| Copyright 2023 The Go Authors. All rights reserved. |
| Use of this source code is governed by a BSD-style |
| license that can be found in the LICENSE file. |
| |
| Expected output of TestCVE5ToReport/CVE-2020-9283. |
| |
| -- CVE-2020-9283 -- |
| id: PLACEHOLDER-ID |
| modules: |
| - module: golang.org/x/crypto |
| packages: |
| - package: golang.org/x/crypto |
| description: | |
| golang.org/x/crypto before v0.0.0-20200220183623-bac4c82f6975 for Go allows a panic during signature verification in the golang.org/x/crypto/ssh package. A client can attack an SSH server that accepts public keys. Also, a server can attack any SSH client. |
| cves: |
| - CVE-2020-9283 |
| references: |
| - web: https://groups.google.com/forum/#!topic/golang-announce/3L45YRc91SY |
| - web: http://packetstormsecurity.com/files/156480/Go-SSH-0.0.2-Denial-Of-Service.html |
| - web: https://lists.debian.org/debian-lts-announce/2020/10/msg00014.html |
| - web: https://lists.debian.org/debian-lts-announce/2020/11/msg00027.html |
| - web: https://lists.debian.org/debian-lts-announce/2020/11/msg00031.html |
| - web: https://lists.debian.org/debian-lts-announce/2023/06/msg00017.html |