CVE-2020-9283

golang.org/x/crypto before v0.0.0-20200220183623-bac4c82f6975 for Go allows a panic during signature verification in the golang.org/x/crypto/ssh package. A client can attack an SSH server that accepts public keys. Also, a server can attack any SSH client.
Configurations

Configuration 1

cpe:2.3:a:golang:package_ssh:0.0.0-20200220183623-bac4c82f6975:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Information

Published : 2020-02-20 08:15

Updated : 2022-01-01 07:40


NVD link : CVE-2020-9283

Mitre link : CVE-2020-9283

Products Affected
No products.
CWE
CWE-347

Improper Verification of Cryptographic Signature