Your submission was sent successfully! Close

CVE-2021-43565

Published: 6 December 2021

[x/crypto/ssh: empty plaintext packet causes panic]

Priority

Medium

Status

Package Release Status
golang-go.crypto
Launchpad, Ubuntu, Debian
bionic Needs triage

focal Needs triage

hirsute Ignored
(reached end-of-life)
impish Needs triage

jammy Needs triage

trusty Does not exist

upstream Needs triage

xenial Needs triage

lxd
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(code-not-present)
focal Not vulnerable
(code-not-present)
hirsute Not vulnerable
(code-not-present)
impish Not vulnerable
(code-not-present)
trusty Does not exist

upstream Needs triage

xenial Not vulnerable
(code-not-present)
snapd
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(code-not-present)
focal Not vulnerable
(code-not-present)
hirsute Not vulnerable
(code-not-present)
impish Not vulnerable
(code-not-present)
jammy Not vulnerable
(code-not-present)
trusty Does not exist

upstream Needs triage

xenial Not vulnerable
(code-not-present)

Notes

AuthorNote
jdstrand
snapd contains an embedded copy of golang-go.crypto
lxd in 18.04 LTS and earlier contains an embedded copy of
golang-go.crypto
mdeslaur
snapd and lxd only use the terminal sub-package, not the ssh
part of golang-go.crypto, so they are not vulnerable

References

Bugs