Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:deb/debian/golang-go.crypto@1:0.0~git20201221.eec23a3-1

Type deb

Namespace debian

Name golang-go.crypto

Version 1:0.0~git20201221.eec23a3-1

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 1:0.25.0-1~bpo12+1

Latest_non_vulnerable_version 1:0.43.0-2

Affected_by_vulnerabilities

url VCID-1n1h-e2p4-9yhs

vulnerability_id VCID-1n1h-e2p4-9yhs

summary

golang.org/x/crypto/ssh Denial of service via crafted Signer
The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to crash a server in certain circumstances involving AddHostKey.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27191.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27191.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-27191

reference_id

reference_type

scores

value	0.00089
scoring_system	epss
scoring_elements	0.25276
published_at	2026-04-18T12:55:00Z

value	0.00089
scoring_system	epss
scoring_elements	0.25443
published_at	2026-04-02T12:55:00Z

value	0.00089
scoring_system	epss
scoring_elements	0.25318
published_at	2026-04-08T12:55:00Z

value	0.00089
scoring_system	epss
scoring_elements	0.2525
published_at	2026-04-07T12:55:00Z

value	0.00089
scoring_system	epss
scoring_elements	0.25479
published_at	2026-04-04T12:55:00Z

value	0.00089
scoring_system	epss
scoring_elements	0.25286
published_at	2026-04-16T12:55:00Z

value	0.00089
scoring_system	epss
scoring_elements	0.2528
published_at	2026-04-13T12:55:00Z

value	0.00089
scoring_system	epss
scoring_elements	0.25333
published_at	2026-04-12T12:55:00Z

value	0.00089
scoring_system	epss
scoring_elements	0.25374
published_at	2026-04-11T12:55:00Z

value	0.00089
scoring_system	epss
scoring_elements	0.25363
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-27191

reference_url

https://cs.opensource.google/go/x/crypto

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://cs.opensource.google/go/x/crypto

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27191
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27191

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://go.dev/cl/392355

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://go.dev/cl/392355

reference_url

https://go.googlesource.com/crypto/+/1baeb1ce4c0b006eff0f294c47cb7617598dfb3d

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://go.googlesource.com/crypto/+/1baeb1ce4c0b006eff0f294c47cb7617598dfb3d

reference_url

https://groups.google.com/g/golang-announce

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/g/golang-announce

reference_url

https://groups.google.com/g/golang-announce/c/-cp44ypCT5s

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/g/golang-announce/c/-cp44ypCT5s

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DLUJZV3HBP56ADXU6QH2V7RNYUPMVBXQ

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DLUJZV3HBP56ADXU6QH2V7RNYUPMVBXQ

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EZ3S7LB65N54HXXBCB67P4TTOHTNPP5O

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EZ3S7LB65N54HXXBCB67P4TTOHTNPP5O

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HHGBEGJ54DZZGTXFUQNS7ZIG3E624YAF

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HHGBEGJ54DZZGTXFUQNS7ZIG3E624YAF

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J5WPM42UR6XIBQNQPNQHM32X7S4LJTRX

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J5WPM42UR6XIBQNQPNQHM32X7S4LJTRX

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QTFOIDHQRGNI4P6LYN6ILH5G443RYYKB

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QTFOIDHQRGNI4P6LYN6ILH5G443RYYKB

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YHYRQB7TRMHDB3NEHW5XBRG7PPMUTPGV

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YHYRQB7TRMHDB3NEHW5XBRG7PPMUTPGV

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZFUNHFHQVJSADNH7EZ3B53CYDZVEEPBP

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZFUNHFHQVJSADNH7EZ3B53CYDZVEEPBP

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQNPPQWSTP2IX7SHE6TS4SP4EVMI5EZK

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQNPPQWSTP2IX7SHE6TS4SP4EVMI5EZK

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-27191

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-27191

reference_url

https://pkg.go.dev/vuln/GO-2021-0356

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://pkg.go.dev/vuln/GO-2021-0356

reference_url

https://raw.githubusercontent.com/golang/vulndb/df2d3d326300e2ae768f00351ffa96cc2c56cf54/reports/GO-2021-0356.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://raw.githubusercontent.com/golang/vulndb/df2d3d326300e2ae768f00351ffa96cc2c56cf54/reports/GO-2021-0356.yaml

reference_url

https://security.netapp.com/advisory/ntap-20220429-0002

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20220429-0002

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2064702
reference_id	2064702
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2064702

reference_url	https://access.redhat.com/errata/RHSA-2022:5068
reference_id	RHSA-2022:5068
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:5068

reference_url	https://access.redhat.com/errata/RHSA-2022:5069
reference_id	RHSA-2022:5069
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:5069

reference_url	https://access.redhat.com/errata/RHSA-2022:6527
reference_id	RHSA-2022:6527
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6527

reference_url	https://access.redhat.com/errata/RHSA-2022:7401
reference_id	RHSA-2022:7401
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7401

reference_url	https://access.redhat.com/errata/RHSA-2022:7457
reference_id	RHSA-2022:7457
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7457

reference_url	https://access.redhat.com/errata/RHSA-2022:7469
reference_id	RHSA-2022:7469
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7469

reference_url	https://access.redhat.com/errata/RHSA-2022:7954
reference_id	RHSA-2022:7954
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7954

reference_url	https://access.redhat.com/errata/RHSA-2022:8634
reference_id	RHSA-2022:8634
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8634

reference_url	https://access.redhat.com/errata/RHSA-2022:8893
reference_id	RHSA-2022:8893
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8893

reference_url	https://access.redhat.com/errata/RHSA-2022:8932
reference_id	RHSA-2022:8932
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8932

reference_url	https://access.redhat.com/errata/RHSA-2022:8938
reference_id	RHSA-2022:8938
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8938

reference_url	https://access.redhat.com/errata/RHSA-2022:9096
reference_id	RHSA-2022:9096
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:9096

reference_url	https://access.redhat.com/errata/RHSA-2022:9107
reference_id	RHSA-2022:9107
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:9107

reference_url	https://access.redhat.com/errata/RHSA-2023:1325
reference_id	RHSA-2023:1325
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1325

reference_url	https://access.redhat.com/errata/RHSA-2023:1326
reference_id	RHSA-2023:1326
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1326

reference_url	https://access.redhat.com/errata/RHSA-2023:3366
reference_id	RHSA-2023:3366
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3366

reference_url	https://access.redhat.com/errata/RHSA-2023:3943
reference_id	RHSA-2023:3943
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3943

reference_url	https://access.redhat.com/errata/RHSA-2023:4488
reference_id	RHSA-2023:4488
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4488

fixed_packages

url pkg:deb/debian/golang-go.crypto@1:0.4.0-1

purl pkg:deb/debian/golang-go.crypto@1:0.4.0-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-cmts-6kz4-zkh8

vulnerability	VCID-hu5a-ewvg-6ya7

vulnerability	VCID-jwxs-gteb-kfg5

vulnerability	VCID-jzn6-bzzf-nugp

vulnerability	VCID-mn45-w3s3-syej

vulnerability	VCID-sty6-gwh1-hbcy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.4.0-1

aliases CVE-2022-27191, GHSA-8c26-wmh5-6g9v

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1n1h-e2p4-9yhs

url VCID-cmts-6kz4-zkh8

vulnerability_id VCID-cmts-6kz4-zkh8

summary

golang.org/x/crypto Vulnerable to Denial of Service (DoS) via Slow or Incomplete Key Exchange
SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-22869.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-22869.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-22869

reference_id

reference_type

scores

value	0.00215
scoring_system	epss
scoring_elements	0.44034
published_at	2026-04-04T12:55:00Z

value	0.00215
scoring_system	epss
scoring_elements	0.44011
published_at	2026-04-02T12:55:00Z

value	0.00523
scoring_system	epss
scoring_elements	0.66945
published_at	2026-04-11T12:55:00Z

value	0.00573
scoring_system	epss
scoring_elements	0.68686
published_at	2026-04-08T12:55:00Z

value	0.00573
scoring_system	epss
scoring_elements	0.68704
published_at	2026-04-09T12:55:00Z

value	0.00573
scoring_system	epss
scoring_elements	0.68635
published_at	2026-04-07T12:55:00Z

value	0.00591
scoring_system	epss
scoring_elements	0.69246
published_at	2026-04-16T12:55:00Z

value	0.00591
scoring_system	epss
scoring_elements	0.69254
published_at	2026-04-18T12:55:00Z

value	0.00607
scoring_system	epss
scoring_elements	0.6969
published_at	2026-04-12T12:55:00Z

value	0.00607
scoring_system	epss
scoring_elements	0.69677
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-22869

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22869
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22869

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/golang/crypto

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/golang/crypto

reference_url

https://github.com/golang/crypto/commit/7292932d45d55c7199324ab0027cc86e8198aa22

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/golang/crypto/commit/7292932d45d55c7199324ab0027cc86e8198aa22

reference_url

https://go.dev/cl/652135

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-26T14:57:07Z/

url

https://go.dev/cl/652135

reference_url

https://go.dev/issue/71931

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-26T14:57:07Z/

url

https://go.dev/issue/71931

reference_url

https://go-review.googlesource.com/c/crypto/+/652135

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://go-review.googlesource.com/c/crypto/+/652135

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-22869

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-22869

reference_url

https://pkg.go.dev/vuln/GO-2025-3487

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-26T14:57:07Z/

url

https://pkg.go.dev/vuln/GO-2025-3487

reference_url

https://security.netapp.com/advisory/ntap-20250411-0010

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20250411-0010

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098968
reference_id	1098968
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098968

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2348367
reference_id	2348367
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2348367

reference_url	https://access.redhat.com/errata/RHSA-2024:11037
reference_id	RHSA-2024:11037
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:11037

reference_url	https://access.redhat.com/errata/RHSA-2024:11038
reference_id	RHSA-2024:11038
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:11038

reference_url	https://access.redhat.com/errata/RHSA-2025:11396
reference_id	RHSA-2025:11396
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:11396

reference_url	https://access.redhat.com/errata/RHSA-2025:13848
reference_id	RHSA-2025:13848
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:13848

reference_url	https://access.redhat.com/errata/RHSA-2025:14048
reference_id	RHSA-2025:14048
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:14048

reference_url	https://access.redhat.com/errata/RHSA-2025:14060
reference_id	RHSA-2025:14060
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:14060

reference_url	https://access.redhat.com/errata/RHSA-2025:14820
reference_id	RHSA-2025:14820
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:14820

reference_url	https://access.redhat.com/errata/RHSA-2025:14859
reference_id	RHSA-2025:14859
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:14859

reference_url	https://access.redhat.com/errata/RHSA-2025:16160
reference_id	RHSA-2025:16160
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:16160

reference_url	https://access.redhat.com/errata/RHSA-2025:16165
reference_id	RHSA-2025:16165
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:16165

reference_url	https://access.redhat.com/errata/RHSA-2025:21704
reference_id	RHSA-2025:21704
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:21704

reference_url	https://access.redhat.com/errata/RHSA-2025:23078
reference_id	RHSA-2025:23078
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:23078

reference_url	https://access.redhat.com/errata/RHSA-2025:23079
reference_id	RHSA-2025:23079
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:23079

reference_url	https://access.redhat.com/errata/RHSA-2025:23080
reference_id	RHSA-2025:23080
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:23080

reference_url	https://access.redhat.com/errata/RHSA-2025:23202
reference_id	RHSA-2025:23202
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:23202

reference_url	https://access.redhat.com/errata/RHSA-2025:23204
reference_id	RHSA-2025:23204
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:23204

reference_url	https://access.redhat.com/errata/RHSA-2025:23205
reference_id	RHSA-2025:23205
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:23205

reference_url	https://access.redhat.com/errata/RHSA-2025:23209
reference_id	RHSA-2025:23209
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:23209

