VDB
RHSA-2025%3A17232
RHSA-2025%3A17232
PUBLISHED
CVSS 8.199999809265137 HIGH
A flaw was found in the x/crypto/ssh go library. Applications and libraries that misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass. For example, an attacker may send public keys A and B and authenticate with A. PublicKeyCallback would be called only twice, first with A and then with B. A vulnerable application may then make authorization decisions based on key B, for which the attacker does not control the private key. The misuse of ServerConfig.PublicKeyCallback may cause an authorization bypass.
Risk Scores
CVSS 3.1
8.199999809265137
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | registry.redhat.io/openshift4/ose-cluster-kube-apiserver-rhel9-operator@sha256:b93a445bcbd2ae37ba4bf27acdddd2b897a8cdbd333dfba51aa874897fddaea8_amd64 as a component of Red Hat OpenShift Container Platform 4.17 | registry.redhat.io/openshift4/ose-cluster-kube-apiserver-rhel9-operator@sha256:b93a445bcbd2ae37ba4bf27acdddd2b897a8cdbd333dfba51aa874897fddaea8_amd64 |
| Red Hat | registry.redhat.io/openshift4/ose-gcp-pd-csi-driver-rhel9@sha256:301df75e8215dde0a657847b9d7fd2e4b9e898949d4abb3019601799f7627892_ppc64le as a component of Red Hat OpenShift Container Platform 4.17 | registry.redhat.io/openshift4/ose-gcp-pd-csi-driver-rhel9@sha256:301df75e8215dde0a657847b9d7fd2e4b9e898949d4abb3019601799f7627892_ppc64le |
| Red Hat | registry.redhat.io/openshift4/ose-openstack-cluster-api-controllers-rhel9@sha256:e76d2cd4645e778dd8b74b0458e231f47f63e71559af90878d4145eaf701e8b0_ppc64le as a component of Red Hat OpenShift Container Platform 4.17 | * |
| Red Hat | registry.redhat.io/openshift4/ose-azure-cluster-api-controllers-rhel9@sha256:3dc3c82bb9dfb516e428ec354c1dfb30b138e708c9cca7ce5da10640cfb17481_amd64 as a component of Red Hat OpenShift Container Platform 4.17 | * |
| Red Hat | registry.redhat.io/openshift4/ose-cluster-openshift-apiserver-rhel9-operator@sha256:ca2ea0d6f4b3c692248940d7c1313786110f8c3212f701f481c5c873c608a1b9_amd64 as a component of Red Hat OpenShift Container Platform 4.17 | * |
| Red Hat | registry.redhat.io/openshift4/ose-must-gather-rhel9@sha256:d793b96758ac05b6f5dcf70d40b5e016d85f307bacb8e6895103d9d5ee48e777_amd64 as a component of Red Hat OpenShift Container Platform 4.17 | * |
| Red Hat | registry.redhat.io/openshift4/ose-cluster-cloud-controller-manager-rhel9-operator@sha256:a3379b456e512a8cd0e1da29332a7b1b0ef3ba87dbfc4b4f303ea11987035cb1_arm64 as a component of Red Hat OpenShift Container Platform 4.17 | registry.redhat.io/openshift4/ose-cluster-cloud-controller-manager-rhel9-operator@sha256:a3379b456e512a8cd0e1da29332a7b1b0ef3ba87dbfc4b4f303ea11987035cb1_arm64 |
| Red Hat | registry.redhat.io/openshift4/ose-console-rhel9-operator@sha256:f5c412641e5b8ee666120657b08baa5d722fe369dfff78d4220c5f3221ef8654_s390x as a component of Red Hat OpenShift Container Platform 4.17 | registry.redhat.io/openshift4/ose-console-rhel9-operator@sha256:f5c412641e5b8ee666120657b08baa5d722fe369dfff78d4220c5f3221ef8654_s390x |
| Red Hat | registry.redhat.io/openshift4/ose-cluster-machine-approver-rhel9@sha256:9a975c62a97e1dd3856abdaaea0354faea76390e497f9459f78dfc4a93ff12c8_arm64 as a component of Red Hat OpenShift Container Platform 4.17 | registry.redhat.io/openshift4/ose-cluster-machine-approver-rhel9@sha256:9a975c62a97e1dd3856abdaaea0354faea76390e497f9459f78dfc4a93ff12c8_arm64 |
| Red Hat | registry.redhat.io/openshift4/ose-cluster-kube-apiserver-rhel9-operator@sha256:7ee29f43e7ae71db89512122a6b731d03d7cb84a41c0618d9b85eeaa70221ee4_s390x as a component of Red Hat OpenShift Container Platform 4.17 | registry.redhat.io/openshift4/ose-cluster-kube-apiserver-rhel9-operator@sha256:7ee29f43e7ae71db89512122a6b731d03d7cb84a41c0618d9b85eeaa70221ee4_s390x |
| Red Hat | registry.redhat.io/openshift4/ose-ibm-vpc-block-csi-driver-rhel9-operator@sha256:4a873de74c706de4b40acd9a3508c6a5b28915e0193f104ff5d1b7b37cdbaaba_amd64 as a component of Red Hat OpenShift Container Platform 4.17 | registry.redhat.io/openshift4/ose-ibm-vpc-block-csi-driver-rhel9-operator@sha256:4a873de74c706de4b40acd9a3508c6a5b28915e0193f104ff5d1b7b37cdbaaba_amd64 |
