CVE-2021-43565 log

Severity Medium
Remote Yes
Type Denial of service
Version v0.0.0-20211202192323-5770296d904e of fixes a vulnerability in the package which allowed unauthenticated clients to cause a panic in SSH servers. When using AES-GCM or ChaCha20Poly1305, consuming a malformed packet which contains empty plaintext causes a panic, due to the assumption that there will always be at least one byte, containing the number of padding bytes.
Group Package Affected Fixed Severity Status Ticket
AVG-1511 golang-golang-x-crypto 0.0.20200303-2 Medium Vulnerable FS#70058