reference_url	https://access.redhat.com/errata/RHSA-2025:23449
reference_id	RHSA-2025:23449
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:23449

reference_url	https://access.redhat.com/errata/RHSA-2025:3051
reference_id	RHSA-2025:3051
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:3051

reference_url	https://access.redhat.com/errata/RHSA-2025:3052
reference_id	RHSA-2025:3052
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:3052

reference_url	https://access.redhat.com/errata/RHSA-2025:3053
reference_id	RHSA-2025:3053
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:3053

reference_url	https://access.redhat.com/errata/RHSA-2025:3165
reference_id	RHSA-2025:3165
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:3165

reference_url	https://access.redhat.com/errata/RHSA-2025:3172
reference_id	RHSA-2025:3172
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:3172

reference_url	https://access.redhat.com/errata/RHSA-2025:3175
reference_id	RHSA-2025:3175
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:3175

reference_url	https://access.redhat.com/errata/RHSA-2025:3184
reference_id	RHSA-2025:3184
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:3184

reference_url	https://access.redhat.com/errata/RHSA-2025:3185
reference_id	RHSA-2025:3185
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:3185

reference_url	https://access.redhat.com/errata/RHSA-2025:3186
reference_id	RHSA-2025:3186
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:3186

reference_url	https://access.redhat.com/errata/RHSA-2025:3210
reference_id	RHSA-2025:3210
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:3210

reference_url	https://access.redhat.com/errata/RHSA-2025:3266
reference_id	RHSA-2025:3266
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:3266

reference_url	https://access.redhat.com/errata/RHSA-2025:3268
reference_id	RHSA-2025:3268
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:3268

reference_url	https://access.redhat.com/errata/RHSA-2025:3336
reference_id	RHSA-2025:3336
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:3336

reference_url	https://access.redhat.com/errata/RHSA-2025:3437
reference_id	RHSA-2025:3437
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:3437

reference_url	https://access.redhat.com/errata/RHSA-2025:3438
reference_id	RHSA-2025:3438
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:3438

reference_url	https://access.redhat.com/errata/RHSA-2025:3439
reference_id	RHSA-2025:3439
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:3439

reference_url	https://access.redhat.com/errata/RHSA-2025:3498
reference_id	RHSA-2025:3498
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:3498

reference_url	https://access.redhat.com/errata/RHSA-2025:3685
reference_id	RHSA-2025:3685
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:3685

reference_url	https://access.redhat.com/errata/RHSA-2025:3763
reference_id	RHSA-2025:3763
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:3763

reference_url	https://access.redhat.com/errata/RHSA-2025:3813
reference_id	RHSA-2025:3813
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:3813

reference_url	https://access.redhat.com/errata/RHSA-2025:3814
reference_id	RHSA-2025:3814
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:3814

reference_url	https://access.redhat.com/errata/RHSA-2025:3820
reference_id	RHSA-2025:3820
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:3820

reference_url	https://access.redhat.com/errata/RHSA-2025:3833
reference_id	RHSA-2025:3833
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:3833

reference_url	https://access.redhat.com/errata/RHSA-2025:3863
reference_id	RHSA-2025:3863
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:3863

reference_url	https://access.redhat.com/errata/RHSA-2025:3932
reference_id	RHSA-2025:3932
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:3932

reference_url	https://access.redhat.com/errata/RHSA-2025:3959
reference_id	RHSA-2025:3959
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:3959

reference_url	https://access.redhat.com/errata/RHSA-2025:4002
reference_id	RHSA-2025:4002
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:4002

reference_url	https://access.redhat.com/errata/RHSA-2025:4012
reference_id	RHSA-2025:4012
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:4012

reference_url	https://access.redhat.com/errata/RHSA-2025:4171
reference_id	RHSA-2025:4171
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:4171

reference_url	https://access.redhat.com/errata/RHSA-2025:4188
reference_id	RHSA-2025:4188
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:4188

reference_url	https://access.redhat.com/errata/RHSA-2025:4502
reference_id	RHSA-2025:4502
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:4502

reference_url	https://access.redhat.com/errata/RHSA-2025:4666
reference_id	RHSA-2025:4666
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:4666

reference_url	https://access.redhat.com/errata/RHSA-2025:4731
reference_id	RHSA-2025:4731
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:4731

reference_url	https://access.redhat.com/errata/RHSA-2025:7391
reference_id	RHSA-2025:7391
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7391

reference_url	https://access.redhat.com/errata/RHSA-2025:7416
reference_id	RHSA-2025:7416
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7416

reference_url	https://access.redhat.com/errata/RHSA-2025:7462
reference_id	RHSA-2025:7462
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7462

reference_url	https://access.redhat.com/errata/RHSA-2025:7484
reference_id	RHSA-2025:7484
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7484

reference_url	https://access.redhat.com/errata/RHSA-2025:7698
reference_id	RHSA-2025:7698
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7698

reference_url	https://access.redhat.com/errata/RHSA-2025:7702
reference_id	RHSA-2025:7702
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7702

reference_url	https://access.redhat.com/errata/RHSA-2025:8224
reference_id	RHSA-2025:8224
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:8224

reference_url	https://access.redhat.com/errata/RHSA-2025:8244
reference_id	RHSA-2025:8244
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:8244

reference_url	https://access.redhat.com/errata/RHSA-2025:8704
reference_id	RHSA-2025:8704
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:8704

reference_url	https://access.redhat.com/errata/RHSA-2025:9136
reference_id	RHSA-2025:9136
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:9136

reference_url	https://access.redhat.com/errata/RHSA-2025:9562
reference_id	RHSA-2025:9562
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:9562

reference_url	https://access.redhat.com/errata/RHSA-2026:3461
reference_id	RHSA-2026:3461
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:3461

reference_url	https://access.redhat.com/errata/RHSA-2026:3462
reference_id	RHSA-2026:3462
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:3462

reference_url	https://access.redhat.com/errata/RHSA-2026:3718
reference_id	RHSA-2026:3718
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:3718

fixed_packages

url	pkg:deb/debian/golang-go.crypto@1:0.25.0-1~bpo12%2B1
purl	pkg:deb/debian/golang-go.crypto@1:0.25.0-1~bpo12%2B1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.25.0-1~bpo12%252B1

url	pkg:deb/debian/golang-go.crypto@1:0.43.0-2
purl	pkg:deb/debian/golang-go.crypto@1:0.43.0-2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.43.0-2

aliases CVE-2025-22869, GHSA-hcg3-q754-cr77

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cmts-6kz4-zkh8

url VCID-et4d-ak3r-1bfa

vulnerability_id VCID-et4d-ak3r-1bfa

summary httpTokenCacheKey uses path.Base to extract the expected HTTP-01 token value to lookup in the DirCache implementation. On Windows, path.Base acts differently to filepath.Base, since Windows uses a different path separator (\ vs. /), allowing a user to provide a relative path, i.e. .well-known/acme-challenge/..\..\asd becomes ..\..\asd. The extracted path is then suffixed with +http-01, joined with the cache directory, and opened. Since the controlled path is suffixed with +http-01 before opening, the impact of this is significantly limited, since it only allows reading arbitrary files on the system if and only if they have this suffix.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-30636

reference_id

reference_type

scores

value	0.00189
scoring_system	epss
scoring_elements	0.40769
published_at	2026-04-18T12:55:00Z

value	0.00189
scoring_system	epss
scoring_elements	0.4079
published_at	2026-04-09T12:55:00Z

value	0.00189
scoring_system	epss
scoring_elements	0.40808
published_at	2026-04-11T12:55:00Z

value	0.00189
scoring_system	epss
scoring_elements	0.40774
published_at	2026-04-12T12:55:00Z

value	0.00189
scoring_system	epss
scoring_elements	0.40755
published_at	2026-04-13T12:55:00Z

value	0.00189
scoring_system	epss
scoring_elements	0.40799
published_at	2026-04-16T12:55:00Z

value	0.00189
scoring_system	epss
scoring_elements	0.40781
published_at	2026-04-02T12:55:00Z

value	0.00189
scoring_system	epss
scoring_elements	0.40809
published_at	2026-04-04T12:55:00Z

value	0.00189
scoring_system	epss
scoring_elements	0.40734
published_at	2026-04-07T12:55:00Z

value	0.00189
scoring_system	epss
scoring_elements	0.40784
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-30636

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30636
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30636

reference_url

https://go.dev/cl/408694

reference_id

408694

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-03T13:57:10Z/

url

https://go.dev/cl/408694

reference_url

https://go.dev/issue/53082

reference_id

53082

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-03T13:57:10Z/

url

https://go.dev/issue/53082

reference_url

https://pkg.go.dev/vuln/GO-2024-2961

reference_id

GO-2024-2961

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-03T13:57:10Z/

url

https://pkg.go.dev/vuln/GO-2024-2961

fixed_packages

url pkg:deb/debian/golang-go.crypto@1:0.4.0-1

purl pkg:deb/debian/golang-go.crypto@1:0.4.0-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-cmts-6kz4-zkh8

vulnerability	VCID-hu5a-ewvg-6ya7

vulnerability	VCID-jwxs-gteb-kfg5

vulnerability	VCID-jzn6-bzzf-nugp

vulnerability	VCID-mn45-w3s3-syej

vulnerability	VCID-sty6-gwh1-hbcy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.4.0-1

aliases CVE-2022-30636

risk_score 3.0

exploitability 0.5

weighted_severity 6.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-et4d-ak3r-1bfa

url VCID-hu5a-ewvg-6ya7

vulnerability_id VCID-hu5a-ewvg-6ya7

summary

golang.org/x/crypto/ssh/agent vulnerable to panic if message is malformed due to out of bounds read
SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-47914.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-47914.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-47914

reference_id

reference_type

scores

value	0.00011
scoring_system	epss
scoring_elements	0.0127
published_at	2026-04-18T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05618
published_at	2026-04-02T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05659
published_at	2026-04-04T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05652
published_at	2026-04-07T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05689
published_at	2026-04-08T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05716
published_at	2026-04-09T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05695
published_at	2026-04-11T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05688
published_at	2026-04-12T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05682
published_at	2026-04-13T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05637
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-47914

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47914
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47914

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://go.dev/cl/721960

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-19T20:50:27Z/

url

https://go.dev/cl/721960

reference_url

https://go.dev/issue/76364

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-19T20:50:27Z/

url

https://go.dev/issue/76364

reference_url

https://go.googlesource.com/crypto

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://go.googlesource.com/crypto

reference_url

https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-19T20:50:27Z/

url

https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-47914

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-47914

reference_url

https://pkg.go.dev/vuln/GO-2025-4135

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-19T20:50:27Z/

url

https://pkg.go.dev/vuln/GO-2025-4135

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121091
reference_id	1121091
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121091

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2416000
reference_id	2416000
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2416000

reference_url	https://access.redhat.com/errata/RHSA-2026:6503
reference_id	RHSA-2026:6503
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:6503

fixed_packages

url	pkg:deb/debian/golang-go.crypto@1:0.25.0-1~bpo12%2B1
purl	pkg:deb/debian/golang-go.crypto@1:0.25.0-1~bpo12%2B1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.25.0-1~bpo12%252B1

url	pkg:deb/debian/golang-go.crypto@1:0.43.0-2
purl	pkg:deb/debian/golang-go.crypto@1:0.43.0-2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.43.0-2

aliases CVE-2025-47914, GHSA-f6x5-jh6r-wrfv

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hu5a-ewvg-6ya7

url VCID-jwxs-gteb-kfg5

vulnerability_id VCID-jwxs-gteb-kfg5

summary

golang.org/x/crypto/ssh allows an attacker to cause unbounded memory consumption
SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-58181.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-58181.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-58181

reference_id

reference_type

scores

value	0.00038
scoring_system	epss
scoring_elements	0.11149
published_at	2026-04-18T12:55:00Z

value	0.00087
scoring_system	epss
scoring_elements	0.25009
published_at	2026-04-13T12:55:00Z

value	0.00087
scoring_system	epss
scoring_elements	0.25205
published_at	2026-04-04T12:55:00Z

value	0.00087
scoring_system	epss
scoring_elements	0.25018
published_at	2026-04-16T12:55:00Z

value	0.00087
scoring_system	epss
scoring_elements	0.25063
published_at	2026-04-12T12:55:00Z

value	0.00087
scoring_system	epss
scoring_elements	0.25103
published_at	2026-04-11T12:55:00Z

value	0.00087
scoring_system	epss
scoring_elements	0.25163
published_at	2026-04-02T12:55:00Z

value	0.00087
scoring_system	epss
scoring_elements	0.25089
published_at	2026-04-09T12:55:00Z

value	0.00087
scoring_system	epss
scoring_elements	0.25044
published_at	2026-04-08T12:55:00Z

value	0.00087
scoring_system	epss
scoring_elements	0.24975
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-58181

