golang.org/x/crypto/ssh NULL Pointer Dereference vulnerability

Overview

Source
ID
GHSA-3vm4-22fp-5rfm
Aliases
CVE-2020-29652
GO-2021-0227
Affected package

Description

A nil pointer dereference in the golang.org/x/crypto/ssh component through v0.0.0-20201203163018-be400aefbc4c for Go allows remote attackers to cause a denial of service against SSH servers. An attacker can craft an authentication request message for the `gssapi-with-mic` method which will cause NewServerConn to panic via a nil pointer dereference if ServerConfig.GSSAPIWithMICConfig is nil.

Summary

48.92k
Total packages affected
Packages with at least one version that is affected by the advisory or has an affected dependency.
7.33k
Packages with a known fix
Packages with versions affected by the advisory that have a greater version that is not affected.
3.71%
Total ecosystem affected
The proportion of packages in the ecosystem that are affected by the advisory (fixed or not).
Affected Version: Introduced: 0, Fixed: 0.0.0-20201216223049-8b5274cf687f
Patched/Unaffected
v0.26.0
v0.27.0
v0.28.0
v0.29.0
v0.30.0
v0.31.0
v0.32.0
Affected