{"url":"http://public2.vulnerablecode.io/api/packages/924148?format=json","purl":"pkg:deb/debian/golang-go.crypto@1:0.47.0-1?distro=trixie","type":"deb","namespace":"debian","name":"golang-go.crypto","version":"1:0.47.0-1","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"1:0.50.0-1","latest_non_vulnerable_version":"1:0.50.0-1","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/53379?format=json","vulnerability_id":"VCID-1n1h-e2p4-9yhs","summary":"golang.org/x/crypto/ssh Denial of service via crafted Signer\nThe golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to crash a server in certain circumstances involving AddHostKey.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27191.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27191.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-27191","reference_id":"","reference_type":"","scores":[{"value":"0.00089","scoring_system":"epss","scoring_elements":"0.25159","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00089","scoring_system":"epss","scoring_elements":"0.25443","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00089","scoring_system":"epss","scoring_elements":"0.25318","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00089","scoring_system":"epss","scoring_elements":"0.2525","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00089","scoring_system":"epss","scoring_elements":"0.25479","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00089","scoring_system":"epss","scoring_elements":"0.25099","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00089","scoring_system":"epss","scoring_elements":"0.25034","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00089","scoring_system":"epss","scoring_elements":"0.25153","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00089","scoring_system":"epss","scoring_elements":"0.25199","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00089","scoring_system":"epss","scoring_elements":"0.25209","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00089","scoring_system":"epss","scoring_elements":"0.25246","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00089","scoring_system":"epss","scoring_elements":"0.25276","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00089","scoring_system":"epss","scoring_elements":"0.25286","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00089","scoring_system":"epss","scoring_elements":"0.2528","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00089","scoring_system":"epss","scoring_elements":"0.25333","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00089","scoring_system":"epss","scoring_elements":"0.25374","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00089","scoring_system":"epss","scoring_elements":"0.25363","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-27191"},{"reference_url":"https://cs.opensource.google/go/x/crypto","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://cs.opensource.google/go/x/crypto"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27191","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27191"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://go.dev/cl/392355","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://go.dev/cl/392355"},{"reference_url":"https://go.googlesource.com/crypto/+/1baeb1ce4c0b006eff0f294c47cb7617598dfb3d","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://go.googlesource.com/crypto/+/1baeb1ce4c0b006eff0f294c47cb7617598dfb3d"},{"reference_url":"https://groups.google.com/g/golang-announce","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/g/golang-announce"},{"reference_url":"https://groups.google.com/g/golang-announce/c/-cp44ypCT5s","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/g/golang-announce/c/-cp44ypCT5s"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DLUJZV3HBP56ADXU6QH2V7RNYUPMVBXQ","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DLUJZV3HBP56ADXU6QH2V7RNYUPMVBXQ"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EZ3S7LB65N54HXXBCB67P4TTOHTNPP5O","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EZ3S7LB65N54HXXBCB67P4TTOHTNPP5O"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HHGBEGJ54DZZGTXFUQNS7ZIG3E624YAF","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HHGBEGJ54DZZGTXFUQNS7ZIG3E624YAF"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J5WPM42UR6XIBQNQPNQHM32X7S4LJTRX","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J5WPM42UR6XIBQNQPNQHM32X7S4LJTRX"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QTFOIDHQRGNI4P6LYN6ILH5G443RYYKB","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QTFOIDHQRGNI4P6LYN6ILH5G443RYYKB"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YHYRQB7TRMHDB3NEHW5XBRG7PPMUTPGV","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YHYRQB7TRMHDB3NEHW5XBRG7PPMUTPGV"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZFUNHFHQVJSADNH7EZ3B53CYDZVEEPBP","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZFUNHFHQVJSADNH7EZ3B53CYDZVEEPBP"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQNPPQWSTP2IX7SHE6TS4SP4EVMI5EZK","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQNPPQWSTP2IX7SHE6TS4SP4EVMI5EZK"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-27191","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-27191"},{"reference_url":"https://pkg.go.dev/vuln/GO-2021-0356","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://pkg.go.dev/vuln/GO-2021-0356"},{"reference_url":"https://raw.githubusercontent.com/golang/vulndb/df2d3d326300e2ae768f00351ffa96cc2c56cf54/reports/GO-2021-0356.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://raw.githubusercontent.com/golang/vulndb/df2d3d326300e2ae768f00351ffa96cc2c56cf54/reports/GO-2021-0356.yaml"},{"reference_url":"https://security.netapp.com/advisory/ntap-20220429-0002","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20220429-0002"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2064702","reference_id":"2064702","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2064702"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4956","reference_id":"RHSA-2022:4956","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4956"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5068","reference_id":"RHSA-2022:5068","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5068"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5069","reference_id":"RHSA-2022:5069","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5069"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6527","reference_id":"RHSA-2022:6527","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6527"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7401","reference_id":"RHSA-2022:7401","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7401"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7457","reference_id":"RHSA-2022:7457","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7457"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7469","reference_id":"RHSA-2022:7469","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7469"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7954","reference_id":"RHSA-2022:7954","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7954"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8634","reference_id":"RHSA-2022:8634","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8634"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8893","reference_id":"RHSA-2022:8893","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8893"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8932","reference_id":"RHSA-2022:8932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8938","reference_id":"RHSA-2022:8938","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8938"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:9096","reference_id":"RHSA-2022:9096","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:9096"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:9107","reference_id":"RHSA-2022:9107","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:9107"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1325","reference_id":"RHSA-2023:1325","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1325"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1326","reference_id":"RHSA-2023:1326","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1326"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3366","reference_id":"RHSA-2023:3366","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3366"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3943","reference_id":"RHSA-2023:3943","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3943"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4488","reference_id":"RHSA-2023:4488","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4488"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/924152?format=json","purl":"pkg:deb/debian/golang-go.crypto@1:0.0~git20220315.3147a52-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.0~git20220315.3147a52-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/924145?format=json","purl":"pkg:deb/debian/golang-go.crypto@1:0.4.0-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cmts-6kz4-zkh8"},{"vulnerability":"VCID-hu5a-ewvg-6ya7"},{"vulnerability":"VCID-jwxs-gteb-kfg5"},{"vulnerability":"VCID-jzn6-bzzf-nugp"},{"vulnerability":"VCID-mn45-w3s3-syej"},{"vulnerability":"VCID-sty6-gwh1-hbcy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.4.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/924149?format=json","purl":"pkg:deb/debian/golang-go.crypto@1:0.25.0-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cmts-6kz4-zkh8"},{"vulnerability":"VCID-hu5a-ewvg-6ya7"},{"vulnerability":"VCID-jwxs-gteb-kfg5"},{"vulnerability":"VCID-mn45-w3s3-syej"},{"vulnerability":"VCID-sty6-gwh1-hbcy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.25.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/924148?format=json","purl":"pkg:deb/debian/golang-go.crypto@1:0.47.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.47.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1076070?format=json","purl":"pkg:deb/debian/golang-go.crypto@1:0.50.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.50.0-1%3Fdistro=trixie"}],"aliases":["CVE-2022-27191","GHSA-8c26-wmh5-6g9v"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1n1h-e2p4-9yhs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47250?format=json","vulnerability_id":"VCID-37zk-9fax-v7e1","summary":"Improper Verification of Cryptographic Signature in golang.org/x/crypto\ngolang.org/x/crypto before v0.0.0-20200220183623-bac4c82f6975 for Go allows a panic during signature verification in the golang.org/x/crypto/ssh package. A client can attack an SSH server that accepts public keys. Also, a server can attack any SSH client.","references":[{"reference_url":"http://packetstormsecurity.com/files/156480/Go-SSH-0.0.2-Denial-Of-Service.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://packetstormsecurity.com/files/156480/Go-SSH-0.0.2-Denial-Of-Service.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-9283.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-9283.