CVE-2020-9283 — Vulnetix

CVE-2020-9283 PUBLISHED

golang.org/x/crypto before v0.0.0-20200220183623-bac4c82f6975 for Go allows a panic during signature verification in the golang.org/x/crypto/ssh package. A client can attack an SSH server that accepts public keys. Also, a server can attack any SSH client.

EPSS 18.68% · 95.4th percentile

Risk Scores

EPSS Score

18.68%

95.4th percentile

Affected Products

Vendor	Product	Versions
Ubuntu:Pro:18.04:LTS	golang-go.crypto	1:0.0~git20170629.0.5ef0053-2ubuntu0.1~esm1, *, 0
Ubuntu:Pro:16.04:LTS	golang-go.crypto	*, 0, 1:0.0~git20150608-1
Ubuntu:18.04:LTS	mongo-tools	0, 3.2.11-1, 3.4.14-1
Ubuntu:20.04:LTS	mongo-tools	0, 3.6.3-0ubuntu1

Exploit Intelligence

Exploit for CVE-2020-9283 based on Go (github-poc)
Exploit for CVE-2020-9283 based on Go (github-poc)
Exploit for CVE-2020-9283 based on Go (github-poc)
Exploit for CVE-2020-9283 based on Go (github-poc)
Exploit for CVE-2020-9283 based on Go (github-poc)
Exploit for CVE-2020-9283 based on Go (github-poc)
Exploit for CVE-2020-9283 based on Go (github-poc)
Exploit for CVE-2020-9283 based on Go (github-poc)
Exploit for CVE-2020-9283 based on Go (github-poc)
http://packetstormsecurity.com/files/156480/Go-SSH-0.0.2-Denial-Of-Service.html (nist-nvd)

…and 5 more exploits

Timeline

CVE Published
Feb 24, 2020 PoC Published
Apr 14, 2021 EPSS Score
Aug 30, 2021 PoC Published
Feb 4, 2022 EPSS Score
Mar 7, 2023 EPSS Score
Apr 23, 2023 EPSS Score
May 9, 2023 EPSS Score
Jun 8, 2023 EPSS Score
Jun 17, 2023 EPSS Score
Jul 10, 2023 EPSS Score
Oct 20, 2023 EPSS Score

References

https://ubuntu.com/security/CVE-2020-9283 third-party-advisory
http://packetstormsecurity.com/files/156480/Go-SSH-0.0.2-Denial-Of-Service.html third-party-advisory
https://groups.google.com/forum/#!topic/golang-announce/3L45YRc91SY third-party-advisory
https://www.cve.org/CVERecord?id=CVE-2020-9283 third-party-advisory
Multiples vulnérabilités dans les produits Palo Alto Networks advisory

Open in Interactive Console →