Your submission was sent successfully! Close

CVE-2022-27191

Published: 18 March 2022

The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to crash a server in certain circumstances involving AddHostKey.

Notes

AuthorNote
jdstrand
snapd contains an embedded copy of golang-go.crypto
lxd in 18.04 LTS and earlier contains an embedded copy of
golang-go.crypto
mdeslaur
snapd and lxd only use the terminal sub-package, not the ssh
part of golang-go.crypto, so they are not vulnerable
Priority

Medium

CVSS 3 base score: 7.5

Status

Package Release Status
golang-go.crypto
Launchpad, Ubuntu, Debian
bionic Needs triage

focal Needs triage

impish Ignored
(reached end-of-life)
jammy Needs triage

kinetic Needs triage

trusty Does not exist

upstream Needs triage

xenial Needs triage

lxd
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(code-not-present)
focal Not vulnerable
(code-not-present)
impish Not vulnerable
(code-not-present)
jammy Does not exist

trusty Does not exist

upstream Needs triage

xenial Not vulnerable
(code-not-present)
snapd
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(code-not-present)
focal Not vulnerable
(code-not-present)
impish Not vulnerable
(code-not-present)
jammy Not vulnerable
(code-not-present)
kinetic Not vulnerable
(code-not-present)
trusty Does not exist

upstream Needs triage

xenial Not vulnerable
(code-not-present)