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-9283","reference_id":"","reference_type":"","scores":[{"value":"0.18682","scoring_system":"epss","scoring_elements":"0.95313","published_at":"2026-05-07T12:55:00Z"},{"value":"0.18682","scoring_system":"epss","scoring_elements":"0.95322","published_at":"2026-05-09T12:55:00Z"},{"value":"0.18682","scoring_system":"epss","scoring_elements":"0.95254","published_at":"2026-04-04T12:55:00Z"},{"value":"0.18682","scoring_system":"epss","scoring_elements":"0.95251","published_at":"2026-04-02T12:55:00Z"},{"value":"0.18682","scoring_system":"epss","scoring_elements":"0.95239","published_at":"2026-04-01T12:55:00Z"},{"value":"0.18682","scoring_system":"epss","scoring_elements":"0.95308","published_at":"2026-05-05T12:55:00Z"},{"value":"0.18682","scoring_system":"epss","scoring_elements":"0.95295","published_at":"2026-04-29T12:55:00Z"},{"value":"0.18682","scoring_system":"epss","scoring_elements":"0.95293","published_at":"2026-04-24T12:55:00Z"},{"value":"0.18682","scoring_system":"epss","scoring_elements":"0.95292","published_at":"2026-04-21T12:55:00Z"},{"value":"0.18682","scoring_system":"epss","scoring_elements":"0.9529","published_at":"2026-04-18T12:55:00Z"},{"value":"0.18682","scoring_system":"epss","scoring_elements":"0.95285","published_at":"2026-04-16T12:55:00Z"},{"value":"0.18682","scoring_system":"epss","scoring_elements":"0.95277","published_at":"2026-04-13T12:55:00Z"},{"value":"0.18682","scoring_system":"epss","scoring_elements":"0.95275","published_at":"2026-04-12T12:55:00Z"},{"value":"0.18682","scoring_system":"epss","scoring_elements":"0.95274","published_at":"2026-04-11T12:55:00Z"},{"value":"0.18682","scoring_system":"epss","scoring_elements":"0.95269","published_at":"2026-04-09T12:55:00Z"},{"value":"0.18682","scoring_system":"epss","scoring_elements":"0.95266","published_at":"2026-04-08T12:55:00Z"},{"value":"0.18682","scoring_system":"epss","scoring_elements":"0.95259","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-9283"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9283","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9283"},{"reference_url":"https://github.com/golang/crypto","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/golang/crypto"},{"reference_url":"https://github.com/golang/crypto/commit/bac4c82f69751a6dd76e702d54b3ceb88adab236","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/golang/crypto/commit/bac4c82f69751a6dd76e702d54b3ceb88adab236"},{"reference_url":"https://go.dev/cl/220357","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://go.dev/cl/220357"},{"reference_url":"https://go.googlesource.com/crypto/+/bac4c82f69751a6dd76e702d54b3ceb88adab236","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://go.googlesource.com/crypto/+/bac4c82f69751a6dd76e702d54b3ceb88adab236"},{"reference_url":"https://groups.google.com/forum/#!topic/golang-announce/3L45YRc91SY","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!topic/golang-announce/3L45YRc91SY"},{"reference_url":"https://groups.google.com/g/golang-announce/c/3L45YRc91SY","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/g/golang-announce/c/3L45YRc91SY"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/10/msg00014.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2020/10/msg00014.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/11/msg00027.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2020/11/msg00027.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/11/msg00031.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2020/11/msg00031.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-9283","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-9283"},{"reference_url":"https://pkg.go.dev/vuln/GO-2020-0012","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://pkg.go.dev/vuln/GO-2020-0012"},{"reference_url":"https://www.exploit-db.com/exploits/48121","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.exploit-db.com/exploits/48121"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1804533","reference_id":"1804533","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1804533"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=952462","reference_id":"952462","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=952462"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/48121.py","reference_id":"CVE-2020-9283","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/48121.py"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2412","reference_id":"RHSA-2020:2412","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2412"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2413","reference_id":"RHSA-2020:2413","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2413"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2789","reference_id":"RHSA-2020:2789","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2789"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2790","reference_id":"RHSA-2020:2790","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2790"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2793","reference_id":"RHSA-2020:2793","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2793"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2878","reference_id":"RHSA-2020:2878","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2878"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3078","reference_id":"RHSA-2020:3078","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3078"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3369","reference_id":"RHSA-2020:3369","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3369"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3370","reference_id":"RHSA-2020:3370","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3370"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3372","reference_id":"RHSA-2020:3372","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3372"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3414","reference_id":"RHSA-2020:3414","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3414"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3809","reference_id":"RHSA-2020:3809","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3809"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4298","reference_id":"RHSA-2020:4298","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4298"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1129","reference_id":"RHSA-2021:1129","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1129"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/924150?format=json","purl":"pkg:deb/debian/golang-go.crypto@1:0.0~git20200221.2aa609c-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.0~git20200221.2aa609c-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/924147?format=json","purl":"pkg:deb/debian/golang-go.crypto@1:0.0~git20201221.eec23a3-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1n1h-e2p4-9yhs"},{"vulnerability":"VCID-cmts-6kz4-zkh8"},{"vulnerability":"VCID-et4d-ak3r-1bfa"},{"vulnerability":"VCID-hu5a-ewvg-6ya7"},{"vulnerability":"VCID-jwxs-gteb-kfg5"},{"vulnerability":"VCID-jzn6-bzzf-nugp"},{"vulnerability":"VCID-mn45-w3s3-syej"},{"vulnerability":"VCID-n34c-71wq-s3e4"},{"vulnerability":"VCID-sty6-gwh1-hbcy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.0~git20201221.eec23a3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/924145?format=json","purl":"pkg:deb/debian/golang-go.crypto@1:0.4.0-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cmts-6kz4-zkh8"},{"vulnerability":"VCID-hu5a-ewvg-6ya7"},{"vulnerability":"VCID-jwxs-gteb-kfg5"},{"vulnerability":"VCID-jzn6-bzzf-nugp"},{"vulnerability":"VCID-mn45-w3s3-syej"},{"vulnerability":"VCID-sty6-gwh1-hbcy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.4.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/924149?format=json","purl":"pkg:deb/debian/golang-go.crypto@1:0.25.0-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cmts-6kz4-zkh8"},{"vulnerability":"VCID-hu5a-ewvg-6ya7"},{"vulnerability":"VCID-jwxs-gteb-kfg5"},{"vulnerability":"VCID-mn45-w3s3-syej"},{"vulnerability":"VCID-sty6-gwh1-hbcy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.25.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/924148?format=json","purl":"pkg:deb/debian/golang-go.crypto@1:0.47.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.47.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1076070?format=json","purl":"pkg:deb/debian/golang-go.crypto@1:0.50.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.50.0-1%3Fdistro=trixie"}],"aliases":["CVE-2020-9283","GHSA-ffhg-7mh4-33c4"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-37zk-9fax-v7e1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/54485?format=json","vulnerability_id":"VCID-3tpx-rnju-w3dw","summary":"golang.org/x/crypto/salsa20/salsa uses insufficiently random values\nAn issue was discovered in supplementary Go cryptography libraries, aka golang-googlecode-go-crypto, before 2019-03-20. A flaw was found in the amd64 implementation of golang.org/x/crypto/salsa20 and golang.org/x/crypto/salsa20/salsa. If more than 256 GiB of keystream is generated, or if the counter otherwise grows greater than 32 bits, the amd64 implementation will first generate incorrect output, and then cycle back to previously generated keystream. Repeated keystream bytes can lead to loss of confidentiality in encryption applications, or to predictability in CSPRNG applications.\n\n### Specific Go Packages Affected\ngolang.org/x/crypto/salsa20/salsa","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11840.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11840.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-11840","reference_id":"","reference_type":"","scores":[{"value":"0.02086","scoring_system":"epss","scoring_elements":"0.84133","published_at":"2026-05-09T12:55:00Z"},{"value":"0.02086","scoring_system":"epss","scoring_elements":"0.84118","published_at":"2026-05-07T12:55:00Z"},{"value":"0.02086","scoring_system":"epss","scoring_elements":"0.84095","published_at":"2026-05-05T12:55:00Z"},{"value":"0.02086","scoring_system":"epss","scoring_elements":"0.84073","published_at":"2026-04-29T12:55:00Z"},{"value":"0.02086","scoring_system":"epss","scoring_elements":"0.84037","published_at":"2026-04-18T12:55:00Z"},{"value":"0.02086","scoring_system":"epss","scoring_elements":"0.84011","published_at":"2026-04-13T12:55:00Z"},{"value":"0.02086","scoring_system":"epss","scoring_elements":"0.84015","published_at":"2026-04-12T12:55:00Z"},{"value":"0.02086","scoring_system":"epss","scoring_elements":"0.84021","published_at":"2026-04-11T12:55:00Z"},{"value":"0.02086","scoring_system":"epss","scoring_elements":"0.84006","published_at":"2026-04-09T12:55:00Z"},{"value":"0.02086","scoring_system":"epss","scoring_elements":"0.83999","published_at":"2026-04-08T12:55:00Z"},{"value":"0.02086","scoring_system":"epss","scoring_elements":"0.83976","published_at":"2026-04-07T12:55:00Z"},{"value":"0.02086","scoring_system":"epss","scoring_elements":"0.8407","published_at":"2026-04-26T12:55:00Z"},{"value":"0.02086","scoring_system":"epss","scoring_elements":"0.84064","published_at":"2026-04-24T12:55:00Z"},{"value":"0.02086","scoring_system":"epss","scoring_elements":"0.84038","published_at":"2026-04-21T12:55:00Z"},{"value":"0.02086","scoring_system":"epss","scoring_elements":"0.84035","published_at":"2026-04-16T12:55:00Z"},{"value":"0.02705","scoring_system":"epss","scoring_elements":"0.85824","published_at":"2026-04-01T12:55:00Z"},{"value":"0.02705","scoring_system":"epss","scoring_elements":"0.85853","published_at":"2026-04-04T12:55:00Z"},{"value":"0.02705","scoring_system":"epss","scoring_elements":"0.85835","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-11840"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1691529","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1691529"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11840","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11840"},{"reference_url":"https://github.com/golang/go","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/golang/go"},{"reference_url":"https://github.com/golang/go/issues/30965","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/golang/go/issues/30965"},{"reference_url":"https://go.dev/cl/168406","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://go.dev/cl/168406"},{"reference_url":"https://go.dev/issue/30965","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://go.dev/issue/30965"},{"reference_url":"https://go.googlesource.com/crypto/+/b7391e95e576cacdcdd422573063bc057239113d","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://go.googlesource.com/crypto/+/b7391e95e576cacdcdd422573063bc057239113d"},{"reference_url":"https://groups.google.com/forum/#!msg/golang-announce/tjyNcJxb2vQ/n0NRBziSCAAJ","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!msg/golang-announce/tjyNcJxb2vQ/n0NRBziSCAAJ"},{"reference_url":"https://groups.google.com/g/golang-announce/c/tjyNcJxb2vQ/m/n0NRBziSCAAJ","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/g/golang-announce/c/tjyNcJxb2vQ/m/n0NRBziSCAAJ"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2019/06/msg00029.html","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2019/06/msg00029.