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58181
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58181

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://go.dev/cl/721961

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-19T20:49:06Z/

url

https://go.dev/cl/721961

reference_url

https://go.dev/issue/76363

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-19T20:49:06Z/

url

https://go.dev/issue/76363

reference_url

https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-19T20:49:06Z/

url

https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-58181

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-58181

reference_url

https://pkg.go.dev/vuln/GO-2025-4134

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-19T20:49:06Z/

url

https://pkg.go.dev/vuln/GO-2025-4134

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121092
reference_id	1121092
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121092

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2415997
reference_id	2415997
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2415997

reference_url	https://access.redhat.com/errata/RHSA-2026:6503
reference_id	RHSA-2026:6503
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:6503

reference_url	https://usn.ubuntu.com/7956-1/
reference_id	USN-7956-1
reference_type
scores
url	https://usn.ubuntu.com/7956-1/

fixed_packages

url	pkg:deb/debian/golang-go.crypto@1:0.25.0-1~bpo12%2B1
purl	pkg:deb/debian/golang-go.crypto@1:0.25.0-1~bpo12%2B1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.25.0-1~bpo12%252B1

url	pkg:deb/debian/golang-go.crypto@1:0.43.0-2
purl	pkg:deb/debian/golang-go.crypto@1:0.43.0-2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.43.0-2

aliases CVE-2025-58181, GHSA-j5w8-q4qc-rx2x

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jwxs-gteb-kfg5

url VCID-jzn6-bzzf-nugp

vulnerability_id VCID-jzn6-bzzf-nugp

summary

Improper Validation of Integrity Check Value
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.

references

reference_url

http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-48795.json

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-48795.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-48795

reference_id

reference_type

scores

value	0.5673
scoring_system	epss
scoring_elements	0.98128
published_at	2026-04-12T12:55:00Z

value	0.5673
scoring_system	epss
scoring_elements	0.98136
published_at	2026-04-18T12:55:00Z

value	0.5673
scoring_system	epss
scoring_elements	0.98134
published_at	2026-04-16T12:55:00Z

value	0.5673
scoring_system	epss
scoring_elements	0.98129
published_at	2026-04-13T12:55:00Z

value	0.5673
scoring_system	epss
scoring_elements	0.98114
published_at	2026-04-02T12:55:00Z

value	0.5673
scoring_system	epss
scoring_elements	0.98118
published_at	2026-04-04T12:55:00Z

value	0.5673
scoring_system	epss
scoring_elements	0.98119
published_at	2026-04-07T12:55:00Z

value	0.5673
scoring_system	epss
scoring_elements	0.98123
published_at	2026-04-08T12:55:00Z

value	0.5673
scoring_system	epss
scoring_elements	0.98124
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-48795

reference_url

https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack

reference_url

https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/

reference_url

https://bugs.gentoo.org/920280

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://bugs.gentoo.org/920280

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=2254210

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://bugzilla.redhat.com/show_bug.cgi?id=2254210

reference_url

https://bugzilla.suse.com/show_bug.cgi?id=1217950

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://bugzilla.suse.com/show_bug.cgi?id=1217950

reference_url

https://crates.io/crates/thrussh/versions

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://crates.io/crates/thrussh/versions

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-51385
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-51385

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6004
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6004

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6918
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6918

reference_url

http://seclists.org/fulldisclosure/2024/Mar/21

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

http://seclists.org/fulldisclosure/2024/Mar/21

reference_url

https://filezilla-project.org/versions.php

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://filezilla-project.org/versions.php

reference_url

https://forum.netgate.com/topic/184941/terrapin-ssh-attack

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://forum.netgate.com/topic/184941/terrapin-ssh-attack

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/apache/mina-sshd/issues/445

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://github.com/apache/mina-sshd/issues/445

reference_url

https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab

reference_url

https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22

reference_url

https://github.com/cyd01/KiTTY/issues/520

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://github.com/cyd01/KiTTY/issues/520

reference_url

https://github.com/drakkan/sftpgo/releases/tag/v2.5.6

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://github.com/drakkan/sftpgo/releases/tag/v2.5.6

reference_url

https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42

reference_url

https://github.com/erlang/otp/releases/tag/OTP-26.2.1

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://github.com/erlang/otp/releases/tag/OTP-26.2.1

reference_url

https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d

reference_url

https://github.com/hierynomus/sshj/issues/916

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://github.com/hierynomus/sshj/issues/916

reference_url

https://github.com/janmojzis/tinyssh/issues/81

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://github.com/janmojzis/tinyssh/issues/81

reference_url

https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5

reference_url

https://github.com/libssh2/libssh2/pull/1291

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://github.com/libssh2/libssh2/pull/1291

reference_url

https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25

reference_url

https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3

reference_url

https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15

reference_url

https://github.com/mwiede/jsch/issues/457

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://github.com/mwiede/jsch/issues/457

reference_url

https://github.com/mwiede/jsch/pull/461

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://github.com/mwiede/jsch/pull/461

reference_url

https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16

reference_url

https://github.com/NixOS/nixpkgs/pull/275249

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://github.com/NixOS/nixpkgs/pull/275249

reference_url

https://github.com/openssh/openssh-portable/commits/master

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://github.com/openssh/openssh-portable/commits/master

reference_url

https://github.com/paramiko/paramiko/issues/2337

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://github.com/paramiko/paramiko/issues/2337

reference_url

https://github.com/paramiko/paramiko/issues/2337#issuecomment-1887642773

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/paramiko/paramiko/issues/2337#issuecomment-1887642773

reference_url

https://github.com/PowerShell/Win32-OpenSSH/issues/2189

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://github.com/PowerShell/Win32-OpenSSH/issues/2189

reference_url

https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta

reference_url

https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES

reference_url

https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES

reference_url

https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES

reference_url

https://github.com/proftpd/proftpd/issues/456

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://github.com/proftpd/proftpd/issues/456

reference_url

https://github.com/rapier1/hpn-ssh/releases

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://github.com/rapier1/hpn-ssh/releases

reference_url

https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst

reference_url

https://github.com/ronf/asyncssh/tags

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://github.com/ronf/asyncssh/tags

reference_url

https://github.com/ssh-mitm/ssh-mitm/issues/165

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://github.com/ssh-mitm/ssh-mitm/issues/165

reference_url

https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0

reference_url

https://github.com/TeraTermProject/teraterm/releases/tag/v5.1

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://github.com/TeraTermProject/teraterm/releases/tag/v5.1

reference_url

https://github.com/warp-tech/russh

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/warp-tech/russh

reference_url

https://github.com/warp-tech/russh/commit/1aa340a7df1d5be1c0f4a9e247aade76dfdd2951

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/warp-tech/russh/commit/1aa340a7df1d5be1c0f4a9e247aade76dfdd2951

reference_url

https://github.com/warp-tech/russh/releases/tag/v0.40.2

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://github.com/warp-tech/russh/releases/tag/v0.40.2

reference_url

https://gitlab.com/libssh/libssh-mirror/-/tags

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://gitlab.com/libssh/libssh-mirror/-/tags

reference_url

https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6

reference_url

https://go.dev/cl/550715

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://go.dev/cl/550715

reference_url

https://go.dev/issue/64784

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://go.dev/issue/64784

reference_url

https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ

reference_url

https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg

reference_url

https://help.panic.com/releasenotes/transmit5

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://help.panic.com/releasenotes/transmit5

reference_url

https://help.panic.com/releasenotes/transmit5/

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://help.panic.com/releasenotes/transmit5/

reference_url

https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795

reference_url

https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/

reference_url

https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html

reference_url

https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html

reference_url

https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html

reference_url

https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html

reference_url

https://lists.debian.org/debian-lts-announce/2024/09/msg00042.html

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2024/09/msg00042.html

reference_url

https://lists.debian.org/debian-lts-announce/2024/11/msg00032.html

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2024/11/msg00032.html

reference_url

https://lists.debian.org/debian-lts-announce/2025/04/msg00028.html

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2025/04/msg00028.html

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3

100

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC

101

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP

102

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG

103

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7

104

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM

105

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB

106

reference_url

https://matt.ucc.asn.au/dropbear/CHANGES

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://matt.ucc.asn.au/dropbear/CHANGES

107

reference_url

https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC

108

reference_url

https://news.ycombinator.com/item?id=38684904

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://news.ycombinator.com/item?id=38684904

109

reference_url

https://news.ycombinator.com/item?id=38685286

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://news.ycombinator.com/item?id=38685286

110

reference_url

https://news.ycombinator.com/item?id=38732005

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://news.ycombinator.com/item?id=38732005

111

reference_url

https://nova.app/releases/#v11.8

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://nova.app/releases/#v11.8

112

reference_url

https://oryx-embedded.com/download/#changelog

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://oryx-embedded.com/download/#changelog

113

reference_url

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002

114

reference_url

https://roumenpetrov.info/secsh/#news20231220

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://roumenpetrov.info/secsh/#news20231220

115

reference_url

https://security.gentoo.org/glsa/202312-16

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://security.gentoo.org/glsa/202312-16

116

reference_url

https://security.gentoo.org/glsa/202312-17

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://security.gentoo.org/glsa/202312-17

117

reference_url

https://security.netapp.com/advisory/ntap-20240105-0004

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20240105-0004

118

reference_url

https://security-tracker.debian.org/tracker/source-package/libssh2

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://security-tracker.debian.org/tracker/source-package/libssh2

119

reference_url

https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg

120

reference_url

https://security-tracker.debian.org/tracker/source-package/trilead-ssh2

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://security-tracker.debian.org/tracker/source-package/trilead-ssh2

121

reference_url

https://support.apple.com/kb/HT214084

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://support.apple.com/kb/HT214084

122

reference_url

https://twitter.com/TrueSkrillor/status/1736774389725565005

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://twitter.com/TrueSkrillor/status/1736774389725565005

123

reference_url

https://winscp.net/eng/docs/history#6.2.2

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://winscp.net/eng/docs/history#6.2.2

124

reference_url

https://www.bitvise.com/ssh-client-version-history#933

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://www.bitvise.com/ssh-client-version-history#933

125

reference_url

https://www.bitvise.com/ssh-server-version-history

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://www.bitvise.com/ssh-server-version-history

126

reference_url

https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html

127

reference_url

https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update

128

reference_url

https://www.debian.org/security/2023/dsa-5586

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://www.debian.org/security/2023/dsa-5586

129

reference_url

https://www.debian.org/security/2023/dsa-5588

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://www.debian.org/security/2023/dsa-5588

130

reference_url

https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc

131

reference_url

https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508

132

reference_url

https://www.netsarang.com/en/xshell-update-history

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.netsarang.com/en/xshell-update-history

133

reference_url

https://www.netsarang.com/en/xshell-update-history/

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://www.netsarang.com/en/xshell-update-history/

134

reference_url

https://www.openssh.com/openbsd.html

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://www.openssh.com/openbsd.html

135

reference_url

https://www.openssh.com/txt/release-9.6

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://www.openssh.com/txt/release-9.6