| Red Hat | registry.redhat.io/openshift4/ose-machine-api-rhel9-operator@sha256:9b912b261041b6f1a55502a7b4ebeafda7159aa500ff89fca96865a11dfd2834_amd64 as a component of Red Hat OpenShift Container Platform 4.17 | registry.redhat.io/openshift4/ose-machine-api-rhel9-operator@sha256:9b912b261041b6f1a55502a7b4ebeafda7159aa500ff89fca96865a11dfd2834_amd64 |
| Red Hat | registry.redhat.io/openshift4/ose-cluster-monitoring-rhel9-operator@sha256:d37c2352adb22f01cf9656408b301191d59e72548966e6fffd4f888c0ff4720d_ppc64le as a component of Red Hat OpenShift Container Platform 4.17 | registry.redhat.io/openshift4/ose-cluster-monitoring-rhel9-operator@sha256:d37c2352adb22f01cf9656408b301191d59e72548966e6fffd4f888c0ff4720d_ppc64le |
| Red Hat | registry.redhat.io/openshift4/ose-docker-builder-rhel9@sha256:1c993a6bfefeeac3947f3642a8e5bbbec826c49493825a868294cdbcd7219bf6_ppc64le as a component of Red Hat OpenShift Container Platform 4.17 | * |
| Red Hat | registry.redhat.io/openshift4/driver-toolkit-rhel9@sha256:0757aa5056c65c552e3736bc3fa360701fdd5563887091ef560ca3cbdaa03242_s390x as a component of Red Hat OpenShift Container Platform 4.17 | registry.redhat.io/openshift4/driver-toolkit-rhel9@sha256:0757aa5056c65c552e3736bc3fa360701fdd5563887091ef560ca3cbdaa03242_s390x |
| Red Hat | registry.redhat.io/openshift4/ose-csi-driver-shared-resource-webhook-rhel9@sha256:aa97845f471557eeb26412dd3e8323c2e2d346ffbb28030b8d4a833b8e4ba6c4_ppc64le as a component of Red Hat OpenShift Container Platform 4.17 | registry.redhat.io/openshift4/ose-csi-driver-shared-resource-webhook-rhel9@sha256:aa97845f471557eeb26412dd3e8323c2e2d346ffbb28030b8d4a833b8e4ba6c4_ppc64le |
| Red Hat | registry.redhat.io/openshift4/ose-prometheus-rhel9@sha256:864f7b2f6481b29782ddc27a6ede3d3c027df24a16eb1cae85580c94987a185a_s390x as a component of Red Hat OpenShift Container Platform 4.17 | registry.redhat.io/openshift4/ose-prometheus-rhel9@sha256:864f7b2f6481b29782ddc27a6ede3d3c027df24a16eb1cae85580c94987a185a_s390x |
| Red Hat | registry.redhat.io/openshift4/ose-kube-storage-version-migrator-rhel9@sha256:7d6a5be67817e3ef111a9c681e26897d22ade0744cc4ff2d1d17118ba2fd32e6_arm64 as a component of Red Hat OpenShift Container Platform 4.17 | registry.redhat.io/openshift4/ose-kube-storage-version-migrator-rhel9@sha256:7d6a5be67817e3ef111a9c681e26897d22ade0744cc4ff2d1d17118ba2fd32e6_arm64 |
| Red Hat | registry.redhat.io/openshift4/ose-baremetal-cluster-api-controllers-rhel9@sha256:56e49b27b72f6e307fc576a9528843f40feb069c1ff617309cffc3a2f861bcfb_amd64 as a component of Red Hat OpenShift Container Platform 4.17 | registry.redhat.io/openshift4/ose-baremetal-cluster-api-controllers-rhel9@sha256:56e49b27b72f6e307fc576a9528843f40feb069c1ff617309cffc3a2f861bcfb_amd64 |
| Red Hat | registry.redhat.io/openshift4/ose-cluster-baremetal-operator-rhel9@sha256:a23831561d1830e8c88eea51612c332c0888fbf34e613b8b2e19e086875f1f7a_ppc64le as a component of Red Hat OpenShift Container Platform 4.17 | registry.redhat.io/openshift4/ose-cluster-baremetal-operator-rhel9@sha256:a23831561d1830e8c88eea51612c332c0888fbf34e613b8b2e19e086875f1f7a_ppc64le |
…and 1296 more
Timeline
- Oct 8, 2025 CVE Published
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 30, 2026 CVE Updated
References
- https://access.redhat.com/errata/RHSA-2025:17232 advisory
- https://access.redhat.com/security/cve/CVE-2024-45337 advisory
- https://access.redhat.com/security/updates/classification/ advisory
- https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_17232.json advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2331720 issue
- https://www.cve.org/CVERecord?id=CVE-2024-45337 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2024-45337 advisory
- https://github.com/golang/crypto/commit/b4f1988a35dee11ec3e05d6bf3e90b695fbd8909 advisory
- https://go.dev/cl/635315 advisory
- https://go.dev/issue/70779 advisory
- https://groups.google.com/g/golang-announce/c/-nPEi39gI4Q/m/cGVPJCqdAQAJ advisory
- https://pkg.go.dev/vuln/GO-2024-3321 advisory