CVE-2021-43565 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Medium
Remote	Yes
Type	Denial of service
Description	Version v0.0.0-20211202192323-5770296d904e of golang.org/x/crypto fixes a vulnerability in the golang.org/x/crypto/ssh package which allowed unauthenticated clients to cause a panic in SSH servers. When using AES-GCM or ChaCha20Poly1305, consuming a malformed packet which contains empty plaintext causes a panic, due to the assumption that there will always be at least one byte, containing the number of padding bytes.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-1511	golang-golang-x-crypto	0.0.20200303-2		Medium	Unknown	FS#70058

References
https://groups.google.com/g/golang-announce/c/2AR1sKiM-Qs/m/9LAF9FxvBwAJ https://github.com/golang/go/issues/49932 https://go-review.googlesource.com/c/crypto/+/368814/ https://github.com/golang/crypto/commit/5770296d904e90f15f38f77dfc2e43fdf5efc083

References

https://groups.google.com/g/golang-announce/c/2AR1sKiM-Qs/m/9LAF9FxvBwAJ
https://github.com/golang/go/issues/49932
https://go-review.googlesource.com/c/crypto/+/368814/
https://github.com/golang/crypto/commit/5770296d904e90f15f38f77dfc2e43fdf5efc083