| id: GO-2022-0968 |
| modules: |
| - module: golang.org/x/crypto |
| versions: |
| - fixed: 0.0.0-20211202192323-5770296d904e |
| vulnerable_at: 0.0.0-20211117183948-ae814b36b871 |
| packages: |
| - package: golang.org/x/crypto/ssh |
| symbols: |
| - gcmCipher.readCipherPacket |
| - chacha20Poly1305Cipher.readCipherPacket |
| derived_symbols: |
| - Dial |
| - NewClientConn |
| - NewServerConn |
| - curve25519sha256.Client |
| - curve25519sha256.Server |
| - dhGEXSHA.Client |
| - dhGEXSHA.Server |
| - dhGroup.Client |
| - dhGroup.Server |
| - ecdh.Client |
| - ecdh.Server |
| summary: Panic on malformed packets in golang.org/x/crypto/ssh |
| description: |- |
| Unauthenticated clients can cause a panic in SSH servers. |
| |
| When using AES-GCM or ChaCha20Poly1305, consuming a malformed packet which |
| contains an empty plaintext causes a panic. |
| published: 2022-09-13T03:32:38Z |
| cves: |
| - CVE-2021-43565 |
| ghsas: |
| - GHSA-gwc9-m7rh-j2ww |
| credits: |
| - Rod Hynes (Psiphon Inc) |
| references: |
| - web: https://groups.google.com/g/golang-announce/c/2AR1sKiM-Qs |
| - report: https://go.dev/issues/49932 |
| - fix: https://go.dev/cl/368814/ |
| review_status: REVIEWED |