Your submission was sent successfully! Close

CVE-2021-43565

Published: 6 September 2022

The x/crypto/ssh package before 0.0.0-20211202192323-5770296d904e of golang.org/x/crypto allows an attacker to panic an SSH server.

Notes

AuthorNote
jdstrand
snapd contains an embedded copy of golang-go.crypto
lxd in 18.04 LTS and earlier contains an embedded copy of
golang-go.crypto
mdeslaur
snapd and lxd only use the terminal sub-package, not the ssh
part of golang-go.crypto, so they are not vulnerable
Priority

Medium

CVSS 3 base score: 7.5

Status

Package Release Status
golang-go.crypto
Launchpad, Ubuntu, Debian
bionic Needs triage

focal Needs triage

hirsute Ignored
(reached end-of-life)
impish Ignored
(reached end-of-life)
jammy Needs triage

kinetic Needs triage

trusty Does not exist

upstream Needs triage

xenial Needs triage

Patches:
upstream: https://github.com/golang/crypto/commit/5770296d904e90f15f38f77dfc2e43fdf5efc083
lxd
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(code-not-present)
focal Not vulnerable
(code-not-present)
hirsute Not vulnerable
(code-not-present)
impish Not vulnerable
(code-not-present)
trusty Does not exist

upstream Needs triage

xenial Not vulnerable
(code-not-present)
snapd
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(code-not-present)
focal Not vulnerable
(code-not-present)
hirsute Not vulnerable
(code-not-present)
impish Not vulnerable
(code-not-present)
jammy Not vulnerable
(code-not-present)
kinetic Not vulnerable
(code-not-present)
trusty Does not exist

upstream Needs triage

xenial Not vulnerable
(code-not-present)