golang.org/x/crypto/ssh NULL Pointer Dereference vulnerability
Overview
Source
ID
GHSA-3vm4-22fp-5rfm
Aliases
CVE-2020-29652
GO-2021-0227
Affected package
Description
A nil pointer dereference in the golang.org/x/crypto/ssh component through v0.0.0-20201203163018-be400aefbc4c for Go allows remote attackers to cause a denial of service against SSH servers. An attacker can craft an authentication request message for the `gssapi-with-mic` method which will cause NewServerConn to panic via a nil pointer dereference if ServerConfig.GSSAPIWithMICConfig is nil.
Impact
Severity
help_outline
Latest version of the CVSS score reported by the source of the advisory.
7.5 HIGH
Reference links
Summary
48.92k
Total packages affected
help_outline
Packages with at least one version that is affected by the advisory or has an affected dependency.
7.33k
Packages with a known fix
help_outline
Packages with versions affected by the advisory that have a greater version that is not affected.
3.71%
Total ecosystem affected
help_outline
The proportion of packages in the ecosystem that are affected by the advisory (fixed or not).
Affected Version: Introduced: 0, Fixed: 0.0.0-20201216223049-8b5274cf687f
Patched/Unaffected
Affected