CVE-2020-9283 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Medium
Remote	Yes
Type	Denial of service
Description	A security issue has been found in golang.org/x/crypto before v0.0.0-20200220183623-bac4c82f6975. An attacker can craft an ssh-ed25519 or sk-ssh-ed25519@openssh.com public key, such that the library will panic when trying to verify a signature with it. Clients can deliver such a public key and signature to any golang.org/x/crypto/ssh server with a PublicKeyCallback, and servers can deliver them to any golang.org/x/crypto/ssh client.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-1109	golang-golang-x-crypto	0.0.20191228-1	0.0.20200303-1	Medium	Fixed

Date	Advisory	Group	Package	Severity	Type
08 Mar 2020	ASA-202003-4	AVG-1109	golang-golang-x-crypto	Medium	denial of service

References
https://github.com/golang/crypto/commit/bac4c82f69751a6dd76e702d54b3ceb88adab236 https://groups.google.com/forum/#!topic/golang-announce/3L45YRc91SY https://packetstormsecurity.com/files/156480/Go-SSH-0.0.2-Denial-Of-Service.html

References

https://github.com/golang/crypto/commit/bac4c82f69751a6dd76e702d54b3ceb88adab236
https://groups.google.com/forum/#!topic/golang-announce/3L45YRc91SY
https://packetstormsecurity.com/files/156480/Go-SSH-0.0.2-Denial-Of-Service.html