Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 883667 (CVE-2022-27191) - [Tracker] Denial of service in Go's crypto/ssh
Summary: [Tracker] Denial of service in Go's crypto/ssh
Status: CONFIRMED
Alias: CVE-2022-27191
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard:
Keywords:
Depends on: 883653 838232
Blocks:
  Show dependency tree
 
Reported: 2022-11-29 19:28 UTC by John Helmert III
Modified: 2022-11-29 20:13 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-11-29 19:28:09 UTC
CVE-2022-27191 (https://groups.google.com/g/golang-announce/c/-cp44ypCT5s):

golang.org/x/crypto/ssh before 0.0.0-20220314234659-1baeb1ce4c0b in Go through 1.16.15 and 1.17.x through 1.17.8 allows an attacker to crash a server in certain circumstances involving AddHostKey.