136

reference_url

https://www.openwall.com/lists/oss-security/2023/12/18/2

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://www.openwall.com/lists/oss-security/2023/12/18/2

137

reference_url

https://www.openwall.com/lists/oss-security/2023/12/20/3

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://www.openwall.com/lists/oss-security/2023/12/20/3

138

reference_url

https://www.paramiko.org/changelog.html

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://www.paramiko.org/changelog.html

139

reference_url

https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed

140

reference_url

https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/

141

reference_url

https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795

142

reference_url

https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/

143

reference_url

https://www.terrapin-attack.com

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://www.terrapin-attack.com

144

reference_url

https://www.theregister.com/2023/12/20/terrapin_attack_ssh

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://www.theregister.com/2023/12/20/terrapin_attack_ssh

145

reference_url

https://www.vandyke.com/products/securecrt/history.txt

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://www.vandyke.com/products/securecrt/history.txt

146

reference_url

http://www.openwall.com/lists/oss-security/2023/12/18/3

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

http://www.openwall.com/lists/oss-security/2023/12/18/3

147

reference_url

http://www.openwall.com/lists/oss-security/2023/12/19/5

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

http://www.openwall.com/lists/oss-security/2023/12/19/5

148

reference_url

http://www.openwall.com/lists/oss-security/2023/12/20/3

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

http://www.openwall.com/lists/oss-security/2023/12/20/3

149

reference_url

http://www.openwall.com/lists/oss-security/2024/03/06/3

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

http://www.openwall.com/lists/oss-security/2024/03/06/3

150

reference_url

http://www.openwall.com/lists/oss-security/2024/04/17/8

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

http://www.openwall.com/lists/oss-security/2024/04/17/8

151

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059001
reference_id	1059001
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059001

152

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059002
reference_id	1059002
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059002

153

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059003
reference_id	1059003
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059003

154

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059004
reference_id	1059004
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059004

155

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059005
reference_id	1059005
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059005

156

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059006
reference_id	1059006
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059006

157

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059007
reference_id	1059007
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059007

158

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059058
reference_id	1059058
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059058

159

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059144
reference_id	1059144
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059144

160

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059290
reference_id	1059290
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059290

161

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059294
reference_id	1059294
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059294

162

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/

reference_id

33XHJUB6ROFUOH2OQNENFROTVH6MHSHA

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/

163

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/

reference_id

3CAYYW35MUTNO65RVAELICTNZZFMT2XS

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/

164

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/

reference_id

3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/

165

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/

reference_id

6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/

166

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/

reference_id

BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/

167

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/

reference_id

C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/

168

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/

reference_id

CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/

169

reference_url

https://access.redhat.com/security/cve/cve-2023-48795

reference_id

CVE-2023-48795

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://access.redhat.com/security/cve/cve-2023-48795

170

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-48795

reference_id

CVE-2023-48795

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-48795

171

reference_url

https://security-tracker.debian.org/tracker/CVE-2023-48795

reference_id

CVE-2023-48795

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://security-tracker.debian.org/tracker/CVE-2023-48795

172

reference_url

https://ubuntu.com/security/CVE-2023-48795

reference_id

CVE-2023-48795

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://ubuntu.com/security/CVE-2023-48795

173

reference_url

https://thorntech.com/cve-2023-48795-and-sftp-gateway

reference_id

CVE-2023-48795-AND-SFTP-GATEWAY

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://thorntech.com/cve-2023-48795-and-sftp-gateway

174

reference_url

https://thorntech.com/cve-2023-48795-and-sftp-gateway/

reference_id

CVE-2023-48795-AND-SFTP-GATEWAY

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://thorntech.com/cve-2023-48795-and-sftp-gateway/

175

reference_url

https://www.vicarius.io/vsociety/posts/cve-2023-48795-detect-openssh-vulnerabilit

reference_id

CVE-2023-48795-DETECT-OPENSSH-VULNERABILIT

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.vicarius.io/vsociety/posts/cve-2023-48795-detect-openssh-vulnerabilit

176

reference_url

https://www.vicarius.io/vsociety/posts/cve-2023-48795-mitigate-openssh-vulnerability

reference_id

CVE-2023-48795-MITIGATE-OPENSSH-VULNERABILITY

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.vicarius.io/vsociety/posts/cve-2023-48795-mitigate-openssh-vulnerability

177

reference_url

https://github.com/advisories/GHSA-45x7-px36-x8w8

reference_id

GHSA-45x7-px36-x8w8

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://github.com/advisories/GHSA-45x7-px36-x8w8

178

reference_url

https://github.com/warp-tech/russh/security/advisories/GHSA-45x7-px36-x8w8

reference_id

GHSA-45x7-px36-x8w8

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/warp-tech/russh/security/advisories/GHSA-45x7-px36-x8w8

179

reference_url	https://security.gentoo.org/glsa/202407-11
reference_id	GLSA-202407-11
reference_type
scores
url	https://security.gentoo.org/glsa/202407-11

180

reference_url	https://security.gentoo.org/glsa/202407-12
reference_id	GLSA-202407-12
reference_type
scores
url	https://security.gentoo.org/glsa/202407-12

181

reference_url	https://security.gentoo.org/glsa/202509-06
reference_id	GLSA-202509-06
reference_type
scores
url	https://security.gentoo.org/glsa/202509-06

182

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/

reference_id

HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/

183

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/

reference_id

I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/

184

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/

reference_id

KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/

185

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/

reference_id

L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/

186

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/

reference_id

LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/

187

reference_url

https://security.netapp.com/advisory/ntap-20240105-0004/

reference_id

ntap-20240105-0004

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://security.netapp.com/advisory/ntap-20240105-0004/

188

reference_url	https://access.redhat.com/errata/RHSA-2023:7197
reference_id	RHSA-2023:7197
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:7197

189

reference_url	https://access.redhat.com/errata/RHSA-2023:7198
reference_id	RHSA-2023:7198
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:7198

190

reference_url	https://access.redhat.com/errata/RHSA-2023:7201
reference_id	RHSA-2023:7201
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:7201

191

reference_url	https://access.redhat.com/errata/RHSA-2024:0040
reference_id	RHSA-2024:0040
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0040

192

reference_url	https://access.redhat.com/errata/RHSA-2024:0429
reference_id	RHSA-2024:0429
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0429

193

reference_url	https://access.redhat.com/errata/RHSA-2024:0455
reference_id	RHSA-2024:0455
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0455

194

reference_url	https://access.redhat.com/errata/RHSA-2024:0499
reference_id	RHSA-2024:0499
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0499

195

reference_url	https://access.redhat.com/errata/RHSA-2024:0538
reference_id	RHSA-2024:0538
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0538

196

reference_url	https://access.redhat.com/errata/RHSA-2024:0594
reference_id	RHSA-2024:0594
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0594

197

reference_url	https://access.redhat.com/errata/RHSA-2024:0606
reference_id	RHSA-2024:0606
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0606

198

reference_url	https://access.redhat.com/errata/RHSA-2024:0625
reference_id	RHSA-2024:0625
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0625

199

reference_url	https://access.redhat.com/errata/RHSA-2024:0628
reference_id	RHSA-2024:0628
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0628

200

reference_url	https://access.redhat.com/errata/RHSA-2024:0766
reference_id	RHSA-2024:0766
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0766

201

reference_url	https://access.redhat.com/errata/RHSA-2024:0789
reference_id	RHSA-2024:0789
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0789

202

reference_url	https://access.redhat.com/errata/RHSA-2024:0843
reference_id	RHSA-2024:0843
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0843

203

reference_url	https://access.redhat.com/errata/RHSA-2024:0880
reference_id	RHSA-2024:0880
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0880

204

reference_url	https://access.redhat.com/errata/RHSA-2024:0954
reference_id	RHSA-2024:0954
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0954

205

reference_url	https://access.redhat.com/errata/RHSA-2024:1130
reference_id	RHSA-2024:1130
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1130

206

reference_url	https://access.redhat.com/errata/RHSA-2024:1150
reference_id	RHSA-2024:1150
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1150

207

reference_url	https://access.redhat.com/errata/RHSA-2024:1192
reference_id	RHSA-2024:1192
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1192

208

reference_url	https://access.redhat.com/errata/RHSA-2024:1193
reference_id	RHSA-2024:1193
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1193

209

reference_url	https://access.redhat.com/errata/RHSA-2024:1196
reference_id	RHSA-2024:1196
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1196

210

reference_url	https://access.redhat.com/errata/RHSA-2024:1197
reference_id	RHSA-2024:1197
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1197

211

reference_url	https://access.redhat.com/errata/RHSA-2024:1210
reference_id	RHSA-2024:1210
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1210

212

reference_url	https://access.redhat.com/errata/RHSA-2024:1383
reference_id	RHSA-2024:1383
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1383

213

reference_url	https://access.redhat.com/errata/RHSA-2024:1557
reference_id	RHSA-2024:1557
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1557

214

reference_url	https://access.redhat.com/errata/RHSA-2024:1859
reference_id	RHSA-2024:1859
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1859

215

reference_url	https://access.redhat.com/errata/RHSA-2024:2728
reference_id	RHSA-2024:2728
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2728

216

reference_url	https://access.redhat.com/errata/RHSA-2024:2735
reference_id	RHSA-2024:2735
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2735

217

reference_url	https://access.redhat.com/errata/RHSA-2024:2768
reference_id	RHSA-2024:2768
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2768

218

reference_url	https://access.redhat.com/errata/RHSA-2024:2988
reference_id	RHSA-2024:2988
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2988

219

reference_url	https://access.redhat.com/errata/RHSA-2024:3479
reference_id	RHSA-2024:3479
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:3479

220

reference_url	https://access.redhat.com/errata/RHSA-2024:3634
reference_id	RHSA-2024:3634
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:3634

221

reference_url	https://access.redhat.com/errata/RHSA-2024:3635
reference_id	RHSA-2024:3635
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:3635

222

reference_url	https://access.redhat.com/errata/RHSA-2024:3636
reference_id	RHSA-2024:3636
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:3636

223

reference_url	https://access.redhat.com/errata/RHSA-2024:3918
reference_id	RHSA-2024:3918
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:3918

224

reference_url	https://access.redhat.com/errata/RHSA-2024:4010
reference_id	RHSA-2024:4010
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:4010

225

reference_url	https://access.redhat.com/errata/RHSA-2024:4151
reference_id	RHSA-2024:4151
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:4151

226

reference_url	https://access.redhat.com/errata/RHSA-2024:4329
reference_id	RHSA-2024:4329
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:4329

227

reference_url	https://access.redhat.com/errata/RHSA-2024:4479
reference_id	RHSA-2024:4479
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:4479

228

reference_url	https://access.redhat.com/errata/RHSA-2024:4484
reference_id	RHSA-2024:4484
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:4484

229

reference_url	https://access.redhat.com/errata/RHSA-2024:4597
reference_id	RHSA-2024:4597
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:4597

230

reference_url	https://access.redhat.com/errata/RHSA-2024:4662
reference_id	RHSA-2024:4662
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:4662

231

reference_url	https://access.redhat.com/errata/RHSA-2024:4955
reference_id	RHSA-2024:4955
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:4955

232

reference_url	https://access.redhat.com/errata/RHSA-2024:4959
reference_id	RHSA-2024:4959
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:4959

233

reference_url	https://access.redhat.com/errata/RHSA-2024:5200
reference_id	RHSA-2024:5200
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:5200

234

reference_url	https://access.redhat.com/errata/RHSA-2024:5432
reference_id	RHSA-2024:5432
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:5432

235

reference_url	https://access.redhat.com/errata/RHSA-2024:5433
reference_id	RHSA-2024:5433
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:5433

236

reference_url	https://access.redhat.com/errata/RHSA-2024:5438
reference_id	RHSA-2024:5438
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:5438

