CVE-2020-9283 log

Severity Medium
Remote Yes
Type Denial of service
A security issue has been found in before v0.0.0-20200220183623-bac4c82f6975. An attacker can craft an ssh-ed25519 or public key, such that the library will panic when trying to verify a signature with it. Clients can deliver such a public key and signature to any server with a PublicKeyCallback, and servers can deliver them to any client.
Group Package Affected Fixed Severity Status Ticket
AVG-1109 golang-golang-x-crypto 0.0.20191228-1 0.0.20200303-1 Medium Fixed
Date Advisory Group Package Severity Type
08 Mar 2020 ASA-202003-4 AVG-1109 golang-golang-x-crypto Medium denial of service