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/10/msg00014.html","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2020/10/msg00014.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/11/msg00016.html","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2020/11/msg00016.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/11/msg00030.html","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2020/11/msg00030.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2021/01/msg00015.html","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2021/01/msg00015.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/06/msg00017.html","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2023/06/msg00017.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-11840","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-11840"},{"reference_url":"https://pkg.go.dev/vuln/GO-2022-0209","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://pkg.go.dev/vuln/GO-2022-0209"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0079","reference_id":"RHSA-2021:0079","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0079"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/924150?format=json","purl":"pkg:deb/debian/golang-go.crypto@1:0.0~git20200221.2aa609c-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.0~git20200221.2aa609c-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/924147?format=json","purl":"pkg:deb/debian/golang-go.crypto@1:0.0~git20201221.eec23a3-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1n1h-e2p4-9yhs"},{"vulnerability":"VCID-cmts-6kz4-zkh8"},{"vulnerability":"VCID-et4d-ak3r-1bfa"},{"vulnerability":"VCID-hu5a-ewvg-6ya7"},{"vulnerability":"VCID-jwxs-gteb-kfg5"},{"vulnerability":"VCID-jzn6-bzzf-nugp"},{"vulnerability":"VCID-mn45-w3s3-syej"},{"vulnerability":"VCID-n34c-71wq-s3e4"},{"vulnerability":"VCID-sty6-gwh1-hbcy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.0~git20201221.eec23a3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/924145?format=json","purl":"pkg:deb/debian/golang-go.crypto@1:0.4.0-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cmts-6kz4-zkh8"},{"vulnerability":"VCID-hu5a-ewvg-6ya7"},{"vulnerability":"VCID-jwxs-gteb-kfg5"},{"vulnerability":"VCID-jzn6-bzzf-nugp"},{"vulnerability":"VCID-mn45-w3s3-syej"},{"vulnerability":"VCID-sty6-gwh1-hbcy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.4.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/924149?format=json","purl":"pkg:deb/debian/golang-go.crypto@1:0.25.0-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cmts-6kz4-zkh8"},{"vulnerability":"VCID-hu5a-ewvg-6ya7"},{"vulnerability":"VCID-jwxs-gteb-kfg5"},{"vulnerability":"VCID-mn45-w3s3-syej"},{"vulnerability":"VCID-sty6-gwh1-hbcy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.25.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/924148?format=json","purl":"pkg:deb/debian/golang-go.crypto@1:0.47.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.47.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1076070?format=json","purl":"pkg:deb/debian/golang-go.crypto@1:0.50.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.50.0-1%3Fdistro=trixie"}],"aliases":["CVE-2019-11840","GHSA-r5c5-pr8j-pfp7"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3tpx-rnju-w3dw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/57763?format=json","vulnerability_id":"VCID-andp-4snd-rbbt","summary":"golang.org/x/crypto/ssh NULL Pointer Dereference vulnerability\nA nil pointer dereference in the golang.org/x/crypto/ssh component through v0.0.0-20201203163018-be400aefbc4c for Go allows remote attackers to cause a denial of service against SSH servers. An attacker can craft an authentication request message for the `gssapi-with-mic` method which will cause NewServerConn to panic via a nil pointer dereference if ServerConfig.GSSAPIWithMICConfig is nil.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-29652.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-29652.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-29652","reference_id":"","reference_type":"","scores":[{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.08897","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.08675","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.08751","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.08777","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.08779","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.08757","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.08742","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.08629","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.08618","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.08771","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.08784","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.0874","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.08743","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.0867","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.08822","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.08674","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.08702","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.0875","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-29652"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29652","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29652"},{"reference_url":"https://go.dev/cl/278852","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://go.dev/cl/278852"},{"reference_url":"https://go.googlesource.com/crypto/+/8b5274cf687fd9316b4108863654cc57385531e8","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://go.googlesource.com/crypto/+/8b5274cf687fd9316b4108863654cc57385531e8"},{"reference_url":"https://go-review.googlesource.com/c/crypto/+/278852","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://go-review.googlesource.com/c/crypto/+/278852"},{"reference_url":"https://groups.google.com/g/golang-announce/c/ouZIlBimOsE?pli=1","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/g/golang-announce/c/ouZIlBimOsE?pli=1"},{"reference_url":"https://lists.apache.org/thread.html/r68032132c0399c29d6cdc7bd44918535da54060a10a12b1591328bff@%3Cnotifications.skywalking.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r68032132c0399c29d6cdc7bd44918535da54060a10a12b1591328bff@%3Cnotifications.skywalking.apache.org%3E"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-29652","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-29652"},{"reference_url":"https://pkg.go.dev/vuln/GO-2021-0227","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://pkg.go.dev/vuln/GO-2021-0227"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1908883","reference_id":"1908883","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1908883"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:5633","reference_id":"RHSA-2020:5633","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:5633"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1796","reference_id":"RHSA-2021:1796","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1796"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2920","reference_id":"RHSA-2021:2920","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2920"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/924147?format=json","purl":"pkg:deb/debian/golang-go.crypto@1:0.0~git20201221.eec23a3-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1n1h-e2p4-9yhs"},{"vulnerability":"VCID-cmts-6kz4-zkh8"},{"vulnerability":"VCID-et4d-ak3r-1bfa"},{"vulnerability":"VCID-hu5a-ewvg-6ya7"},{"vulnerability":"VCID-jwxs-gteb-kfg5"},{"vulnerability":"VCID-jzn6-bzzf-nugp"},{"vulnerability":"VCID-mn45-w3s3-syej"},{"vulnerability":"VCID-n34c-71wq-s3e4"},{"vulnerability":"VCID-sty6-gwh1-hbcy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.0~git20201221.eec23a3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/924145?format=json","purl":"pkg:deb/debian/golang-go.crypto@1:0.4.0-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cmts-6kz4-zkh8"},{"vulnerability":"VCID-hu5a-ewvg-6ya7"},{"vulnerability":"VCID-jwxs-gteb-kfg5"},{"vulnerability":"VCID-jzn6-bzzf-nugp"},{"vulnerability":"VCID-mn45-w3s3-syej"},{"vulnerability":"VCID-sty6-gwh1-hbcy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.4.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/924149?format=json","purl":"pkg:deb/debian/golang-go.crypto@1:0.25.0-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cmts-6kz4-zkh8"},{"vulnerability":"VCID-hu5a-ewvg-6ya7"},{"vulnerability":"VCID-jwxs-gteb-kfg5"},{"vulnerability":"VCID-mn45-w3s3-syej"},{"vulnerability":"VCID-sty6-gwh1-hbcy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.25.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/924148?format=json","purl":"pkg:deb/debian/golang-go.crypto@1:0.47.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.47.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1076070?format=json","purl":"pkg:deb/debian/golang-go.crypto@1:0.50.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.50.0-1%3Fdistro=trixie"}],"aliases":["CVE-2020-29652","GHSA-3vm4-22fp-5rfm"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-andp-4snd-rbbt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/25385?format=json","vulnerability_id":"VCID-cmts-6kz4-zkh8","summary":"golang.org/x/crypto Vulnerable to Denial of Service (DoS) via Slow or Incomplete Key Exchange\nSSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-22869.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-22869.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-22869","reference_id":"","reference_type":"","scores":[{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44034","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44011","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00523","scoring_system":"epss","scoring_elements":"0.66945","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00573","scoring_system":"epss","scoring_elements":"0.68704","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00573","scoring_system":"epss","scoring_elements":"0.68635","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00573","scoring_system":"epss","scoring_elements":"0.68686","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00591","scoring_system":"epss","scoring_elements":"0.69277","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00591","scoring_system":"epss","scoring_elements":"0.69254","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00591","scoring_system":"epss","scoring_elements":"0.69246","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00591","scoring_system":"epss","scoring_elements":"0.69353","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00591","scoring_system":"epss","scoring_elements":"0.69319","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00607","scoring_system":"epss","scoring_elements":"0.69759","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00607","scoring_system":"epss","scoring_elements":"0.69707","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00607","scoring_system":"epss","scoring_elements":"0.69677","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00607","scoring_system":"epss","scoring_elements":"0.6969","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00607","scoring_system":"epss","scoring_elements":"0.69773","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00607","scoring_system":"epss","scoring_elements":"0.69767","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-22869"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22869","