237

reference_url	https://access.redhat.com/errata/RHSA-2024:8235
reference_id	RHSA-2024:8235
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:8235

238

reference_url	https://access.redhat.com/errata/RHSA-2025:4664
reference_id	RHSA-2025:4664
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:4664

239

reference_url	https://usn.ubuntu.com/6560-1/
reference_id	USN-6560-1
reference_type
scores
url	https://usn.ubuntu.com/6560-1/

240

reference_url	https://usn.ubuntu.com/6560-2/
reference_id	USN-6560-2
reference_type
scores
url	https://usn.ubuntu.com/6560-2/

241

reference_url	https://usn.ubuntu.com/6561-1/
reference_id	USN-6561-1
reference_type
scores
url	https://usn.ubuntu.com/6561-1/

242

reference_url	https://usn.ubuntu.com/6585-1/
reference_id	USN-6585-1
reference_type
scores
url	https://usn.ubuntu.com/6585-1/

243

reference_url	https://usn.ubuntu.com/6589-1/
reference_id	USN-6589-1
reference_type
scores
url	https://usn.ubuntu.com/6589-1/

244

reference_url	https://usn.ubuntu.com/6598-1/
reference_id	USN-6598-1
reference_type
scores
url	https://usn.ubuntu.com/6598-1/

245

reference_url	https://usn.ubuntu.com/6738-1/
reference_id	USN-6738-1
reference_type
scores
url	https://usn.ubuntu.com/6738-1/

246

reference_url	https://usn.ubuntu.com/7051-1/
reference_id	USN-7051-1
reference_type
scores
url	https://usn.ubuntu.com/7051-1/

247

reference_url	https://usn.ubuntu.com/7292-1/
reference_id	USN-7292-1
reference_type
scores
url	https://usn.ubuntu.com/7292-1/

248

reference_url	https://usn.ubuntu.com/7297-1/
reference_id	USN-7297-1
reference_type
scores
url	https://usn.ubuntu.com/7297-1/

fixed_packages

url	pkg:deb/debian/golang-go.crypto@1:0.25.0-1~bpo12%2B1
purl	pkg:deb/debian/golang-go.crypto@1:0.25.0-1~bpo12%2B1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.25.0-1~bpo12%252B1

aliases CVE-2023-48795, GHSA-45x7-px36-x8w8

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jzn6-bzzf-nugp

url VCID-mn45-w3s3-syej

vulnerability_id VCID-mn45-w3s3-syej

summary

Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto
Applications and libraries which misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass.

The documentation for ServerConfig.PublicKeyCallback says that "A call to this function does not guarantee that the key offered is in fact used to authenticate." Specifically, the SSH protocol allows clients to inquire about whether a public key is acceptable before proving control of the corresponding private key. PublicKeyCallback may be called with multiple keys, and the order in which the keys were provided cannot be used to infer which key the client successfully authenticated with, if any. Some applications, which store the key(s) passed to PublicKeyCallback (or derived information) and make security relevant determinations based on it once the connection is established, may make incorrect assumptions.

For example, an attacker may send public keys A and B, and then authenticate with A. PublicKeyCallback would be called only twice, first with A and then with B. A vulnerable application may then make authorization decisions based on key B for which the attacker does not actually control the private key.

Since this API is widely misused, as a partial mitigation golang.org/x/crypto@v0.31.0 enforces the property that, when successfully authenticating via public key, the last key passed to ServerConfig.PublicKeyCallback will be the key used to authenticate the connection. PublicKeyCallback will now be called multiple times with the same key, if necessary. Note that the client may still not control the last key passed to PublicKeyCallback if the connection is then authenticated with a different method, such as PasswordCallback, KeyboardInteractiveCallback, or NoClientAuth.

Users should be using the Extensions field of the Permissions return value from the various authentication callbacks to record data associated with the authentication attempt instead of referencing external state. Once the connection is established the state corresponding to the successful authentication attempt can be retrieved via the ServerConn.Permissions field. Note that some third-party libraries misuse the Permissions type by sharing it across authentication attempts; users of third-party libraries should refer to the relevant projects for guidance.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45337.json

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45337.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-45337

reference_id

reference_type

scores

value	0.30296
scoring_system	epss
scoring_elements	0.96696
published_at	2026-04-18T12:55:00Z

value	0.30296
scoring_system	epss
scoring_elements	0.9666
published_at	2026-04-02T12:55:00Z

value	0.30296
scoring_system	epss
scoring_elements	0.96692
published_at	2026-04-16T12:55:00Z

value	0.30296
scoring_system	epss
scoring_elements	0.96685
published_at	2026-04-13T12:55:00Z

value	0.30296
scoring_system	epss
scoring_elements	0.96682
published_at	2026-04-12T12:55:00Z

value	0.30296
scoring_system	epss
scoring_elements	0.96679
published_at	2026-04-09T12:55:00Z

value	0.30296
scoring_system	epss
scoring_elements	0.96678
published_at	2026-04-08T12:55:00Z

value	0.30296
scoring_system	epss
scoring_elements	0.9667
published_at	2026-04-07T12:55:00Z

value	0.30296
scoring_system	epss
scoring_elements	0.96666
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-45337

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45337
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45337

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/golang/crypto

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/golang/crypto

reference_url

https://github.com/golang/crypto/commit/b4f1988a35dee11ec3e05d6bf3e90b695fbd8909

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-12-12T17:57:55Z/

url

https://github.com/golang/crypto/commit/b4f1988a35dee11ec3e05d6bf3e90b695fbd8909

reference_url

https://go.dev/cl/635315

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-12-12T17:57:55Z/

url

https://go.dev/cl/635315

reference_url

https://go.dev/issue/70779

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-12-12T17:57:55Z/

url

https://go.dev/issue/70779

reference_url

https://groups.google.com/g/golang-announce/c/-nPEi39gI4Q/m/cGVPJCqdAQAJ

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-12-12T17:57:55Z/

url

https://groups.google.com/g/golang-announce/c/-nPEi39gI4Q/m/cGVPJCqdAQAJ

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-45337

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-45337

reference_url

https://pkg.go.dev/vuln/GO-2024-3321

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-12-12T17:57:55Z/

url

https://pkg.go.dev/vuln/GO-2024-3321

reference_url

https://security.netapp.com/advisory/ntap-20250131-0007

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20250131-0007

reference_url

http://www.openwall.com/lists/oss-security/2024/12/11/2

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2024/12/11/2

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1089754
reference_id	1089754
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1089754

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2331720
reference_id	2331720
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2331720

reference_url	https://access.redhat.com/errata/RHSA-2024:11037
reference_id	RHSA-2024:11037
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:11037

reference_url	https://access.redhat.com/errata/RHSA-2024:11038
reference_id	RHSA-2024:11038
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:11038

reference_url	https://access.redhat.com/errata/RHSA-2024:6121
reference_id	RHSA-2024:6121
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:6121

reference_url	https://access.redhat.com/errata/RHSA-2025:0370
reference_id	RHSA-2025:0370
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:0370

reference_url	https://access.redhat.com/errata/RHSA-2025:0385
reference_id	RHSA-2025:0385
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:0385

reference_url	https://access.redhat.com/errata/RHSA-2025:0386
reference_id	RHSA-2025:0386
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:0386

reference_url	https://access.redhat.com/errata/RHSA-2025:0390
reference_id	RHSA-2025:0390
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:0390

reference_url	https://access.redhat.com/errata/RHSA-2025:0444
reference_id	RHSA-2025:0444
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:0444

reference_url	https://access.redhat.com/errata/RHSA-2025:0445
reference_id	RHSA-2025:0445
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:0445

reference_url	https://access.redhat.com/errata/RHSA-2025:0485
reference_id	RHSA-2025:0485
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:0485

reference_url	https://access.redhat.com/errata/RHSA-2025:0522
reference_id	RHSA-2025:0522
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:0522

reference_url	https://access.redhat.com/errata/RHSA-2025:0535
reference_id	RHSA-2025:0535
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:0535

reference_url	https://access.redhat.com/errata/RHSA-2025:0536
reference_id	RHSA-2025:0536
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:0536

reference_url	https://access.redhat.com/errata/RHSA-2025:0552
reference_id	RHSA-2025:0552
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:0552

reference_url	https://access.redhat.com/errata/RHSA-2025:0560
reference_id	RHSA-2025:0560
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:0560

reference_url	https://access.redhat.com/errata/RHSA-2025:0576
reference_id	RHSA-2025:0576
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:0576

reference_url	https://access.redhat.com/errata/RHSA-2025:0577
reference_id	RHSA-2025:0577
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:0577

reference_url	https://access.redhat.com/errata/RHSA-2025:0645
reference_id	RHSA-2025:0645
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:0645

reference_url	https://access.redhat.com/errata/RHSA-2025:0649
reference_id	RHSA-2025:0649
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:0649

reference_url	https://access.redhat.com/errata/RHSA-2025:0653
reference_id	RHSA-2025:0653
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:0653

reference_url	https://access.redhat.com/errata/RHSA-2025:0676
reference_id	RHSA-2025:0676
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:0676

reference_url	https://access.redhat.com/errata/RHSA-2025:0679
reference_id	RHSA-2025:0679
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:0679

reference_url	https://access.redhat.com/errata/RHSA-2025:0723
reference_id	RHSA-2025:0723
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:0723

reference_url	https://access.redhat.com/errata/RHSA-2025:0778
reference_id	RHSA-2025:0778
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:0778

reference_url	https://access.redhat.com/errata/RHSA-2025:0785
reference_id	RHSA-2025:0785
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:0785

reference_url	https://access.redhat.com/errata/RHSA-2025:0839
reference_id	RHSA-2025:0839
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:0839

reference_url	https://access.redhat.com/errata/RHSA-2025:0851
reference_id	RHSA-2025:0851
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:0851

reference_url	https://access.redhat.com/errata/RHSA-2025:0892
reference_id	RHSA-2025:0892
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:0892

reference_url	https://access.redhat.com/errata/RHSA-2025:10771
reference_id	RHSA-2025:10771
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:10771

reference_url	https://access.redhat.com/errata/RHSA-2025:11396
reference_id	RHSA-2025:11396
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:11396

reference_url	https://access.redhat.com/errata/RHSA-2025:1285
reference_id	RHSA-2025:1285
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1285

reference_url	https://access.redhat.com/errata/RHSA-2025:1287
reference_id	RHSA-2025:1287
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1287

reference_url	https://access.redhat.com/errata/RHSA-2025:1289
reference_id	RHSA-2025:1289
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1289

reference_url	https://access.redhat.com/errata/RHSA-2025:1322
reference_id	RHSA-2025:1322
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1322

reference_url	https://access.redhat.com/errata/RHSA-2025:1324
reference_id	RHSA-2025:1324
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1324

reference_url	https://access.redhat.com/errata/RHSA-2025:1325
reference_id	RHSA-2025:1325
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1325

reference_url	https://access.redhat.com/errata/RHSA-2025:1326
reference_id	RHSA-2025:1326
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1326

reference_url	https://access.redhat.com/errata/RHSA-2025:1327
reference_id	RHSA-2025:1327
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1327

reference_url	https://access.redhat.com/errata/RHSA-2025:1331
reference_id	RHSA-2025:1331
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1331

reference_url	https://access.redhat.com/errata/RHSA-2025:1332
reference_id	RHSA-2025:1332
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1332

reference_url	https://access.redhat.com/errata/RHSA-2025:1333
reference_id	RHSA-2025:1333
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1333

reference_url	https://access.redhat.com/errata/RHSA-2025:1448
reference_id	RHSA-2025:1448
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1448

reference_url	https://access.redhat.com/errata/RHSA-2025:1451
reference_id	RHSA-2025:1451
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1451

reference_url	https://access.redhat.com/errata/RHSA-2025:15680
reference_id	RHSA-2025:15680
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:15680

