blob: 1270d73f1a3816e866621ea0a1b5ff2126028c08 [file] [log] [blame]
packages:
- module: golang.org/x/crypto
package: golang.org/x/crypto/ssh
symbols:
- connection.serverAuthenticate
versions:
- fixed: 0.0.0-20201216223049-8b5274cf687f
description: |
Clients can cause a panic in SSH servers. An attacker can craft
an authentication request message for the “gssapi-with-mic” method
which will cause NewServerConn to panic via a nil pointer dereference
if ServerConfig.GSSAPIWithMICConfig is nil.
published: 2022-02-17T17:35:32Z
cves:
- CVE-2020-29652
credit: Joern Schneewesiz, GitLab Security Research Team
links:
pr: https://go.dev/cl/278852
commit: https://go.googlesource.com/crypto/+/8b5274cf687fd9316b4108863654cc57385531e8
context:
- https://groups.google.com/g/golang-announce/c/ouZIlBimOsE?pli=1