VDB

RHSA-2020%3A3372

RHSA-2020%3A3372 PUBLISHED CVSS 7.5 HIGH

A denial of service vulnerability was found in the SSH package of the golang.org/x/crypto library. An attacker could exploit this flaw by supplying crafted SSH ed25519 keys to cause a crash in applications that use this package as either an SSH client or server.

Risk Scores

CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products

VendorProductVersions
Red Hatopenshift-service-mesh/3scale-istio-adapter-rhel8@sha256:fcae2ea5da6d94016b2502f277b1a7fd3e29d0357fc727fcd61963026d22e607_amd64 as a component of OpenShift Service Mesh 1.0*
Red Hatopenshift-service-mesh/3scale-istio-adapter-rhel8@sha256:fcae2ea5da6d94016b2502f277b1a7fd3e29d0357fc727fcd61963026d22e607_amd64 as a component of OpenShift Service Mesh 1.0openshift-service-mesh/3scale-istio-adapter-rhel8@sha256:fcae2ea5da6d94016b2502f277b1a7fd3e29d0357fc727fcd61963026d22e607_amd64, *

Exploit Intelligence

Timeline

  • Aug 6, 2020 CVE Published
  • Apr 25, 2026 Distribution Patch
  • Apr 25, 2026 Distribution Patch
  • Apr 25, 2026 Security Advisory
  • Apr 25, 2026 Security Advisory
  • Apr 25, 2026 Security Advisory
  • May 15, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›