CVE-2021-43565
Published: 6 September 2022
The x/crypto/ssh package before 0.0.0-20211202192323-5770296d904e of golang.org/x/crypto allows an attacker to panic an SSH server.
Notes
| Author | Note |
|---|---|
| jdstrand | snapd contains an embedded copy of golang-go.crypto lxd in 18.04 LTS and earlier contains an embedded copy of golang-go.crypto |
| mdeslaur | snapd and lxd only use the terminal sub-package, not the ssh part of golang-go.crypto, so they are not vulnerable |
Priority
Medium
CVSS 3 base score: 7.5
Status
| Package | Release | Status |
|---|---|---|
|
golang-go.crypto Launchpad, Ubuntu, Debian |
bionic |
Needs triage
|
| focal |
Needs triage
|
|
| hirsute |
Ignored
(reached end-of-life)
|
|
| impish |
Ignored
(reached end-of-life)
|
|
| jammy |
Needs triage
|
|
| kinetic |
Needs triage
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| xenial |
Needs triage
|
|
|
Patches: upstream: https://github.com/golang/crypto/commit/5770296d904e90f15f38f77dfc2e43fdf5efc083 |
||
|
lxd Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(code-not-present)
|
| focal |
Not vulnerable
(code-not-present)
|
|
| hirsute |
Not vulnerable
(code-not-present)
|
|
| impish |
Not vulnerable
(code-not-present)
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| xenial |
Not vulnerable
(code-not-present)
|
|
|
snapd Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(code-not-present)
|
| focal |
Not vulnerable
(code-not-present)
|
|
| hirsute |
Not vulnerable
(code-not-present)
|
|
| impish |
Not vulnerable
(code-not-present)
|
|
| jammy |
Not vulnerable
(code-not-present)
|
|
| kinetic |
Not vulnerable
(code-not-present)
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| xenial |
Not vulnerable
(code-not-present)
|
|