VDB

CVE-2017-3204

CVE-2017-3204 PUBLISHED

The Go SSH library (x/crypto/ssh) by default does not verify host keys, facilitating man-in-the-middle attacks. Default behavior changed in commit e4e2799 to require explicitly registering a hostkey verification mechanism.

EPSS 0.45% · 64.2th percentile

Risk Scores

EPSS Score
0.45%
64.2th percentile

Affected Products

VendorProductVersions
Ubuntu:20.04:LTSsnapd2.49.2+20.04, 0, 2.66.1+20.04
Ubuntu:Pro:18.04:LTSsnapd2.31.1+18.04, *, 2.28.5+17.10
Ubuntu:22.04:LTSsnapd2.57.5+22.04ubuntu0.1, 2.58+22.04, 2.61.3+22.04
Ubuntu:24.04:LTSsnapd2.71+ubuntu24.04, 2.62+24.04build1, 2.63+24.04
Ubuntu:Pro:16.04:LTSsnapd2.0.1, 2.54.3+16.04.0ubuntu0.1~esm6, 2.54.3+16.04.0ubuntu0.1~esm5
Ubuntu:25.10snapd2.73+ubuntu25.10, 2.68.5+ubuntu25.10.2, 2.67.1+25.04
Ubuntu:Pro:16.04:LTSgolang-go.crypto1:0.0~git20150608-1, 1:0.0~git20151201.0.7b85b09-2, 0

Timeline

  • Apr 4, 2017 CVE Published
  • Apr 14, 2021 EPSS Score
  • Jun 23, 2021 EPSS Score
  • Aug 24, 2021 EPSS Score
  • Dec 27, 2021 EPSS Score
  • Feb 28, 2022 EPSS Score
  • May 2, 2022 EPSS Score
  • Jul 3, 2022 EPSS Score
  • Sep 5, 2022 EPSS Score
  • Nov 6, 2022 EPSS Score
  • Mar 7, 2023 EPSS Score
  • Mar 11, 2023 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›