CVE-2020-9283 — Vulnetix

Try Vulnetix Request Demo

CVE-2020-9283 PUBLISHED

golang.org/x/crypto before v0.0.0-20200220183623-bac4c82f6975 for Go allows a panic during signature verification in the golang.org/x/crypto/ssh package. A client can attack an SSH server that accepts public keys. Also, a server can attack any SSH client.

EPSS 18.68% · 95.2th percentile

Risk Scores

EPSS Score

18.68%

95.2th percentile

Affected Products

Vendor	Product	Versions
Ubuntu:Pro:18.04:LTS	golang-go.crypto	0, 1:0.0~git20170629.0.5ef0053-1ubuntu1, 1:0.0~git20170629.0.5ef0053-1ubuntu2
Ubuntu:Pro:16.04:LTS	golang-go.crypto	1:0.0~git20151201.0.7b85b09-2ubuntu0.1~esm1, 0, 1:0.0~git20150608-1
Ubuntu:18.04:LTS	mongo-tools	3.4.14-1, 3.6.3-0ubuntu1, 3.2.11-1ubuntu1
Ubuntu:20.04:LTS	mongo-tools	0, 3.6.3-0ubuntu1

Timeline

CVE Published
Feb 24, 2020 PoC Published
Apr 14, 2021 EPSS Score
Aug 30, 2021 PoC Published
Feb 4, 2022 EPSS Score
Mar 7, 2023 EPSS Score
Apr 23, 2023 EPSS Score
May 9, 2023 EPSS Score
Jun 8, 2023 EPSS Score
Jun 17, 2023 EPSS Score
Jul 10, 2023 EPSS Score
Oct 20, 2023 EPSS Score

References

https://ubuntu.com/security/CVE-2020-9283 third-party-advisory
http://packetstormsecurity.com/files/156480/Go-SSH-0.0.2-Denial-Of-Service.html third-party-advisory
https://groups.google.com/forum/#!topic/golang-announce/3L45YRc91SY third-party-advisory
https://www.cve.org/CVERecord?id=CVE-2020-9283 third-party-advisory
Multiples vulnérabilités dans les produits Palo Alto Networks advisory

Open in Interactive Console →