[security] Vulnerability in golang.org/x/crypto/ssh
960 views
Skip to first unread message
Roland Shoemaker
Dec 2, 2021, 2:51:58 PM12/2/21
to golan...@googlegroups.com
Hello gophers,
Version v0.0.0-20211202192323-5770296d904e of golang.org/x/crypto fixes a vulnerability in the golang.org/x/crypto/ssh package which allowed unauthenticated clients to cause a panic in SSH servers.
This issue was discovered and reported by Rod Hynes, Psiphon Inc., and is tracked as CVE-2021-43565 and Issue #49932.
Version v0.0.0-20211202192323-5770296d904e of golang.org/x/crypto fixes a vulnerability in the golang.org/x/crypto/ssh package which allowed unauthenticated clients to cause a panic in SSH servers.
This issue was discovered and reported by Rod Hynes, Psiphon Inc., and is tracked as CVE-2021-43565 and Issue #49932.
Roland on behalf of the Go team
Reply all
Reply to author
Forward
0 new messages