CVE-2021-43565 log

Source
Severity Medium
Remote Yes
Type Denial of service
Description
Version v0.0.0-20211202192323-5770296d904e of golang.org/x/crypto fixes a vulnerability in the golang.org/x/crypto/ssh package which allowed unauthenticated clients to cause a panic in SSH servers. When using AES-GCM or ChaCha20Poly1305, consuming a malformed packet which contains empty plaintext causes a panic, due to the assumption that there will always be at least one byte, containing the number of padding bytes.
Group Package Affected Fixed Severity Status Ticket
AVG-1511 golang-golang-x-crypto 0.0.20200303-2 Medium Unknown FS#70058
References
https://groups.google.com/g/golang-announce/c/2AR1sKiM-Qs/m/9LAF9FxvBwAJ
https://github.com/golang/go/issues/49932
https://go-review.googlesource.com/c/crypto/+/368814/
https://github.com/golang/crypto/commit/5770296d904e90f15f38f77dfc2e43fdf5efc083