| Copyright 2024 The Go Authors. All rights reserved. |
| Use of this source code is governed by a BSD-style |
| license that can be found in the LICENSE file. |
| |
| Expected output of TestCVEToReport/CVE-2020-9283. |
| |
| -- CVE-2020-9283 -- |
| id: GO-ID-PENDING |
| modules: |
| - module: golang.org/x/crypto |
| vulnerable_at: 0.22.0 |
| packages: |
| - package: n/a |
| summary: CVE-2020-9283 in golang.org/x/crypto |
| description: |- |
| golang.org/x/crypto before v0.0.0-20200220183623-bac4c82f6975 for Go allows a |
| panic during signature verification in the golang.org/x/crypto/ssh package. A |
| client can attack an SSH server that accepts public keys. Also, a server can |
| attack any SSH client. |
| cves: |
| - CVE-2020-9283 |
| references: |
| - web: https://groups.google.com/forum/#!topic/golang-announce/3L45YRc91SY |
| - web: http://packetstormsecurity.com/files/156480/Go-SSH-0.0.2-Denial-Of-Service.html |
| - web: https://lists.debian.org/debian-lts-announce/2020/10/msg00014.html |
| - web: https://lists.debian.org/debian-lts-announce/2020/11/msg00027.html |
| - web: https://lists.debian.org/debian-lts-announce/2020/11/msg00031.html |
| - web: https://lists.debian.org/debian-lts-announce/2023/06/msg00017.html |
| source: |
| id: CVE-2020-9283 |