CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-22869 – Potential denial of service in golang.org/x/crypto
https://notcve.org/view.php?id=CVE-2025-22869
26 Feb 2025 — SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted. A flaw was found in the golang.org/x/crypto/ssh package. SSH clients and servers are vulnerable to increased resource consumption, possibly leading to memory exhaustion and a DoS. This can occur during key exchange when the other party is slow to respond during key exchange. ... • https://go.dev/cl/652135 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 9.1EPSS: 38%CPEs: 1EXPL: 3CVE-2024-45337 – Misuse of connection.serverAuthenticate may cause authorization bypass in golang.org/x/crypto
https://notcve.org/view.php?id=CVE-2024-45337
11 Dec 2024 — Applications and libraries which misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass. Applications and libraries which misuse connection.serverAuthenticate (via callback field ServerConfig.PublicKeyCallback) may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that "A call to this function does not guarantee that the key offered is in fact used to authenticate." Specifically, the SSH protocol allows clients to i... • https://github.com/NHAS/CVE-2024-45337-POC • CWE-285: Improper Authorization •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-30636 – Limited directory traversal vulnerability on Windows in golang.org/x/crypto
https://notcve.org/view.php?id=CVE-2022-30636
02 Jul 2024 — httpTokenCacheKey uses path.Base to extract the expected HTTP-01 token value to lookup in the DirCache implementation. On Windows, path.Base acts differently to filepath.Base, since Windows uses a different path separator (\ vs. /), allowing a user to provide a relative path, i.e. .well-known/acme-challenge/..\..\asd becomes ..\..\asd. The extracted path is then suffixed with +http-01, joined with the cache directory, and opened. • https://go.dev/cl/408694 •
CVSS: 9.8EPSS: 79%CPEs: 79EXPL: 5CVE-2023-48795 – ssh: Prefix truncation attack on Binary Packet Protocol (BPP)
https://notcve.org/view.php?id=CVE-2023-48795
18 Dec 2023 — The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phas... • https://packetstorm.news/files/id/176280 • CWE-222: Truncation of Security-relevant Information CWE-354: Improper Validation of Integrity Check Value •
CVSS: 5.9EPSS: 0%CPEs: 3EXPL: 3CVE-2019-11841 – Go Cryptography Libraries Cleartext Message Spoofing
https://notcve.org/view.php?id=CVE-2019-11841
13 May 2019 — A message-forgery issue was discovered in crypto/openpgp/clearsign/clearsign.go in supplementary Go cryptography libraries 2019-03-25. According to the OpenPGP Message Format specification in RFC 4880 chapter 7, a cleartext signed message can contain one or more optional "Hash" Armor Headers. The "Hash" Armor Header specifies the message digest algorithm(s) used for the signature. However, the Go clearsign package ignores the value of this header, which allows an attacker to spoof it. Consequently, an attac... • https://packetstorm.news/files/id/152840 • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 5.9EPSS: 2%CPEs: 3EXPL: 0CVE-2019-11840 – golang.org/x/crypto: Keystream loop in amd64 assembly when overflowing 32-bit counter
https://notcve.org/view.php?id=CVE-2019-11840
09 May 2019 — An issue was discovered in the supplementary Go cryptography library, golang.org/x/crypto, before v0.0.0-20190320223903-b7391e95e576. A flaw was found in the amd64 implementation of the golang.org/x/crypto/salsa20 and golang.org/x/crypto/salsa20/salsa packages. If more than 256 GiB of keystream is generated, or if the counter otherwise grows greater than 32 bits, the amd64 implementation will first generate incorrect output, and then cycle back to previously generated keystream. Repeated keystream bytes can... • https://bugzilla.redhat.com/show_bug.cgi?id=1691529 • CWE-330: Use of Insufficiently Random Values •
CVSS: 8.1EPSS: 1%CPEs: 1EXPL: 0CVE-2017-3204
https://notcve.org/view.php?id=CVE-2017-3204
04 Apr 2017 — The Go SSH library (x/crypto/ssh) by default does not verify host keys, facilitating man-in-the-middle attacks. Default behavior changed in commit e4e2799 to require explicitly registering a hostkey verification mechanism. La librería Go SSH (x/crypto/ssh) por defecto no verifica las claves del host, facilitando ataques man-in-the-middle. El comportamiento predeterminado cambió en commit e4e2799 para requerir el registro explícito de un mecanismo de verificación de hostkey. • http://www.securityfocus.com/bid/97481 • CWE-310: Cryptographic Issues •