reference_url	https://access.redhat.com/errata/RHSA-2025:16160
reference_id	RHSA-2025:16160
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:16160

reference_url	https://access.redhat.com/errata/RHSA-2025:16165
reference_id	RHSA-2025:16165
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:16165

reference_url	https://access.redhat.com/errata/RHSA-2025:1710
reference_id	RHSA-2025:1710
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1710

reference_url	https://access.redhat.com/errata/RHSA-2025:17232
reference_id	RHSA-2025:17232
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:17232

reference_url	https://access.redhat.com/errata/RHSA-2025:17657
reference_id	RHSA-2025:17657
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:17657

reference_url	https://access.redhat.com/errata/RHSA-2025:17690
reference_id	RHSA-2025:17690
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:17690

reference_url	https://access.redhat.com/errata/RHSA-2025:1824
reference_id	RHSA-2025:1824
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1824

reference_url	https://access.redhat.com/errata/RHSA-2025:1829
reference_id	RHSA-2025:1829
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1829

reference_url	https://access.redhat.com/errata/RHSA-2025:1841
reference_id	RHSA-2025:1841
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1841

reference_url	https://access.redhat.com/errata/RHSA-2025:1845
reference_id	RHSA-2025:1845
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1845

reference_url	https://access.redhat.com/errata/RHSA-2025:1847
reference_id	RHSA-2025:1847
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1847

reference_url	https://access.redhat.com/errata/RHSA-2025:1848
reference_id	RHSA-2025:1848
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1848

reference_url	https://access.redhat.com/errata/RHSA-2025:1849
reference_id	RHSA-2025:1849
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1849

reference_url	https://access.redhat.com/errata/RHSA-2025:19306
reference_id	RHSA-2025:19306
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:19306

reference_url	https://access.redhat.com/errata/RHSA-2025:22182
reference_id	RHSA-2025:22182
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:22182

reference_url	https://access.redhat.com/errata/RHSA-2025:22287
reference_id	RHSA-2025:22287
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:22287

reference_url	https://access.redhat.com/errata/RHSA-2025:23061
reference_id	RHSA-2025:23061
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:23061

reference_url	https://access.redhat.com/errata/RHSA-2025:23064
reference_id	RHSA-2025:23064
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:23064

reference_url	https://access.redhat.com/errata/RHSA-2025:2588
reference_id	RHSA-2025:2588
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:2588

reference_url	https://access.redhat.com/errata/RHSA-2025:2652
reference_id	RHSA-2025:2652
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:2652

reference_url	https://access.redhat.com/errata/RHSA-2025:2903
reference_id	RHSA-2025:2903
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:2903

reference_url	https://access.redhat.com/errata/RHSA-2025:2933
reference_id	RHSA-2025:2933
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:2933

reference_url	https://access.redhat.com/errata/RHSA-2025:3069
reference_id	RHSA-2025:3069
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:3069

reference_url	https://access.redhat.com/errata/RHSA-2025:3542
reference_id	RHSA-2025:3542
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:3542

reference_url	https://access.redhat.com/errata/RHSA-2025:3560
reference_id	RHSA-2025:3560
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:3560

reference_url	https://access.redhat.com/errata/RHSA-2025:3820
reference_id	RHSA-2025:3820
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:3820

reference_url	https://access.redhat.com/errata/RHSA-2025:8244
reference_id	RHSA-2025:8244
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:8244

reference_url	https://access.redhat.com/errata/RHSA-2026:1730
reference_id	RHSA-2026:1730
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:1730

reference_url	https://access.redhat.com/errata/RHSA-2026:2681
reference_id	RHSA-2026:2681
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2681

reference_url	https://access.redhat.com/errata/RHSA-2026:2754
reference_id	RHSA-2026:2754
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2754

reference_url	https://access.redhat.com/errata/RHSA-2026:2762
reference_id	RHSA-2026:2762
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2762

reference_url	https://access.redhat.com/errata/RHSA-2026:6568
reference_id	RHSA-2026:6568
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:6568

reference_url	https://usn.ubuntu.com/7839-1/
reference_id	USN-7839-1
reference_type
scores
url	https://usn.ubuntu.com/7839-1/

reference_url	https://usn.ubuntu.com/7839-2/
reference_id	USN-7839-2
reference_type
scores
url	https://usn.ubuntu.com/7839-2/

fixed_packages

url	pkg:deb/debian/golang-go.crypto@1:0.25.0-1~bpo12%2B1
purl	pkg:deb/debian/golang-go.crypto@1:0.25.0-1~bpo12%2B1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.25.0-1~bpo12%252B1

url	pkg:deb/debian/golang-go.crypto@1:0.43.0-2
purl	pkg:deb/debian/golang-go.crypto@1:0.43.0-2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.43.0-2

aliases CVE-2024-45337, GHSA-v778-237x-gjrc

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mn45-w3s3-syej

url VCID-n34c-71wq-s3e4

vulnerability_id VCID-n34c-71wq-s3e4

summary

x/crypto/ssh vulnerable to panic via malformed packets
The x/crypto/ssh package before 0.0.0-20211202192323-5770296d904e of golang.org/x/crypto allows an unauthenticated attacker to panic an SSH server. When using AES-GCM or ChaCha20Poly1305, consuming a malformed packet which contains an empty plaintext causes a panic.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-43565.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-43565.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-43565

reference_id

reference_type

scores

value	0.00015
scoring_system	epss
scoring_elements	0.03153
published_at	2026-04-18T12:55:00Z

value	0.00015
scoring_system	epss
scoring_elements	0.03161
published_at	2026-04-01T12:55:00Z

value	0.00015
scoring_system	epss
scoring_elements	0.03218
published_at	2026-04-11T12:55:00Z

value	0.00015
scoring_system	epss
scoring_elements	0.03227
published_at	2026-04-04T12:55:00Z

value	0.00015
scoring_system	epss
scoring_elements	0.03233
published_at	2026-04-07T12:55:00Z

value	0.00015
scoring_system	epss
scoring_elements	0.0324
published_at	2026-04-08T12:55:00Z

value	0.00015
scoring_system	epss
scoring_elements	0.03261
published_at	2026-04-09T12:55:00Z

value	0.00015
scoring_system	epss
scoring_elements	0.03191
published_at	2026-04-12T12:55:00Z

value	0.00015
scoring_system	epss
scoring_elements	0.0317
published_at	2026-04-13T12:55:00Z

value	0.00015
scoring_system	epss
scoring_elements	0.03142
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-43565

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43565
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43565

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://go.dev/cl/368814

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://go.dev/cl/368814

reference_url

https://go.dev/issues/49932

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://go.dev/issues/49932

reference_url

https://groups.google.com/forum/#!forum/golang-announce

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/#!forum/golang-announce

reference_url

https://groups.google.com/g/golang-announce/c/2AR1sKiM-Qs

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/g/golang-announce/c/2AR1sKiM-Qs

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-43565

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-43565

reference_url

https://pkg.go.dev/vuln/GO-2022-0968

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://pkg.go.dev/vuln/GO-2022-0968

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2030787
reference_id	2030787
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2030787

reference_url	https://access.redhat.com/errata/RHSA-2022:1276
reference_id	RHSA-2022:1276
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1276

reference_url	https://access.redhat.com/errata/RHSA-2022:1361
reference_id	RHSA-2022:1361
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1361

reference_url	https://access.redhat.com/errata/RHSA-2022:1372
reference_id	RHSA-2022:1372
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1372

reference_url	https://access.redhat.com/errata/RHSA-2022:5068
reference_id	RHSA-2022:5068
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:5068

reference_url	https://access.redhat.com/errata/RHSA-2022:5069
reference_id	RHSA-2022:5069
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:5069

reference_url	https://access.redhat.com/errata/RHSA-2022:5188
reference_id	RHSA-2022:5188
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:5188

reference_url	https://access.redhat.com/errata/RHSA-2022:5673
reference_id	RHSA-2022:5673
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:5673

reference_url	https://access.redhat.com/errata/RHSA-2022:8938
reference_id	RHSA-2022:8938
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8938

reference_url	https://access.redhat.com/errata/RHSA-2024:2944
reference_id	RHSA-2024:2944
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2944

fixed_packages

url pkg:deb/debian/golang-go.crypto@1:0.4.0-1

purl pkg:deb/debian/golang-go.crypto@1:0.4.0-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-cmts-6kz4-zkh8

vulnerability	VCID-hu5a-ewvg-6ya7

vulnerability	VCID-jwxs-gteb-kfg5

vulnerability	VCID-jzn6-bzzf-nugp

vulnerability	VCID-mn45-w3s3-syej

vulnerability	VCID-sty6-gwh1-hbcy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.4.0-1

aliases CVE-2021-43565, GHSA-gwc9-m7rh-j2ww

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n34c-71wq-s3e4

url VCID-sty6-gwh1-hbcy

vulnerability_id VCID-sty6-gwh1-hbcy

summary golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSH_AGENT_SUCCESS

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-47913.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-47913.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-47913

reference_id

reference_type

scores

value	0.00013
scoring_system	epss
scoring_elements	0.02031
published_at	2026-04-18T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.02274
published_at	2026-04-11T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.02044
published_at	2026-04-12T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.02039
published_at	2026-04-13T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.02017
published_at	2026-04-16T12:55:00Z

value	0.00039
scoring_system	epss
scoring_elements	0.11781
published_at	2026-04-02T12:55:00Z

value	0.00039
scoring_system	epss
scoring_elements	0.11824
published_at	2026-04-04T12:55:00Z

value	0.00039
scoring_system	epss
scoring_elements	0.11611
published_at	2026-04-07T12:55:00Z

value	0.00039
scoring_system	epss
scoring_elements	0.11696
published_at	2026-04-08T12:55:00Z

value	0.00039
scoring_system	epss
scoring_elements	0.11751
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-47913

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47913
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47913

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2414943
reference_id	2414943
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2414943

reference_url

https://go.dev/cl/700295

reference_id

700295

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-13T21:47:44Z/

url

https://go.dev/cl/700295

reference_url

https://go.dev/issue/75178

reference_id

75178

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-13T21:47:44Z/

url

https://go.dev/issue/75178

reference_url

https://github.com/advisories/GHSA-56w8-48fp-6mgv

reference_id

GHSA-56w8-48fp-6mgv

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-13T21:47:44Z/

url

https://github.com/advisories/GHSA-56w8-48fp-6mgv

reference_url

https://pkg.go.dev/vuln/GO-2025-4116

reference_id

GO-2025-4116

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-13T21:47:44Z/

url

https://pkg.go.dev/vuln/GO-2025-4116

reference_url	https://access.redhat.com/errata/RHSA-2025:22743
reference_id	RHSA-2025:22743
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:22743

reference_url	https://access.redhat.com/errata/RHSA-2025:22955
reference_id	RHSA-2025:22955
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:22955

reference_url	https://access.redhat.com/errata/RHSA-2025:23028
reference_id	RHSA-2025:23028
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:23028

reference_url	https://access.redhat.com/errata/RHSA-2025:23059
reference_id	RHSA-2025:23059
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:23059

reference_url	https://access.redhat.com/errata/RHSA-2025:23060
reference_id	RHSA-2025:23060
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:23060

reference_url	https://access.redhat.com/errata/RHSA-2025:23061
reference_id	RHSA-2025:23061
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:23061

reference_url	https://access.redhat.com/errata/RHSA-2025:23064
reference_id	RHSA-2025:23064
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:23064

reference_url	https://access.redhat.com/errata/RHSA-2025:23176
reference_id	RHSA-2025:23176
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:23176

reference_url	https://access.redhat.com/errata/RHSA-2025:23531
reference_id	RHSA-2025:23531
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:23531

reference_url	https://access.redhat.com/errata/RHSA-2025:23546
reference_id	RHSA-2025:23546
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:23546

reference_url	https://access.redhat.com/errata/RHSA-2026:0436
reference_id	RHSA-2026:0436
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0436

