CVE-2022-27191

Name
CVE-2022-27191
Description
The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to crash a server in certain circumstances involving AddHostKey.
NVD Severity
medium
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
CONFIRM https://groups.google.com/g/golang-announce/c/-cp44ypCT5s
MISC https://groups.google.com/g/golang-announce
Mailing List https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HHGBEGJ54DZZGTXFUQNS7ZIG3E624YAF/
Mailing List https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QTFOIDHQRGNI4P6LYN6ILH5G443RYYKB/
Mailing List https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQNPPQWSTP2IX7SHE6TS4SP4EVMI5EZK/
Mailing List https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YHYRQB7TRMHDB3NEHW5XBRG7PPMUTPGV/
Mailing List https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J5WPM42UR6XIBQNQPNQHM32X7S4LJTRX/
Third Party Advisory https://security.netapp.com/advisory/ntap-20220429-0002/
Third Party Advisory https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EZ3S7LB65N54HXXBCB67P4TTOHTNPP5O/
Third Party Advisory https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZFUNHFHQVJSADNH7EZ3B53CYDZVEEPBP/
FEDORA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DLUJZV3HBP56ADXU6QH2V7RNYUPMVBXQ/
Mailing List https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR/
Mailing List https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5/
Mailing List https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HHGBEGJ54DZZGTXFUQNS7ZIG3E624YAF/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QTFOIDHQRGNI4P6LYN6ILH5G443RYYKB/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YHYRQB7TRMHDB3NEHW5XBRG7PPMUTPGV/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQNPPQWSTP2IX7SHE6TS4SP4EVMI5EZK/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J5WPM42UR6XIBQNQPNQHM32X7S4LJTRX/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZ3S7LB65N54HXXBCB67P4TTOHTNPP5O/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZFUNHFHQVJSADNH7EZ3B53CYDZVEEPBP/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DLUJZV3HBP56ADXU6QH2V7RNYUPMVBXQ/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6/

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:golang:go:*:*:*:*:*:*:*:* go >= None <= 1.16.15
cpe:2.3:a:golang:go:*:*:*:*:*:*:*:* go >= 1.17.0 <= 1.17.8
cpe:2.3:a:golang:ssh:*:*:*:*:*:*:*:* ssh >= None < 0.0.0-20220314234659-1baeb1ce4c0b

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
go edge-community 1.17.8-r0 Natanael Copa <ncopa@alpinelinux.org> fixed
go edge-community 1.17.7-r0 None fixed
go edge-community 1.17.6-r0 Natanael Copa <ncopa@alpinelinux.org> fixed
go edge-community 1.17.3-r0 Natanael Copa <ncopa@alpinelinux.org> fixed
go edge-community 1.17.2-r0 Natanael Copa <ncopa@alpinelinux.org> fixed
go edge-community 1.17.1-r0 Natanael Copa <ncopa@alpinelinux.org> fixed
go edge-community 1.16.7-r0 Natanael Copa <ncopa@alpinelinux.org> fixed
go edge-community 1.16.6-r0 Natanael Copa <ncopa@alpinelinux.org> fixed
go edge-community 1.16.5-r0 Natanael Copa <ncopa@alpinelinux.org> fixed
go edge-community 1.16.4-r0 Natanael Copa <ncopa@alpinelinux.org> fixed
go edge-community 1.16.2-r0 None fixed
go edge-community 1.15.7-r0 None fixed
go edge-community 1.15.5-r0 None fixed
go edge-community 1.15.2-r0 None fixed
go edge-community 1.15-r0 None fixed
go edge-community 1.14.5-r0 None fixed
go edge-community 1.13.7-r0 None fixed
go edge-community 1.13.2-r0 None fixed
go edge-community 1.13.1-r0 None fixed
go edge-community 1.12.8-r0 None fixed
go edge-community 1.11.5-r0 None fixed
go edge-community 1.9.4-r0 None fixed
go 3.22-community 1.17.8-r0 None fixed
go 3.22-community 1.17.7-r0 None fixed
go 3.22-community 1.17.6-r0 None fixed
go 3.22-community 1.17.3-r0 None fixed
go 3.22-community 1.17.2-r0 None fixed
go 3.22-community 1.17.1-r0 None fixed
go 3.22-community 1.16.7-r0 None fixed
go 3.22-community 1.16.6-r0 None fixed
go 3.22-community 1.16.5-r0 None fixed
go 3.22-community 1.16.4-r0 None fixed
go 3.22-community 1.16.2-r0 None fixed
go 3.22-community 1.15.7-r0 None fixed
go 3.22-community 1.15.5-r0 None fixed
go 3.22-community 1.15.2-r0 None fixed
go 3.22-community 1.15-r0 None fixed
go 3.22-community 1.14.5-r0 None fixed
go 3.22-community 1.13.7-r0 None fixed
go 3.22-community 1.13.2-r0 None fixed
go 3.22-community 1.13.1-r0 None fixed
go 3.22-community 1.12.8-r0 None fixed
go 3.22-community 1.11.5-r0 None fixed
go 3.22-community 1.9.4-r0 None fixed
git-lfs edge-community 3.1.2-r4 Jakub Jirutka <jakub@jirutka.cz> fixed
git-lfs 3.22-community 3.1.2-r4 None fixed
git-lfs 3.21-community 3.1.2-r4 None fixed
git-lfs 3.20-community 3.1.2-r4 None fixed
git-lfs 3.19-community 3.1.2-r4 None fixed
git-lfs 3.18-community 3.1.2-r4 None fixed
git-lfs 3.17-community 3.1.2-r4 None fixed
coredns edge-community 1.9.3-r0 Mark Pashmfouroush <mark@markpash.me> fixed
coredns 3.22-community 1.9.3-r0 None fixed
coredns 3.21-community 1.9.3-r0 None fixed
coredns 3.20-community 1.9.3-r0 None fixed
coredns 3.19-community 1.9.3-r0 None fixed
coredns 3.18-community 1.9.3-r0 None fixed
coredns 3.17-community 1.9.3-r0 None fixed