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22869"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/golang/crypto","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/golang/crypto"},{"reference_url":"https://github.com/golang/crypto/commit/7292932d45d55c7199324ab0027cc86e8198aa22","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/golang/crypto/commit/7292932d45d55c7199324ab0027cc86e8198aa22"},{"reference_url":"https://go.dev/cl/652135","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-26T14:57:07Z/"}],"url":"https://go.dev/cl/652135"},{"reference_url":"https://go.dev/issue/71931","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-26T14:57:07Z/"}],"url":"https://go.dev/issue/71931"},{"reference_url":"https://go-review.googlesource.com/c/crypto/+/652135","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://go-review.googlesource.com/c/crypto/+/652135"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-22869","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-22869"},{"reference_url":"https://pkg.go.dev/vuln/GO-2025-3487","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-26T14:57:07Z/"}],"url":"https://pkg.go.dev/vuln/GO-2025-3487"},{"reference_url":"https://security.netapp.com/advisory/ntap-20250411-0010","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20250411-0010"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098968","reference_id":"1098968","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098968"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2348367","reference_id":"2348367","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2348367"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:11037","reference_id":"RHSA-2024:11037","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:11037"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:11038","reference_id":"RHSA-2024:11038","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:11038"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:11396","reference_id":"RHSA-2025:11396","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:11396"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:13848","reference_id":"RHSA-2025:13848","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:13848"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:14048","reference_id":"RHSA-2025:14048","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:14048"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:14060","reference_id":"RHSA-2025:14060","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:14060"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:14820","reference_id":"RHSA-2025:14820","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:14820"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:14859","reference_id":"RHSA-2025:14859","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:14859"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:16160","reference_id":"RHSA-2025:16160","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:16160"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:16165","reference_id":"RHSA-2025:16165","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:16165"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21704","reference_id":"RHSA-2025:21704","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21704"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23078","reference_id":"RHSA-2025:23078","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23078"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23079","reference_id":"RHSA-2025:23079","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23079"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23080","reference_id":"RHSA-2025:23080","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23080"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23202","reference_id":"RHSA-2025:23202","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23202"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23204","reference_id":"RHSA-2025:23204","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23204"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23205","reference_id":"RHSA-2025:23205","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23205"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23209","reference_id":"RHSA-2025:23209","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23209"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23449","reference_id":"RHSA-2025:23449","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23449"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3051","reference_id":"RHSA-2025:3051","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3051"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3052","reference_id":"RHSA-2025:3052","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3052"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3053","reference_id":"RHSA-2025:3053","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3053"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3165","reference_id":"RHSA-2025:3165","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3165"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3172","reference_id":"RHSA-2025:3172","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3172"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3175","reference_id":"RHSA-2025:3175","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3175"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3184","reference_id":"RHSA-2025:3184","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3184"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3185","reference_id":"RHSA-2025:3185","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3185"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3186","reference_id":"RHSA-2025:3186","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3186"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3210","reference_id":"RHSA-2025:3210","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3210"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3266","reference_id":"RHSA-2025:3266","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3266"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3268","reference_id":"RHSA-2025:3268","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3268"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3336","reference_id":"RHSA-2025:3336","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3336"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3437","reference_id":"RHSA-2025:3437","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3437"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3438","reference_id":"RHSA-2025:3438","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3438"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3439","reference_id":"RHSA-2025:3439","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3439"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3498","reference_id":"RHSA-2025:3498","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3498"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3685","reference_id":"RHSA-2025:3685","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3685"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3763","reference_id":"RHSA-2025:3763","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3763"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3813","reference_id":"RHSA-2025:3813","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3813"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3814","reference_id":"RHSA-2025:3814","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3814"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3820","reference_id":"RHSA-2025:3820","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3820"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3833","reference_id":"RHSA-2025:3833","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3833"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3863","reference_id":"RHSA-2025:3863","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3863"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3932","reference_id":"RHSA-2025:3932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3959","reference_id":"RHSA-2025:3959","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3959"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4002","reference_id":"RHSA-2025:4002","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:4002"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4012","reference_id":"RHSA-2025:4012","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:4012"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4171","reference_id":"RHSA-2025:4171","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:4171"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4188","reference_id":"RHSA-2025:4188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:4188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4502","reference_id":"RHSA-2025:4502","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:4502"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4666","reference_id":"RHSA-2025:4666","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:4666"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4731","reference_id":"RHSA-2025:4731","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:4731"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7391","reference_id":"RHSA-2025:7391","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7391"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7416","reference_id":"RHSA-2025:7416","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7416"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7462","reference_id":"RHSA-2025:7462","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7462"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7484","reference_id":"RHSA-2025:7484","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7484"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7698","reference_id":"RHSA-2025:7698","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7698"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7702","reference_id":"RHSA-2025:7702","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7702"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:8224","reference_id":"RHSA-2025:8224","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:8224"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:8244","reference_id":"RHSA-2025:8244","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:8244"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:8704","reference_id":"RHSA-2025:8704","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:8704"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:9136","reference_id":"RHSA-2025:9136","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:9136"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:9562","reference_id":"RHSA-2025:9562","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:9562"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3461","reference_id":"RHSA-2026:3461","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3461"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3462","reference_id":"RHSA-2026:3462","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3462"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3718","reference_id":"RHSA-2026:3718","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3718"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/924155?format=json","purl":"pkg:deb/debian/golang-go.crypto@1:0.42.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.42.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/924148?format=json","purl":"pkg:deb/debian/golang-go.crypto@1:0.47.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.47.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1076070?format=json","purl":"pkg:deb/debian/golang-go.crypto@1:0.50.