reference_url	https://access.redhat.com/errata/RHSA-2026:0437
reference_id	RHSA-2026:0437
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0437

reference_url	https://access.redhat.com/errata/RHSA-2026:0470
reference_id	RHSA-2026:0470
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0470

reference_url	https://access.redhat.com/errata/RHSA-2026:0527
reference_id	RHSA-2026:0527
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0527

reference_url	https://access.redhat.com/errata/RHSA-2026:0545
reference_id	RHSA-2026:0545
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0545

reference_url	https://access.redhat.com/errata/RHSA-2026:0753
reference_id	RHSA-2026:0753
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0753

reference_url	https://access.redhat.com/errata/RHSA-2026:1018
reference_id	RHSA-2026:1018
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:1018

reference_url	https://access.redhat.com/errata/RHSA-2026:1084
reference_id	RHSA-2026:1084
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:1084

reference_url	https://access.redhat.com/errata/RHSA-2026:1942
reference_id	RHSA-2026:1942
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:1942

reference_url	https://access.redhat.com/errata/RHSA-2026:2136
reference_id	RHSA-2026:2136
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2136

reference_url	https://access.redhat.com/errata/RHSA-2026:2454
reference_id	RHSA-2026:2454
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2454

reference_url	https://access.redhat.com/errata/RHSA-2026:2737
reference_id	RHSA-2026:2737
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2737

reference_url	https://access.redhat.com/errata/RHSA-2026:2922
reference_id	RHSA-2026:2922
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2922

reference_url	https://access.redhat.com/errata/RHSA-2026:3122
reference_id	RHSA-2026:3122
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:3122

reference_url	https://access.redhat.com/errata/RHSA-2026:3827
reference_id	RHSA-2026:3827
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:3827

reference_url	https://access.redhat.com/errata/RHSA-2026:4215
reference_id	RHSA-2026:4215
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:4215

reference_url	https://access.redhat.com/errata/RHSA-2026:4532
reference_id	RHSA-2026:4532
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:4532

reference_url	https://access.redhat.com/errata/RHSA-2026:4693
reference_id	RHSA-2026:4693
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:4693

reference_url	https://access.redhat.com/errata/RHSA-2026:5167
reference_id	RHSA-2026:5167
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:5167

reference_url	https://access.redhat.com/errata/RHSA-2026:5222
reference_id	RHSA-2026:5222
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:5222

reference_url	https://access.redhat.com/errata/RHSA-2026:6503
reference_id	RHSA-2026:6503
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:6503

reference_url	https://access.redhat.com/errata/RHSA-2026:8325
reference_id	RHSA-2026:8325
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:8325

fixed_packages

url	pkg:deb/debian/golang-go.crypto@1:0.25.0-1~bpo12%2B1
purl	pkg:deb/debian/golang-go.crypto@1:0.25.0-1~bpo12%2B1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.25.0-1~bpo12%252B1

url	pkg:deb/debian/golang-go.crypto@1:0.43.0-2
purl	pkg:deb/debian/golang-go.crypto@1:0.43.0-2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.43.0-2

aliases CVE-2025-47913

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sty6-gwh1-hbcy

Fixing_vulnerabilities

url VCID-37zk-9fax-v7e1

vulnerability_id VCID-37zk-9fax-v7e1

summary

Improper Verification of Cryptographic Signature in golang.org/x/crypto
golang.org/x/crypto before v0.0.0-20200220183623-bac4c82f6975 for Go allows a panic during signature verification in the golang.org/x/crypto/ssh package. A client can attack an SSH server that accepts public keys. Also, a server can attack any SSH client.

references

reference_url

http://packetstormsecurity.com/files/156480/Go-SSH-0.0.2-Denial-Of-Service.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://packetstormsecurity.com/files/156480/Go-SSH-0.0.2-Denial-Of-Service.html

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-9283.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-9283.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-9283

reference_id

reference_type

scores

value	0.18682
scoring_system	epss
scoring_elements	0.95277
published_at	2026-04-13T12:55:00Z

value	0.18682
scoring_system	epss
scoring_elements	0.95275
published_at	2026-04-12T12:55:00Z

value	0.18682
scoring_system	epss
scoring_elements	0.95274
published_at	2026-04-11T12:55:00Z

value	0.18682
scoring_system	epss
scoring_elements	0.95269
published_at	2026-04-09T12:55:00Z

value	0.18682
scoring_system	epss
scoring_elements	0.95266
published_at	2026-04-08T12:55:00Z

value	0.18682
scoring_system	epss
scoring_elements	0.95259
published_at	2026-04-07T12:55:00Z

value	0.18682
scoring_system	epss
scoring_elements	0.95254
published_at	2026-04-04T12:55:00Z

value	0.18682
scoring_system	epss
scoring_elements	0.95251
published_at	2026-04-02T12:55:00Z

value	0.18682
scoring_system	epss
scoring_elements	0.95239
published_at	2026-04-01T12:55:00Z

value	0.18682
scoring_system	epss
scoring_elements	0.95285
published_at	2026-04-16T12:55:00Z

value	0.18682
scoring_system	epss
scoring_elements	0.9529
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-9283

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9283
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9283

reference_url

https://github.com/golang/crypto

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/golang/crypto

reference_url

https://github.com/golang/crypto/commit/bac4c82f69751a6dd76e702d54b3ceb88adab236

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/golang/crypto/commit/bac4c82f69751a6dd76e702d54b3ceb88adab236

reference_url

https://go.dev/cl/220357

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://go.dev/cl/220357

reference_url

https://go.googlesource.com/crypto/+/bac4c82f69751a6dd76e702d54b3ceb88adab236

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://go.googlesource.com/crypto/+/bac4c82f69751a6dd76e702d54b3ceb88adab236

reference_url

https://groups.google.com/forum/#!topic/golang-announce/3L45YRc91SY

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/#!topic/golang-announce/3L45YRc91SY

reference_url

https://groups.google.com/g/golang-announce/c/3L45YRc91SY

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/g/golang-announce/c/3L45YRc91SY

reference_url

https://lists.debian.org/debian-lts-announce/2020/10/msg00014.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2020/10/msg00014.html

reference_url

https://lists.debian.org/debian-lts-announce/2020/11/msg00027.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2020/11/msg00027.html

reference_url

https://lists.debian.org/debian-lts-announce/2020/11/msg00031.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2020/11/msg00031.html

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-9283

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-9283

reference_url

https://pkg.go.dev/vuln/GO-2020-0012

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://pkg.go.dev/vuln/GO-2020-0012

reference_url

https://www.exploit-db.com/exploits/48121

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.exploit-db.com/exploits/48121

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1804533
reference_id	1804533
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1804533

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=952462
reference_id	952462
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=952462

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/48121.py
reference_id	CVE-2020-9283
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/48121.py

reference_url	https://access.redhat.com/errata/RHSA-2020:2412
reference_id	RHSA-2020:2412
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2412

reference_url	https://access.redhat.com/errata/RHSA-2020:2413
reference_id	RHSA-2020:2413
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2413

reference_url	https://access.redhat.com/errata/RHSA-2020:2789
reference_id	RHSA-2020:2789
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2789

reference_url	https://access.redhat.com/errata/RHSA-2020:2790
reference_id	RHSA-2020:2790
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2790

reference_url	https://access.redhat.com/errata/RHSA-2020:2793
reference_id	RHSA-2020:2793
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2793

reference_url	https://access.redhat.com/errata/RHSA-2020:2878
reference_id	RHSA-2020:2878
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2878

reference_url	https://access.redhat.com/errata/RHSA-2020:3078
reference_id	RHSA-2020:3078
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3078

reference_url	https://access.redhat.com/errata/RHSA-2020:3369
reference_id	RHSA-2020:3369
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3369

reference_url	https://access.redhat.com/errata/RHSA-2020:3370
reference_id	RHSA-2020:3370
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3370

reference_url	https://access.redhat.com/errata/RHSA-2020:3372
reference_id	RHSA-2020:3372
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3372

reference_url	https://access.redhat.com/errata/RHSA-2020:3414
reference_id	RHSA-2020:3414
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3414

reference_url	https://access.redhat.com/errata/RHSA-2020:3809
reference_id	RHSA-2020:3809
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3809

reference_url	https://access.redhat.com/errata/RHSA-2020:4298
reference_id	RHSA-2020:4298
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4298

reference_url	https://access.redhat.com/errata/RHSA-2021:1129
reference_id	RHSA-2021:1129
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:1129

fixed_packages

url pkg:deb/debian/golang-go.crypto@1:0.0~git20201221.eec23a3-1

purl pkg:deb/debian/golang-go.crypto@1:0.0~git20201221.eec23a3-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1n1h-e2p4-9yhs

vulnerability	VCID-cmts-6kz4-zkh8

vulnerability	VCID-et4d-ak3r-1bfa

vulnerability	VCID-hu5a-ewvg-6ya7

vulnerability	VCID-jwxs-gteb-kfg5

vulnerability	VCID-jzn6-bzzf-nugp

vulnerability	VCID-mn45-w3s3-syej

vulnerability	VCID-n34c-71wq-s3e4

vulnerability	VCID-sty6-gwh1-hbcy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.0~git20201221.eec23a3-1

aliases CVE-2020-9283, GHSA-ffhg-7mh4-33c4

risk_score 10.0

exploitability 2.0

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-37zk-9fax-v7e1

url VCID-3tpx-rnju-w3dw

vulnerability_id VCID-3tpx-rnju-w3dw

summary

golang.org/x/crypto/salsa20/salsa uses insufficiently random values
An issue was discovered in supplementary Go cryptography libraries, aka golang-googlecode-go-crypto, before 2019-03-20. A flaw was found in the amd64 implementation of golang.org/x/crypto/salsa20 and golang.org/x/crypto/salsa20/salsa. If more than 256 GiB of keystream is generated, or if the counter otherwise grows greater than 32 bits, the amd64 implementation will first generate incorrect output, and then cycle back to previously generated keystream. Repeated keystream bytes can lead to loss of confidentiality in encryption applications, or to predictability in CSPRNG applications.

### Specific Go Packages Affected
golang.org/x/crypto/salsa20/salsa

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11840.json

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11840.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-11840

reference_id

reference_type

scores

value	0.02086
scoring_system	epss
scoring_elements	0.84037
published_at	2026-04-18T12:55:00Z

value	0.02086
scoring_system	epss
scoring_elements	0.84035
published_at	2026-04-16T12:55:00Z

value	0.02086
scoring_system	epss
scoring_elements	0.84011
published_at	2026-04-13T12:55:00Z

value	0.02086
scoring_system	epss
scoring_elements	0.84015
published_at	2026-04-12T12:55:00Z

value	0.02086
scoring_system	epss
scoring_elements	0.83976
published_at	2026-04-07T12:55:00Z

value	0.02086
scoring_system	epss
scoring_elements	0.83999
published_at	2026-04-08T12:55:00Z

value	0.02086
scoring_system	epss
scoring_elements	0.84006
published_at	2026-04-09T12:55:00Z

value	0.02086
scoring_system	epss
scoring_elements	0.84021
published_at	2026-04-11T12:55:00Z

value	0.02705
scoring_system	epss
scoring_elements	0.85824
published_at	2026-04-01T12:55:00Z

value	0.02705
scoring_system	epss
scoring_elements	0.85853
published_at	2026-04-04T12:55:00Z

value	0.02705
scoring_system	epss
scoring_elements	0.85835
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-11840

