CVE-2020-29652 - A nil pointer dereference in the golang.org/x/crypto/ssh component through v0.0.0-20201203163018-be4

CVE-2020-29652

Summary

A nil pointer dereference in the golang.org/x/crypto/ssh component through v0.0.0-20201203163018-be400aefbc4c for Go allows remote attackers to cause a denial of service against SSH servers.

References

https://go-review.googlesource.com/c/crypto/+/278852
https://groups.google.com/g/golang-announce/c/ouZIlBimOsE?pli=1
https://lists.apache.org/thread.html/r68032132c0399c29d6cdc7bd44918535da54060a10a12b1591328bff@%3Cnotifications.skywalking.apache.org%3E

Vulnerable Configurations

cpe:2.3:a:golang:go:0.0.0-20201203163018-be400aefbc4c:*:*:*:*:*:*:*
cpe:2.3:a:golang:go:0.0.0-20201203163018-be400aefbc4c:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 01-04-2022 - 15:44)
Impact:
Exploitability:

CWE

CWE-476

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:N/A:P

refmap via4

misc

https://go-review.googlesource.com/c/crypto/+/278852
https://groups.google.com/g/golang-announce/c/ouZIlBimOsE?pli=1

Last major update

01-04-2022 - 15:44

Published

17-12-2020 - 05:15

Last modified

01-04-2022 - 15:44