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.50.0-1%3Fdistro=trixie"}],"aliases":["CVE-2025-22869","GHSA-hcg3-q754-cr77"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cmts-6kz4-zkh8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/95153?format=json","vulnerability_id":"VCID-et4d-ak3r-1bfa","summary":"httpTokenCacheKey uses path.Base to extract the expected HTTP-01 token value to lookup in the DirCache implementation. On Windows, path.Base acts differently to filepath.Base, since Windows uses a different path separator (\\ vs. /), allowing a user to provide a relative path, i.e. .well-known/acme-challenge/..\\..\\asd becomes ..\\..\\asd. The extracted path is then suffixed with +http-01, joined with the cache directory, and opened. Since the controlled path is suffixed with +http-01 before opening, the impact of this is significantly limited, since it only allows reading arbitrary files on the system if and only if they have this suffix.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-30636","reference_id":"","reference_type":"","scores":[{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40442","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40595","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40583","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.405","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40356","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40423","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40781","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40809","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40734","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40784","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.4079","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40808","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40774","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40755","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40799","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40769","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40691","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-30636"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30636","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30636"},{"reference_url":"https://go.dev/cl/408694","reference_id":"408694","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-03T13:57:10Z/"}],"url":"https://go.dev/cl/408694"},{"reference_url":"https://go.dev/issue/53082","reference_id":"53082","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-03T13:57:10Z/"}],"url":"https://go.dev/issue/53082"},{"reference_url":"https://pkg.go.dev/vuln/GO-2024-2961","reference_id":"GO-2024-2961","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-03T13:57:10Z/"}],"url":"https://pkg.go.dev/vuln/GO-2024-2961"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/924153?format=json","purl":"pkg:deb/debian/golang-go.crypto@1:0.0~git20220829.c86fa9a-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.0~git20220829.c86fa9a-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/924145?format=json","purl":"pkg:deb/debian/golang-go.crypto@1:0.4.0-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cmts-6kz4-zkh8"},{"vulnerability":"VCID-hu5a-ewvg-6ya7"},{"vulnerability":"VCID-jwxs-gteb-kfg5"},{"vulnerability":"VCID-jzn6-bzzf-nugp"},{"vulnerability":"VCID-mn45-w3s3-syej"},{"vulnerability":"VCID-sty6-gwh1-hbcy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.4.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/924149?format=json","purl":"pkg:deb/debian/golang-go.crypto@1:0.25.0-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cmts-6kz4-zkh8"},{"vulnerability":"VCID-hu5a-ewvg-6ya7"},{"vulnerability":"VCID-jwxs-gteb-kfg5"},{"vulnerability":"VCID-mn45-w3s3-syej"},{"vulnerability":"VCID-sty6-gwh1-hbcy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.25.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/924148?format=json","purl":"pkg:deb/debian/golang-go.crypto@1:0.47.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.47.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1076070?format=json","purl":"pkg:deb/debian/golang-go.crypto@1:0.50.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.50.0-1%3Fdistro=trixie"}],"aliases":["CVE-2022-30636"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"6.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-et4d-ak3r-1bfa"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/29629?format=json","vulnerability_id":"VCID-hu5a-ewvg-6ya7","summary":"golang.org/x/crypto/ssh/agent vulnerable to panic if message is malformed due to out of bounds read\nSSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-47914.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-47914.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-47914","reference_id":"","reference_type":"","scores":[{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.0127","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01357","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01345","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01352","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02667","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02656","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02695","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02639","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05695","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05682","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05659","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05652","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05689","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05716","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05688","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05618","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05637","published_at":"2026-04-16T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-47914"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47914","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47914"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://go.dev/cl/721960","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-19T20:50:27Z/"}],"url":"https://go.dev/cl/721960"},{"reference_url":"https://go.dev/issue/76364","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-19T20:50:27Z/"}],"url":"https://go.dev/issue/76364"},{"reference_url":"https://go.googlesource.com/crypto","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://go.googlesource.com/crypto"},{"reference_url":"https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-19T20:50:27Z/"}],"url":"https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-47914","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-47914"},{"reference_url":"https://pkg.go.dev/vuln/GO-2025-4135","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-19T20:50:27Z/"}],"url":"https://pkg.go.dev/vuln/GO-2025-4135"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121091","reference_id":"1121091","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121091"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2416000","reference_id":"2416000","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2416000"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6503","reference_id":"RHSA-2026:6503","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6503"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/924157?format=json","purl":"pkg:deb/debian/golang-go.crypto@1:0.45.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.45.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/924148?format=json","purl":"pkg:deb/debian/golang-go.crypto@1:0.47.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.47.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1076070?format=json","purl":"pkg:deb/debian/golang-go.crypto@1:0.50.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.50.0-1%3Fdistro=trixie"}],"aliases":["CVE-2025-47914","GHSA-f6x5-jh6r-wrfv"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hu5a-ewvg-6ya7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/29644?format=json","vulnerability_id":"VCID-jwxs-gteb-kfg5","summary":"golang.org/x/crypto/ssh allows an attacker to cause unbounded memory consumption\nSSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-58181.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-58181.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-58181","reference_id":"","reference_type":"","scores":[{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.0881","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11172","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11149","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11214","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.13914","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.13874","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.13758","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.13999","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.25018","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.25205","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.24975","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.25044","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.25089","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.25103","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.25063","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.25009","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.25163","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-58181"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58181","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58181"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://go.dev/cl/721961","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-19T20:49:06Z/"}],"url":"https://go.dev/cl/721961"},{"reference_url":"https://go.dev/issue/76363","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-19T20:49:06Z/"}],"url":"https://go.dev/issue/76363"},{"reference_url":"https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-19T20:49:06Z/"}],"url":"https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-58181","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-58181"},{"reference_url":"https://pkg.go.dev/vuln/GO-2025-4134","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-19T20:49:06Z/"}],"url":"https://pkg.go.dev/vuln/GO-2025-4134"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121092","reference_id":"1121092","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121092"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2415997","reference_id":"2415997","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2415997"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6503","reference_id":"RHSA-2026:6503","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6503"},{"reference_url":"https://usn.ubuntu.com/7956-1/","reference_id":"USN-7956-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7956-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/924157?format=json","purl":"pkg:deb/debian/golang-go.crypto@1:0.45.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.45.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/924148?format=json","purl":"pkg:deb/debian/golang-go.crypto@1:0.47.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.47.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1076070?format=json","purl":"pkg:deb/debian/golang-go.crypto@1:0.50.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.50.0-1%3Fdistro=trixie"}],"aliases":["CVE-2025-58181","GHSA-j5w8-q4qc-rx2x"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jwxs-gteb-kfg5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/20351?format=json","vulnerability_id":"VCID-jzn6-bzzf-nugp","summary":"Improper Validation of Integrity Check Value\nThe SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.","references":[{"reference_url":"http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-48795.