| commit | f91f7a7c31bf90b39c1de895ad116a2bacc88748 | [log] [tgz] |
|---|---|---|
| author | Neal Patel <nealpatel@google.com> | Wed Sep 10 14:27:42 2025 -0400 |
| committer | Gopher Robot <gobot@golang.org> | Wed Nov 19 11:28:34 2025 -0800 |
| tree | 814863f3118dff7cd50a6494cdfad81a85d6a709 | |
| parent | 2df4153a0311bdfea44376e0eb6ef2faefb0275b [diff] |
ssh/agent: prevent panic on malformed constraint An attacker could supply a malformed Constraint that would trigger a panic in a serving agent, effectively causing denial of service. Thank you to Jakub Ciolek for reporting this issue. Fixes CVE-2025-47914 Fixes golang/go#76364 Change-Id: I195bbc68b1560d4f04897722a6a653a7cbf086eb Reviewed-on: https://go-review.googlesource.com/c/crypto/+/721960 LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Auto-Submit: Roland Shoemaker <roland@golang.org> Reviewed-by: Damien Neil <dneil@google.com>
This repository holds supplementary Go cryptography packages.
This repository uses Gerrit for code changes. To learn how to submit changes to this repository, see https://go.dev/doc/contribute.
The git repository is https://go.googlesource.com/crypto.
The main issue tracker for the crypto repository is located at https://go.dev/issues. Prefix your issue with “x/crypto:” in the subject line, so it is easy to find.
Note that contributions to the cryptography package receive additional scrutiny due to their sensitive nature. Patches may take longer than normal to receive feedback.