CVE search results

21 – 28 of 28 results

Detailed view

Sort by:

CVE-2021-43565

Medium priority

Needs evaluation

The x/crypto/ssh package before 0.0.0-20211202192323-5770296d904e of golang.org/x/crypto allows an attacker to panic an SSH server.

3 affected packages

golang-go.crypto, lxd, snapd

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
golang-go.crypto	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
lxd	—	—	—	Not affected	Not affected
snapd	Not affected	Not affected	Not affected	Not affected	Not affected

CVE-2022-27191

Medium priority

Needs evaluation

The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to crash a server in certain circumstances involving AddHostKey.

3 affected packages

golang-go.crypto, lxd, snapd

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
golang-go.crypto	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
lxd	—	—	Not in release	Not affected	Not affected
snapd	Not affected	Not affected	Not affected	Not affected	Not affected

CVE-2022-23806

Medium priority

Needs evaluation

Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true in situations with a big.Int value that is not a valid field element.

3 affected packages

golang-go.crypto, lxd, snapd

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
golang-go.crypto	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
lxd	—	—	—	Not affected	Needs evaluation
snapd	Not affected	Not affected	Not affected	Not affected	Not affected

CVE-2020-29652

Medium priority

Some fixes available 11 of 20

A nil pointer dereference in the golang.org/x/crypto/ssh component through v0.0.0-20201203163018-be400aefbc4c for Go allows remote attackers to cause a denial of service against SSH servers.

4 affected packages

golang-go.crypto, kubernetes, snapd, lxd

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
golang-go.crypto	Fixed	Fixed	Fixed	Vulnerable	Not affected
kubernetes	Not in release	Not affected	Not affected	Not affected	Not in release
snapd	Not affected	Not affected	Not affected	Not affected	Not affected
lxd	—	—	—	Not affected	Not affected

golang.org/x/crypto before v0.0.0-20200220183623-bac4c82f6975 for Go allows a panic during signature verification in the golang.org/x/crypto/ssh package. A client can attack an SSH server that accepts public keys. Also, a server...

4 affected packages

golang-go.crypto, lxd, mongo-tools, snapd

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
golang-go.crypto	Not affected	Not affected	Not affected	Not affected	Vulnerable
lxd	—	—	—	Not affected	Not affected
mongo-tools	Not in release	Not in release	Not in release	Needs evaluation	Needs evaluation
snapd	Not affected	Not affected	Not affected	Not affected	Not affected

CVE-2019-11841

Medium priority

Vulnerable

A message-forgery issue was discovered in crypto/openpgp/clearsign/clearsign.go in supplementary Go cryptography libraries 2019-03-25. According to the OpenPGP Message Format specification in RFC 4880 chapter 7, a cleartext signed...

2 affected packages

golang-go.crypto, snapd

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
golang-go.crypto	Not affected	Not affected	Not affected	Not affected	Vulnerable
snapd	Not affected	Not affected	Not affected	Not affected	Not affected

CVE-2019-11840

Medium priority

Vulnerable

An issue was discovered in the supplementary Go cryptography library, golang.org/x/crypto, before v0.0.0-20190320223903-b7391e95e576. A flaw was found in the amd64 implementation of the golang.org/x/crypto/salsa20...

3 affected packages

golang-go.crypto, lxd, snapd

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
golang-go.crypto	Not affected	Not affected	Not affected	Not affected	Vulnerable
lxd	—	—	—	Not affected	Not affected
snapd	Ignored	Ignored	Ignored	Ignored	Ignored

CVE-2017-3204

Low priority

Vulnerable

The Go SSH library (x/crypto/ssh) by default does not verify host keys, facilitating man-in-the-middle attacks. Default behavior changed in commit e4e2799 to require explicitly registering a hostkey verification mechanism.

3 affected packages

golang-go.crypto, ubuntu-snappy, snapd

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
golang-go.crypto	Not affected	Not affected	Not affected	Not affected	Not affected
ubuntu-snappy	Not in release	Not in release	Not in release	Not in release	Not in release
snapd	Ignored	Ignored	Ignored	Ignored	Ignored

Export to JSON

Results by page:

Search CVE reports

CVE-2021-43565

CVE-2022-27191

CVE-2022-23806

CVE-2020-29652

CVE-2020-9283

CVE-2019-11841

CVE-2019-11840

CVE-2017-3204