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-48795.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-48795","reference_id":"","reference_type":"","scores":[{"value":"0.53559","scoring_system":"epss","scoring_elements":"0.97994","published_at":"2026-04-24T12:55:00Z"},{"value":"0.53559","scoring_system":"epss","scoring_elements":"0.98002","published_at":"2026-05-07T12:55:00Z"},{"value":"0.53559","scoring_system":"epss","scoring_elements":"0.98005","published_at":"2026-05-09T12:55:00Z"},{"value":"0.5673","scoring_system":"epss","scoring_elements":"0.98119","published_at":"2026-04-07T12:55:00Z"},{"value":"0.5673","scoring_system":"epss","scoring_elements":"0.98136","published_at":"2026-04-18T12:55:00Z"},{"value":"0.5673","scoring_system":"epss","scoring_elements":"0.98114","published_at":"2026-04-02T12:55:00Z"},{"value":"0.5673","scoring_system":"epss","scoring_elements":"0.98134","published_at":"2026-04-16T12:55:00Z"},{"value":"0.5673","scoring_system":"epss","scoring_elements":"0.98129","published_at":"2026-04-13T12:55:00Z"},{"value":"0.5673","scoring_system":"epss","scoring_elements":"0.98128","published_at":"2026-04-12T12:55:00Z"},{"value":"0.5673","scoring_system":"epss","scoring_elements":"0.98124","published_at":"2026-04-09T12:55:00Z"},{"value":"0.5673","scoring_system":"epss","scoring_elements":"0.98118","published_at":"2026-04-04T12:55:00Z"},{"value":"0.5673","scoring_system":"epss","scoring_elements":"0.98123","published_at":"2026-04-08T12:55:00Z"},{"value":"0.58603","scoring_system":"epss","scoring_elements":"0.98219","published_at":"2026-04-26T12:55:00Z"},{"value":"0.58603","scoring_system":"epss","scoring_elements":"0.98218","published_at":"2026-04-29T12:55:00Z"},{"value":"0.61084","scoring_system":"epss","scoring_elements":"0.98316","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-48795"},{"reference_url":"https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack"},{"reference_url":"https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/"},{"reference_url":"https://bugs.gentoo.org/920280","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://bugs.gentoo.org/920280"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2254210","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2254210"},{"reference_url":"https://bugzilla.suse.com/show_bug.cgi?id=1217950","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://bugzilla.suse.com/show_bug.cgi?id=1217950"},{"reference_url":"https://crates.io/crates/thrussh/versions","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://crates.io/crates/thrussh/versions"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-51385","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-51385"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6004","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6004"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6918","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6918"},{"reference_url":"http://seclists.org/fulldisclosure/2024/Mar/21","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"http://seclists.org/fulldisclosure/2024/Mar/21"},{"reference_url":"https://filezilla-project.org/versions.php","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://filezilla-project.org/versions.php"},{"reference_url":"https://forum.netgate.com/topic/184941/terrapin-ssh-attack","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://forum.netgate.com/topic/184941/terrapin-ssh-attack"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/mina-sshd/issues/445","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://github.com/apache/mina-sshd/issues/445"},{"reference_url":"https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab"},{"reference_url":"https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22"},{"reference_url":"https://github.com/cyd01/KiTTY/issues/520","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://github.com/cyd01/KiTTY/issues/520"},{"reference_url":"https://github.com/drakkan/sftpgo/releases/tag/v2.5.6","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://github.com/drakkan/sftpgo/releases/tag/v2.5.6"},{"reference_url":"https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42"},{"reference_url":"https://github.com/erlang/otp/releases/tag/OTP-26.2.1","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://github.com/erlang/otp/releases/tag/OTP-26.2.1"},{"reference_url":"https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d"},{"reference_url":"https://github.com/hierynomus/sshj/issues/916","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://github.com/hierynomus/sshj/issues/916"},{"reference_url":"https://github.com/janmojzis/tinyssh/issues/81","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://github.com/janmojzis/tinyssh/issues/81"},{"reference_url":"https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5"},{"reference_url":"https://github.com/libssh2/libssh2/pull/1291","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://github.com/libssh2/libssh2/pull/1291"},{"reference_url":"https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25"},{"reference_url":"https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3"},{"reference_url":"https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15"},{"reference_url":"https://github.com/mwiede/jsch/issues/457","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://github.com/mwiede/jsch/issues/457"},{"reference_url":"https://github.com/mwiede/jsch/pull/461","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://github.com/mwiede/jsch/pull/461"},{"reference_url":"https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16"},{"reference_url":"https://github.com/NixOS/nixpkgs/pull/275249","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://github.com/NixOS/nixpkgs/pull/275249"},{"reference_url":"https://github.com/openssh/openssh-portable/commits/master","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://github.com/openssh/openssh-portable/commits/master"},{"reference_url":"https://github.com/paramiko/paramiko/issues/2337","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://github.com/paramiko/paramiko/issues/2337"},{"reference_url":"https://github.com/paramiko/paramiko/issues/2337#issuecomment-1887642773","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/paramiko/paramiko/issues/2337#issuecomment-1887642773"},{"reference_url":"https://github.com/PowerShell/Win32-OpenSSH/issues/2189","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://github.com/PowerShell/Win32-OpenSSH/issues/2189"},{"reference_url":"https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta"},{"reference_url":"https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES"},{"reference_url":"https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES"},{"reference_url":"https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES"},{"reference_url":"https://github.com/proftpd/proftpd/issues/456","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://github.com/proftpd/proftpd/issues/456"},{"reference_url":"https://github.com/rapier1/hpn-ssh/releases","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://github.com/rapier1/hpn-ssh/releases"},{"reference_url":"https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst"},{"reference_url":"https://github.com/ronf/asyncssh/tags","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://github.com/ronf/asyncssh/tags"},{"reference_url":"https://github.com/ssh-mitm/ssh-mitm/issues/165","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://github.com/ssh-mitm/ssh-mitm/issues/165"},{"reference_url":"https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0"},{"reference_url":"https://github.com/TeraTermProject/teraterm/releases/tag/v5.1","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://github.com/TeraTermProject/teraterm/releases/tag/v5.1"},{"reference_url":"https://github.com/warp-tech/russh","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/warp-tech/russh"},{"reference_url":"https://github.com/warp-tech/russh/commit/1aa340a7df1d5be1c0f4a9e247aade76dfdd2951","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/warp-tech/russh/commit/1aa340a7df1d5be1c0f4a9e247aade76dfdd2951"},{"reference_url":"https://github.com/warp-tech/russh/releases/tag/v0.40.2","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://github.com/warp-tech/russh/releases/tag/v0.40.2"},{"reference_url":"https://gitlab.com/libssh/libssh-mirror/-/tags","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://gitlab.com/libssh/libssh-mirror/-/tags"},{"reference_url":"https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6"},{"reference_url":"https://go.dev/cl/550715","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://go.dev/cl/550715"},{"reference_url":"https://go.dev/issue/64784","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://go.dev/issue/64784"},{"reference_url":"https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ"},{"reference_url":"https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg"},{"reference_url":"https://help.panic.com/releasenotes/transmit5","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://help.panic.com/releasenotes/transmit5"},{"reference_url":"https://help.panic.com/releasenotes/transmit5/","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://help.panic.com/releasenotes/transmit5/"},{"reference_url":"https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795"},{"reference_url":"https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2024/09/msg00042.html","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2024/09/msg00042.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2024/11/msg00032.html","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2024/11/msg00032.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2025/04/msg00028.html","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2025/04/msg00028.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB"},{"reference_url":"https://matt.ucc.asn.au/dropbear/CHANGES","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://matt.ucc.asn.au/dropbear/CHANGES"},{"reference_url":"https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC"},{"reference_url":"https://news.ycombinator.com/item?id=38684904","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://news.ycombinator.com/item?id=38684904"},{"reference_url":"https://news.ycombinator.com/item?id=38685286","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://news.ycombinator.com/item?id=38685286"},{"reference_url":"https://news.ycombinator.com/item?id=38732005","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://news.ycombinator.com/item?id=38732005"},{"reference_url":"https://nova.app/releases/#v11.8","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://nova.app/releases/#v11.8"},{"reference_url":"https://oryx-embedded.com/download/#changelog","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://oryx-embedded.com/download/#changelog"},{"reference_url":"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002"},{"reference_url":"https://roumenpetrov.info/secsh/#news20231220","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://roumenpetrov.info/secsh/#news20231220"},{"reference_url":"https://security.gentoo.org/glsa/202312-16","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://security.gentoo.org/glsa/202312-16"},{"reference_url":"https://security.gentoo.org/glsa/202312-17","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://security.gentoo.org/glsa/202312-17"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240105-0004","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20240105-0004"},{"reference_url":"https://security-tracker.debian.org/tracker/source-package/libssh2","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://security-tracker.debian.org/tracker/source-package/libssh2"},{"reference_url":"https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg"},{"reference_url