CVE-2020-9283 log

Source
Severity Medium
Remote Yes
Type Denial of service
Description
A security issue has been found in golang.org/x/crypto before v0.0.0-20200220183623-bac4c82f6975. An attacker can craft an ssh-ed25519 or sk-ssh-ed25519@openssh.com public key, such that the library will panic when trying to verify a signature with it. Clients can deliver such a public key and signature to any golang.org/x/crypto/ssh server with a PublicKeyCallback, and servers can deliver them to any golang.org/x/crypto/ssh client.
Group Package Affected Fixed Severity Status Ticket
AVG-1109 golang-golang-x-crypto 0.0.20191228-1 0.0.20200303-1 Medium Fixed
Date Advisory Group Package Severity Description
08 Mar 2020 ASA-202003-4 AVG-1109 golang-golang-x-crypto Medium denial of service
References
https://github.com/golang/crypto/commit/bac4c82f69751a6dd76e702d54b3ceb88adab236
https://groups.google.com/forum/#!topic/golang-announce/3L45YRc91SY
https://packetstormsecurity.com/files/156480/Go-SSH-0.0.2-Denial-Of-Service.html