Panic on crafted authentication request message in golang.org/x/crypto/ssh
Overview
Source
ID
GO-2021-0227
Aliases
CVE-2020-29652
GHSA-3vm4-22fp-5rfm
Affected package
Description
Clients can cause a panic in SSH servers. An attacker can craft an authentication request message for the “gssapi-with-mic” method which will cause NewServerConn to panic via a nil pointer dereference if ServerConfig.GSSAPIWithMICConfig is nil.
Summary
48.92k
Total packages affected
help_outline
Packages with at least one version that is affected by the advisory or has an affected dependency.
7.33k
Packages with a known fix
help_outline
Packages with versions affected by the advisory that have a greater version that is not affected.
3.71%
Total ecosystem affected
help_outline
The proportion of packages in the ecosystem that are affected by the advisory (fixed or not).
Affected Version: Introduced: 0, Fixed: 0.0.0-20201216223049-8b5274cf687f
Patched/Unaffected
Affected