":"https://security-tracker.debian.org/tracker/source-package/trilead-ssh2","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://security-tracker.debian.org/tracker/source-package/trilead-ssh2"},{"reference_url":"https://support.apple.com/kb/HT214084","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://support.apple.com/kb/HT214084"},{"reference_url":"https://twitter.com/TrueSkrillor/status/1736774389725565005","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://twitter.com/TrueSkrillor/status/1736774389725565005"},{"reference_url":"https://winscp.net/eng/docs/history#6.2.2","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://winscp.net/eng/docs/history#6.2.2"},{"reference_url":"https://www.bitvise.com/ssh-client-version-history#933","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://www.bitvise.com/ssh-client-version-history#933"},{"reference_url":"https://www.bitvise.com/ssh-server-version-history","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://www.bitvise.com/ssh-server-version-history"},{"reference_url":"https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html"},{"reference_url":"https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update"},{"reference_url":"https://www.debian.org/security/2023/dsa-5586","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://www.debian.org/security/2023/dsa-5586"},{"reference_url":"https://www.debian.org/security/2023/dsa-5588","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://www.debian.org/security/2023/dsa-5588"},{"reference_url":"https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc"},{"reference_url":"https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508"},{"reference_url":"https://www.netsarang.com/en/xshell-update-history","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.netsarang.com/en/xshell-update-history"},{"reference_url":"https://www.netsarang.com/en/xshell-update-history/","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://www.netsarang.com/en/xshell-update-history/"},{"reference_url":"https://www.openssh.com/openbsd.html","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://www.openssh.com/openbsd.html"},{"reference_url":"https://www.openssh.com/txt/release-9.6","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://www.openssh.com/txt/release-9.6"},{"reference_url":"https://www.openwall.com/lists/oss-security/2023/12/18/2","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://www.openwall.com/lists/oss-security/2023/12/18/2"},{"reference_url":"https://www.openwall.com/lists/oss-security/2023/12/20/3","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://www.openwall.com/lists/oss-security/2023/12/20/3"},{"reference_url":"https://www.paramiko.org/changelog.html","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://www.paramiko.org/changelog.html"},{"reference_url":"https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed"},{"reference_url":"https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/"},{"reference_url":"https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795"},{"reference_url":"https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/"},{"reference_url":"https://www.terrapin-attack.com","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://www.terrapin-attack.com"},{"reference_url":"https://www.theregister.com/2023/12/20/terrapin_attack_ssh","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://www.theregister.com/2023/12/20/terrapin_attack_ssh"},{"reference_url":"https://www.vandyke.com/products/securecrt/history.txt","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://www.vandyke.com/products/securecrt/history.txt"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/12/18/3","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/12/18/3"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/12/19/5","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/12/19/5"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/12/20/3","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/12/20/3"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/03/06/3","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"http://www.openwall.com/lists/oss-security/2024/03/06/3"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/04/17/8","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"http://www.openwall.com/lists/oss-security/2024/04/17/8"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059001","reference_id":"1059001","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059001"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059002","reference_id":"1059002","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059002"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059003","reference_id":"1059003","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059003"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059004","reference_id":"1059004","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059004"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059005","reference_id":"1059005","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059005"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059006","reference_id":"1059006","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059006"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059007","reference_id":"1059007","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059007"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059058","reference_id":"1059058","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059058"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059144","reference_id":"1059144","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059144"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059290","reference_id":"1059290","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059290"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059294","reference_id":"1059294","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059294"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/","reference_id":"33XHJUB6ROFUOH2OQNENFROTVH6MHSHA","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/","reference_id":"3CAYYW35MUTNO65RVAELICTNZZFMT2XS","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/","reference_id":"3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/","reference_id":"6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/","reference_id":"BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/","reference_id":"C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/","reference_id":"CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/"},{"reference_url":"https://access.redhat.com/security/cve/cve-2023-48795","reference_id":"CVE-2023-48795","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://access.redhat.com/security/cve/cve-2023-48795"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-48795","reference_id":"CVE-2023-48795","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-48795"},{"reference_url":"https://security-tracker.debian.org/tracker/CVE-2023-48795","reference_id":"CVE-2023-48795","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://security-tracker.debian.org/tracker/CVE-2023-48795"},{"reference_url":"https://ubuntu.com/security/CVE-2023-48795","reference_id":"CVE-2023-48795","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://ubuntu.com/security/CVE-2023-48795"},{"reference_url":"https://thorntech.com/cve-2023-48795-and-sftp-gateway","reference_id":"CVE-2023-48795-AND-SFTP-GATEWAY","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://thorntech.com/cve-2023-48795-and-sftp-gateway"},{"reference_url":"https://thorntech.com/cve-2023-48795-and-sftp-gateway/","reference_id":"CVE-2023-48795-AND-SFTP-GATEWAY","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://thorntech.com/cve-2023-48795-and-sftp-gateway/"},{"reference_url":"https://www.vicarius.io/vsociety/posts/cve-2023-48795-detect-openssh-vulnerabilit","reference_id":"CVE-2023-48795-DETECT-OPENSSH-VULNERABILIT","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.vicarius.io/vsociety/posts/cve-2023-48795-detect-openssh-vulnerabilit"},{"reference_url":"https://www.vicarius.io/vsociety/posts/cve-2023-48795-mitigate-openssh-vulnerability","reference_id":"CVE-2023-48795-MITIGATE-OPENSSH-VULNERABILITY","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.vicarius.io/vsociety/posts/cve-2023-48795-mitigate-openssh-vulnerability"},{"reference_url":"https://github.com/advisories/GHSA-45x7-px36-x8w8","reference_id":"GHSA-45x7-px36-x8w8","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://github.com/advisories/GHSA-45x7-px36-x8w8"},{"reference_url":"https://github.com/warp-tech/russh/security/advisories/GHSA-45x7-px36-x8w8","reference_id":"GHSA-45x7-px36-x8w8","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/warp-tech/russh/security/advisories/GHSA-45x7-px36-x8w8"},{"reference_url":"https://security.gentoo.org/glsa/202407-11","reference_id":"GLSA-202407-11","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202407-11"},{"reference_url":"https://security.gentoo.org/glsa/202407-12","reference_id":"GLSA-202407-12","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202407-12"},{"reference_url":"https://security.gentoo.org/glsa/202509-06","reference_id":"GLSA-202509-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202509-06"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/","reference_id":"HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/","reference_id":"I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/","reference_id":"KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/","reference_id":"L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/","reference_id":"LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240105-0004/","reference_id":"ntap-20240105-0004","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://security.netapp.com/advisory/ntap-20240105-0004/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7197","reference_id":"RHSA-2023:7197","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:7197"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7198","reference_id":"RHSA-2023:7198","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:7198"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7201","reference_id":"RHSA-2023:7201","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:7201"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0040","reference_id":"RHSA-2024:0040","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0040"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0429","reference_id":"RHSA-2024:0429","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0429"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0455","reference_id":"RHSA-2024:0455","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0455"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0499","reference_id":"RHSA-2024:0499","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0499"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0538","reference_id":"RHSA-2024:0538","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0538"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0594","reference_id":"RHSA-2024:0594","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0594"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0606","reference_id":"RHSA-2024:0606","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0606"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0625","reference_id":"RHSA-2024:0625","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0625"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0628","reference_id":"RHSA-2024:0628","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0628"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0766","reference_id":"RHSA-2024:0766","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0766"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0789","reference_id":"RHSA-2024:0789","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