CVE-2020-9283
CVE-2020-9283
golang.org/x/crypto before v0.0.0-20200220183623-bac4c82f6975 for Go allows a panic during signature verification in the golang.org/x/crypto/ssh package. A client can attack an SSH server that accepts public keys. Also, a server can attack any SSH client.
Affected products
n/a · n/apublic PoCs found — 3
githubgithub.com/brompwnie/CVE-2020-9283★ 5cve_referencepacketstormsecurity.com/files/156480/Go-SSH-0.0.2-Denial-Of-Service.htmlunverifiedexploitdbwww.exploit-db.com/exploits/48121unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://packetstormsecurity.com/files/156480/Go-SSH-0.0.2-Denial-Of-Service.htmlhttps://groups.google.com/forum/#%21topic/golang-announce/3L45YRc91SYhttps://lists.debian.org/debian-lts-announce/2020/10/msg00014.htmlhttps://lists.debian.org/debian-lts-announce/2020/11/msg00027.htmlhttps://lists.debian.org/debian-lts-announce/2020/11/msg00031.htmlhttps://lists.debian.org/debian-lts-announce/2023/06/msg00017.html