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=1691529

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=1691529

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11840
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11840

reference_url

https://github.com/golang/go

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/golang/go

reference_url

https://github.com/golang/go/issues/30965

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/golang/go/issues/30965

reference_url

https://go.dev/cl/168406

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://go.dev/cl/168406

reference_url

https://go.dev/issue/30965

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://go.dev/issue/30965

reference_url

https://go.googlesource.com/crypto/+/b7391e95e576cacdcdd422573063bc057239113d

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://go.googlesource.com/crypto/+/b7391e95e576cacdcdd422573063bc057239113d

reference_url

https://groups.google.com/forum/#!msg/golang-announce/tjyNcJxb2vQ/n0NRBziSCAAJ

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/#!msg/golang-announce/tjyNcJxb2vQ/n0NRBziSCAAJ

reference_url

https://groups.google.com/g/golang-announce/c/tjyNcJxb2vQ/m/n0NRBziSCAAJ

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/g/golang-announce/c/tjyNcJxb2vQ/m/n0NRBziSCAAJ

reference_url

https://lists.debian.org/debian-lts-announce/2019/06/msg00029.html

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2019/06/msg00029.html

reference_url

https://lists.debian.org/debian-lts-announce/2020/10/msg00014.html

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2020/10/msg00014.html

reference_url

https://lists.debian.org/debian-lts-announce/2020/11/msg00016.html

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2020/11/msg00016.html

reference_url

https://lists.debian.org/debian-lts-announce/2020/11/msg00030.html

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2020/11/msg00030.html

reference_url

https://lists.debian.org/debian-lts-announce/2021/01/msg00015.html

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2021/01/msg00015.html

reference_url

https://lists.debian.org/debian-lts-announce/2023/06/msg00017.html

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2023/06/msg00017.html

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-11840

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-11840

reference_url

https://pkg.go.dev/vuln/GO-2022-0209

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://pkg.go.dev/vuln/GO-2022-0209

reference_url	https://access.redhat.com/errata/RHSA-2021:0079
reference_id	RHSA-2021:0079
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0079

fixed_packages

url pkg:deb/debian/golang-go.crypto@1:0.0~git20201221.eec23a3-1

purl pkg:deb/debian/golang-go.crypto@1:0.0~git20201221.eec23a3-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1n1h-e2p4-9yhs

vulnerability	VCID-cmts-6kz4-zkh8

vulnerability	VCID-et4d-ak3r-1bfa

vulnerability	VCID-hu5a-ewvg-6ya7

vulnerability	VCID-jwxs-gteb-kfg5

vulnerability	VCID-jzn6-bzzf-nugp

vulnerability	VCID-mn45-w3s3-syej

vulnerability	VCID-n34c-71wq-s3e4

vulnerability	VCID-sty6-gwh1-hbcy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.0~git20201221.eec23a3-1

aliases CVE-2019-11840, GHSA-r5c5-pr8j-pfp7

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3tpx-rnju-w3dw

url VCID-andp-4snd-rbbt

vulnerability_id VCID-andp-4snd-rbbt

summary

golang.org/x/crypto/ssh NULL Pointer Dereference vulnerability
A nil pointer dereference in the golang.org/x/crypto/ssh component through v0.0.0-20201203163018-be400aefbc4c for Go allows remote attackers to cause a denial of service against SSH servers. An attacker can craft an authentication request message for the `gssapi-with-mic` method which will cause NewServerConn to panic via a nil pointer dereference if ServerConfig.GSSAPIWithMICConfig is nil.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-29652.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-29652.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-29652

reference_id

reference_type

scores

value	0.00031
scoring_system	epss
scoring_elements	0.08618
published_at	2026-04-18T12:55:00Z

value	0.00031
scoring_system	epss
scoring_elements	0.08629
published_at	2026-04-16T12:55:00Z

value	0.00031
scoring_system	epss
scoring_elements	0.08779
published_at	2026-04-11T12:55:00Z

value	0.00031
scoring_system	epss
scoring_elements	0.08742
published_at	2026-04-13T12:55:00Z

value	0.00031
scoring_system	epss
scoring_elements	0.08757
published_at	2026-04-12T12:55:00Z

value	0.00031
scoring_system	epss
scoring_elements	0.08674
published_at	2026-04-01T12:55:00Z

value	0.00031
scoring_system	epss
scoring_elements	0.08702
published_at	2026-04-02T12:55:00Z

value	0.00031
scoring_system	epss
scoring_elements	0.0875
published_at	2026-04-04T12:55:00Z

value	0.00031
scoring_system	epss
scoring_elements	0.08675
published_at	2026-04-07T12:55:00Z

value	0.00031
scoring_system	epss
scoring_elements	0.08751
published_at	2026-04-08T12:55:00Z

value	0.00031
scoring_system	epss
scoring_elements	0.08777
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-29652

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29652
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29652

reference_url

https://go.dev/cl/278852

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://go.dev/cl/278852

reference_url

https://go.googlesource.com/crypto/+/8b5274cf687fd9316b4108863654cc57385531e8

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://go.googlesource.com/crypto/+/8b5274cf687fd9316b4108863654cc57385531e8

reference_url

https://go-review.googlesource.com/c/crypto/+/278852

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://go-review.googlesource.com/c/crypto/+/278852

reference_url

https://groups.google.com/g/golang-announce/c/ouZIlBimOsE?pli=1

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/g/golang-announce/c/ouZIlBimOsE?pli=1

reference_url

https://lists.apache.org/thread.html/r68032132c0399c29d6cdc7bd44918535da54060a10a12b1591328bff@%3Cnotifications.skywalking.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r68032132c0399c29d6cdc7bd44918535da54060a10a12b1591328bff@%3Cnotifications.skywalking.apache.org%3E

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-29652

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-29652

reference_url

https://pkg.go.dev/vuln/GO-2021-0227

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://pkg.go.dev/vuln/GO-2021-0227

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1908883
reference_id	1908883
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1908883

reference_url	https://access.redhat.com/errata/RHSA-2020:5633
reference_id	RHSA-2020:5633
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:5633

reference_url	https://access.redhat.com/errata/RHSA-2021:1796
reference_id	RHSA-2021:1796
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:1796

reference_url	https://access.redhat.com/errata/RHSA-2021:2920
reference_id	RHSA-2021:2920
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:2920

fixed_packages

url pkg:deb/debian/golang-go.crypto@1:0.0~git20201221.eec23a3-1

purl pkg:deb/debian/golang-go.crypto@1:0.0~git20201221.eec23a3-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1n1h-e2p4-9yhs

vulnerability	VCID-cmts-6kz4-zkh8

vulnerability	VCID-et4d-ak3r-1bfa

vulnerability	VCID-hu5a-ewvg-6ya7

vulnerability	VCID-jwxs-gteb-kfg5

vulnerability	VCID-jzn6-bzzf-nugp

vulnerability	VCID-mn45-w3s3-syej

vulnerability	VCID-n34c-71wq-s3e4

vulnerability	VCID-sty6-gwh1-hbcy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.0~git20201221.eec23a3-1

aliases CVE-2020-29652, GHSA-3vm4-22fp-5rfm

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-andp-4snd-rbbt

url VCID-zvd3-3b1h-77ef

vulnerability_id VCID-zvd3-3b1h-77ef

summary

Golang/x/crypto message forgery vulnerability
A message-forgery issue was discovered in `crypto/openpgp/clearsign/clearsign.go` in supplementary Go cryptography libraries 2019-03-25. According to the OpenPGP Message Format specification in RFC 4880 chapter 7, a cleartext signed message can contain one or more optional "Hash" Armor Headers. The "Hash" Armor Header specifies the message digest algorithm(s) used for the signature. However, the Go clearsign package ignores the value of this header, which allows an attacker to spoof it. Consequently, an attacker can lead a victim to believe the signature was generated using a different message digest algorithm than what was actually used. Moreover, since the library skips Armor Header parsing in general, an attacker can not only embed arbitrary Armor Headers, but also prepend arbitrary text to cleartext messages without invalidating the signatures.

references

reference_url

http://packetstormsecurity.com/files/152840/Go-Cryptography-Libraries-Cleartext-Message-Spoofing.html

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://packetstormsecurity.com/files/152840/Go-Cryptography-Libraries-Cleartext-Message-Spoofing.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-11841

reference_id

reference_type

scores

value	0.00397
scoring_system	epss
scoring_elements	0.60586
published_at	2026-04-16T12:55:00Z

value	0.00397
scoring_system	epss
scoring_elements	0.60545
published_at	2026-04-13T12:55:00Z

value	0.00397
scoring_system	epss
scoring_elements	0.60525
published_at	2026-04-04T12:55:00Z

value	0.00397
scoring_system	epss
scoring_elements	0.60592
published_at	2026-04-18T12:55:00Z

value	0.00397
scoring_system	epss
scoring_elements	0.60566
published_at	2026-04-12T12:55:00Z

value	0.00397
scoring_system	epss
scoring_elements	0.6058
published_at	2026-04-11T12:55:00Z

value	0.00397
scoring_system	epss
scoring_elements	0.60559
published_at	2026-04-09T12:55:00Z

value	0.00397
scoring_system	epss
scoring_elements	0.60543
published_at	2026-04-08T12:55:00Z

value	0.00397
scoring_system	epss
scoring_elements	0.60494
published_at	2026-04-07T12:55:00Z

value	0.00397
scoring_system	epss
scoring_elements	0.60423
published_at	2026-04-01T12:55:00Z

value	0.00397
scoring_system	epss
scoring_elements	0.60498
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-11841

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11841
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11841

reference_url

https://github.com/golang/crypto/commit/c05e17bb3b2dca130fc919668a96b4bec9eb9442

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/golang/crypto/commit/c05e17bb3b2dca130fc919668a96b4bec9eb9442

reference_url

https://github.com/golang/crypto/tree/master/openpgp/clearsign

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/golang/crypto/tree/master/openpgp/clearsign

reference_url

https://go.googlesource.com/crypto/+/c05e17bb3b2dca130fc919668a96b4bec9eb9442

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://go.googlesource.com/crypto/+/c05e17bb3b2dca130fc919668a96b4bec9eb9442

reference_url

https://go-review.git.corp.google.com/c/crypto/+/173778

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://go-review.git.corp.google.com/c/crypto/+/173778

reference_url

https://groups.google.com/d/msg/golang-openpgp/6vdgZoTgbIY/K6bBY9z3DAAJ

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/d/msg/golang-openpgp/6vdgZoTgbIY/K6bBY9z3DAAJ

reference_url

https://lists.debian.org/debian-lts-announce/2019/09/msg00011.html

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2019/09/msg00011.html

reference_url

https://lists.debian.org/debian-lts-announce/2020/10/msg00014.html

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2020/10/msg00014.html

reference_url

https://lists.debian.org/debian-lts-announce/2023/06/msg00017.html

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2023/06/msg00017.html

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-11841

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-11841

reference_url

https://pkg.go.dev/vuln/GO-2023-1992

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://pkg.go.dev/vuln/GO-2023-1992

reference_url

https://web.archive.org/web/20201207161832/https://sec-consult.com/en/blog/advisories/cleartext-message-spoofing-in-go-cryptography-libraries-cve-2019-11841

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20201207161832/https://sec-consult.com/en/blog/advisories/cleartext-message-spoofing-in-go-cryptography-libraries-cve-2019-11841

fixed_packages

url pkg:deb/debian/golang-go.crypto@1:0.0~git20201221.eec23a3-1

purl pkg:deb/debian/golang-go.crypto@1:0.0~git20201221.eec23a3-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1n1h-e2p4-9yhs

vulnerability	VCID-cmts-6kz4-zkh8

vulnerability	VCID-et4d-ak3r-1bfa

vulnerability	VCID-hu5a-ewvg-6ya7

vulnerability	VCID-jwxs-gteb-kfg5

vulnerability	VCID-jzn6-bzzf-nugp

vulnerability	VCID-mn45-w3s3-syej

vulnerability	VCID-n34c-71wq-s3e4

vulnerability	VCID-sty6-gwh1-hbcy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.0~git20201221.eec23a3-1

aliases CVE-2019-11841, GHSA-x3jr-pf6g-c48f

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zvd3-3b1h-77ef

Risk_score 4.5

Resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.0~git20201221.eec23a3-1

Package Instance