863 golang.org/x/crypto/ssh: Invoking VerifiedPublicKeyCallback permissions skip enforcement
golang.org/x/crypto/ssh: Invoking VerifiedPublicKeyCallback permissions skip enforcement
Previously, CVE-2024-45337 fixed an authorization bypass for misused ssh server configurations; if any other type of callback is passed other than public key, then the source-address validation would be skipped.
OSV
CVE-2024-45337: Applications and libraries which misuse connection
osv·2024-12-12·CVSS 9.1
CVE-2024-45337 [CRITICAL] CVE-2024-45337: Applications and libraries which misuse connection
Applications and libraries which misuse connection.serverAuthenticate (via callback field ServerConfig.PublicKeyCallback) may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that "A call to this function does not guarantee that the key offered is in fact used to authenticate." Specifically, the SSH protocol allows clients to inquire about whether a public key is acceptable before proving control of the corresponding private key. PublicKeyCallback may be called with multiple keys, and the order in which the keys were provided cannot be used to infer which key the client successfully authenticated with, if any. Some applications, which store the key(s) passed to PublicKeyCallback (or derived information) and make security relevant determin
GHSA
Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto
ghsa·2024-12-11
CVE-2024-45337 [CRITICAL] CWE-285 Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto
Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto
Applications and libraries which misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass.
The documentation for ServerConfig.PublicKeyCallback says that "A call to this function does not guarantee that the key offered is in fact used to authenticate." Specifically, the SSH protocol allows clients to inquire about whether a public key is acceptable before proving control of the corresponding private key. PublicKeyCallback may be called with multiple keys, and the order in which the keys were provided cannot be used to infer which key the client successfully authenticated with, if any. Some applications, which store the key(s) passed to PublicKeyCallback (
OSV
Misuse of connection.serverAuthenticate may cause authorization bypass in golang.org/x/crypto
osv·2024-12-11
CVE-2024-45337 Misuse of connection.serverAuthenticate may cause authorization bypass in golang.org/x/crypto
Misuse of connection.serverAuthenticate may cause authorization bypass in golang.org/x/crypto
Applications and libraries which misuse connection.serverAuthenticate (via callback field ServerConfig.PublicKeyCallback) may be susceptible to an authorization bypass.
The documentation for ServerConfig.PublicKeyCallback says that "A call to this function does not guarantee that the key offered is in fact used to authenticate." Specifically, the SSH protocol allows clients to inquire about whether a public key is acceptable before proving control of the corresponding private key. PublicKeyCallback may be called with multiple keys, and the order in which the keys were provided cannot be used to infer which key the client successfully authenticated with, if any. Some applications, which store the
OSV
Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto
osv·2024-12-11
CVE-2024-45337 [CRITICAL] Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto
Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto
Applications and libraries which misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass.
The documentation for ServerConfig.PublicKeyCallback says that "A call to this function does not guarantee that the key offered is in fact used to authenticate." Specifically, the SSH protocol allows clients to inquire about whether a public key is acceptable before proving control of the corresponding private key. PublicKeyCallback may be called with multiple keys, and the order in which the keys were provided cannot be used to infer which key the client successfully authenticated with, if any. Some applications, which store the key(s) passed to PublicKeyCallback (
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2026-46595 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Authorization bypass due to skipped source-address validation
bugzilla·2026-05-22·CVSS 9.1
CVE-2026-46595 [CRITICAL] CVE-2026-46595 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Authorization bypass due to skipped source-address validation
CVE-2026-46595 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Authorization bypass due to skipped source-address validation
Previously, CVE-2024-45337 fixed an authorization bypass for misused ssh server configurations; if any other type of callback is passed other than public key, then the source-address validation would be skipped.
Bugzilla
CVE-2024-45337 caddy: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto [epel-9]
bugzilla·2024-12-12·CVSS 9.1
CVE-2024-45337 [CRITICAL] CVE-2024-45337 caddy: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto [epel-9]
CVE-2024-45337 caddy: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto [epel-9]
More information about this security flaw is available in the following bug:
https://bugzilla.redhat.com/show_bug.cgi?id=2331720
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Discussion:
This package has changed maintainer in Fedora. Reassigning to the new maintainer of this component.
Bugzilla
CVE-2024-45337 caddy: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto [epel-8]
bugzilla·2024-12-12·CVSS 9.1
CVE-2024-45337 [CRITICAL] CVE-2024-45337 caddy: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto [epel-8]
CVE-2024-45337 caddy: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto [epel-8]
More information about this security flaw is available in the following bug:
https://bugzilla.redhat.com/show_bug.cgi?id=2331720
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Discussion:
This package has changed maintainer in Fedora. Reassigning to the new maintainer of this component.
Bugzilla
CVE-2024-45337 golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto
bugzilla·2024-12-11·CVSS 9.1
CVE-2024-45337 [CRITICAL] CVE-2024-45337 golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto
CVE-2024-45337 golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto
Applications and libraries which misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass.
Discussion:
This issue has been addressed in the following products:
Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9
Via RHSA-2025:0385 https://access.redhat.com/errata/RHSA-2025:0385
---
This issue has been addressed in the following products:
Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9
Via RHSA-2025:0386 https://access.redhat.com/errata/RHSA-2025:0386
---
This issue has been addressed in the following products:
multicluster engine for Kubernetes 2.4 for RHEL 8
Via RHSA-202
https://github.com/golang/crypto/commit/b4f1988a35dee11ec3e05d6bf3e90b695fbd8909https://go.dev/cl/635315https://go.dev/issue/70779https://groups.google.com/g/golang-announce/c/-nPEi39gI4Q/m/cGVPJCqdAQAJhttps://pkg.go.dev/vuln/GO-2024-3321http://www.openwall.com/lists/oss-security/2024/12/11/2https://security.netapp.com/advisory/ntap-20250131-0007/
2024-12-12
Published