[security] Vulnerability in golang.org/x/crypto/ssh

674 views
Skip to first unread message

Roland Shoemaker

unread,
Dec 2, 2021, 2:51:58 PM12/2/21
to golan...@googlegroups.com
Hello gophers,

Version v0.0.0-20211202192323-5770296d904e of golang.org/x/crypto fixes a vulnerability in the golang.org/x/crypto/ssh package which allowed unauthenticated clients to cause a panic in SSH servers.

This issue was discovered and reported by Rod Hynes, Psiphon Inc., and is tracked as CVE-2021-43565 and Issue #49932.

Roland on behalf of the Go team
Reply all
Reply to author
Forward
0 new messages