Search CVE reports
11 – 15 of 15 results
Some fixes available 10 of 19
A nil pointer dereference in the golang.org/x/crypto/ssh component through v0.0.0-20201203163018-be400aefbc4c for Go allows remote attackers to cause a denial of service against SSH servers.
4 affected packages
golang-go.crypto, kubernetes, snapd, lxd
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| golang-go.crypto | Fixed | Fixed | Vulnerable | Not affected |
| kubernetes | Not affected | Not affected | Not affected | Not in release |
| snapd | Not affected | Not affected | Not affected | Not affected |
| lxd | — | — | Not affected | Not affected |
golang.org/x/crypto before v0.0.0-20200220183623-bac4c82f6975 for Go allows a panic during signature verification in the golang.org/x/crypto/ssh package. A client can attack an SSH server that accepts public keys. Also, a server...
4 affected packages
golang-go.crypto, lxd, mongo-tools, snapd
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| golang-go.crypto | Not affected | Not affected | Not affected | Vulnerable |
| lxd | — | — | Not affected | Not affected |
| mongo-tools | Not in release | Not in release | Needs evaluation | Needs evaluation |
| snapd | Not affected | Not affected | Not affected | Not affected |
A message-forgery issue was discovered in crypto/openpgp/clearsign/clearsign.go in supplementary Go cryptography libraries 2019-03-25. According to the OpenPGP Message Format specification in RFC 4880 chapter 7, a cleartext signed...
2 affected packages
golang-go.crypto, snapd
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| golang-go.crypto | Not affected | Not affected | Not affected | Vulnerable |
| snapd | Not affected | Not affected | Not affected | Not affected |
An issue was discovered in the supplementary Go cryptography library, golang.org/x/crypto, before v0.0.0-20190320223903-b7391e95e576. A flaw was found in the amd64 implementation of the golang.org/x/crypto/salsa20...
3 affected packages
golang-go.crypto, lxd, snapd
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| golang-go.crypto | Not affected | Not affected | Not affected | Vulnerable |
| lxd | — | — | Not affected | Not affected |
| snapd | Ignored | Ignored | Ignored | Ignored |
The Go SSH library (x/crypto/ssh) by default does not verify host keys, facilitating man-in-the-middle attacks. Default behavior changed in commit e4e2799 to require explicitly registering a hostkey verification mechanism.
3 affected packages
golang-go.crypto, ubuntu-snappy, snapd
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| golang-go.crypto | Not affected | Not affected | Not affected | Not affected |
| ubuntu-snappy | Not in release | Not in release | Not in release | Not in release |
| snapd | Ignored | Ignored | Ignored | Ignored |