0789"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0843","reference_id":"RHSA-2024:0843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0880","reference_id":"RHSA-2024:0880","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0880"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0954","reference_id":"RHSA-2024:0954","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0954"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1130","reference_id":"RHSA-2024:1130","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1130"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1150","reference_id":"RHSA-2024:1150","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1150"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1192","reference_id":"RHSA-2024:1192","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1192"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1193","reference_id":"RHSA-2024:1193","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1193"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1196","reference_id":"RHSA-2024:1196","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1196"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1197","reference_id":"RHSA-2024:1197","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1197"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1210","reference_id":"RHSA-2024:1210","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1210"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1383","reference_id":"RHSA-2024:1383","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1383"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1557","reference_id":"RHSA-2024:1557","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1557"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1859","reference_id":"RHSA-2024:1859","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1859"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2728","reference_id":"RHSA-2024:2728","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2728"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2735","reference_id":"RHSA-2024:2735","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2735"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2768","reference_id":"RHSA-2024:2768","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2768"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2988","reference_id":"RHSA-2024:2988","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2988"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3479","reference_id":"RHSA-2024:3479","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:3479"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3634","reference_id":"RHSA-2024:3634","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:3634"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3635","reference_id":"RHSA-2024:3635","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:3635"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3636","reference_id":"RHSA-2024:3636","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:3636"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3918","reference_id":"RHSA-2024:3918","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:3918"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4010","reference_id":"RHSA-2024:4010","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4010"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4151","reference_id":"RHSA-2024:4151","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4151"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4329","reference_id":"RHSA-2024:4329","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4329"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4479","reference_id":"RHSA-2024:4479","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4479"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4484","reference_id":"RHSA-2024:4484","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4484"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4597","reference_id":"RHSA-2024:4597","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4597"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4662","reference_id":"RHSA-2024:4662","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4662"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4955","reference_id":"RHSA-2024:4955","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4955"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4959","reference_id":"RHSA-2024:4959","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4959"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5200","reference_id":"RHSA-2024:5200","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5200"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5432","reference_id":"RHSA-2024:5432","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5432"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5433","reference_id":"RHSA-2024:5433","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5433"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5438","reference_id":"RHSA-2024:5438","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5438"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8235","reference_id":"RHSA-2024:8235","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:8235"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4664","reference_id":"RHSA-2025:4664","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:4664"},{"reference_url":"https://usn.ubuntu.com/6560-1/","reference_id":"USN-6560-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6560-1/"},{"reference_url":"https://usn.ubuntu.com/6560-2/","reference_id":"USN-6560-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6560-2/"},{"reference_url":"https://usn.ubuntu.com/6561-1/","reference_id":"USN-6561-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6561-1/"},{"reference_url":"https://usn.ubuntu.com/6585-1/","reference_id":"USN-6585-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6585-1/"},{"reference_url":"https://usn.ubuntu.com/6589-1/","reference_id":"USN-6589-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6589-1/"},{"reference_url":"https://usn.ubuntu.com/6598-1/","reference_id":"USN-6598-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6598-1/"},{"reference_url":"https://usn.ubuntu.com/6738-1/","reference_id":"USN-6738-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6738-1/"},{"reference_url":"https://usn.ubuntu.com/7051-1/","reference_id":"USN-7051-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7051-1/"},{"reference_url":"https://usn.ubuntu.com/7292-1/","reference_id":"USN-7292-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7292-1/"},{"reference_url":"https://usn.ubuntu.com/7297-1/","reference_id":"USN-7297-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7297-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/924154?format=json","purl":"pkg:deb/debian/golang-go.crypto@1:0.17.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.17.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/924149?format=json","purl":"pkg:deb/debian/golang-go.crypto@1:0.25.0-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cmts-6kz4-zkh8"},{"vulnerability":"VCID-hu5a-ewvg-6ya7"},{"vulnerability":"VCID-jwxs-gteb-kfg5"},{"vulnerability":"VCID-mn45-w3s3-syej"},{"vulnerability":"VCID-sty6-gwh1-hbcy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.25.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/924148?format=json","purl":"pkg:deb/debian/golang-go.crypto@1:0.47.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.47.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1076070?format=json","purl":"pkg:deb/debian/golang-go.crypto@1:0.50.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.50.0-1%3Fdistro=trixie"}],"aliases":["CVE-2023-48795","GHSA-45x7-px36-x8w8"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jzn6-bzzf-nugp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/14649?format=json","vulnerability_id":"VCID-mn45-w3s3-syej","summary":"Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto\nApplications and libraries which misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass.\n\nThe documentation for ServerConfig.PublicKeyCallback says that \"A call to this function does not guarantee that the key offered is in fact used to authenticate.\" Specifically, the SSH protocol allows clients to inquire about whether a public key is acceptable before proving control of the corresponding private key. PublicKeyCallback may be called with multiple keys, and the order in which the keys were provided cannot be used to infer which key the client successfully authenticated with, if any. Some applications, which store the key(s) passed to PublicKeyCallback (or derived information) and make security relevant determinations based on it once the connection is established, may make incorrect assumptions.\n\nFor example, an attacker may send public keys A and B, and then authenticate with A. PublicKeyCallback would be called only twice, first with A and then with B. A vulnerable application may then make authorization decisions based on key B for which the attacker does not actually control the private key.\n\nSince this API is widely misused, as a partial mitigation golang.org/x/crypto@v0.31.0 enforces the property that, when successfully authenticating via public key, the last key passed to ServerConfig.PublicKeyCallback will be the key used to authenticate the connection. PublicKeyCallback will now be called multiple times with the same key, if necessary. Note that the client may still not control the last key passed to PublicKeyCallback if the connection is then authenticated with a different method, such as PasswordCallback, KeyboardInteractiveCallback, or NoClientAuth.\n\nUsers should be using the Extensions field of the Permissions return value from the various authentication callbacks to record data associated with the authentication attempt instead of referencing external state. Once the connection is established the state corresponding to the successful authentication attempt can be retrieved via the ServerConn.Permissions field. Note that some third-party libraries misuse the Permissions type by sharing it across authentication attempts; users of third-party libraries should refer to the relevant projects for guidance.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45337.json","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45337.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45337","reference_id":"","reference_type":"","scores":[{"value":"0.30296","scoring_system":"epss","scoring_elements":"0.96718","published_at":"2026-05-09T12:55:00Z"},{"value":"0.30296","scoring_system":"epss","scoring_elements":"0.9666","published_at":"2026-04-02T12:55:00Z"},{"value":"0.30296","scoring_system":"epss","scoring_elements":"0.96696","published_at":"2026-04-18T12:55:00Z"},{"value":"0.30296","scoring_system":"epss","scoring_elements":"0.96692","published_at":"2026-04-16T12:55:00Z"},{"value":"0.30296","scoring_system":"epss","scoring_elements":"0.96685","published_at":"2026-04-13T12:55:00Z"},{"value":"0.30296","scoring_system":"epss","scoring_elements":"0.96682","published_at":"2026-04-12T12:55:00Z"},{"value":"0.30296","scoring_system":"epss","scoring_elements":"0.96679","published_at":"2026-04-09T12:55:00Z"},{"value":"0.30296","scoring_system":"epss","scoring_elements":"0.96678","published_at":"2026-04-08T12:55:00Z"},{"value":"0.30296","scoring_system":"epss","scoring_elements":"0.9667","published_at":"2026-04-07T12:55:00Z"},{"value":"0.30296","scoring_system":"epss","scoring_elements":"0.96666","published_at":"2026-04-04T12:55:00Z"},{"value":"0.30296","scoring_system":"epss","scoring_elements":"0.96713","published_at":"2026-05-07T12:55:00Z"},{"value":"0.30296","scoring_system":"epss","scoring_elements":"0.9671","published_at":"2026-05-05T12:55:00Z"},{"value":"0.30296","scoring_system":"epss","scoring_elements":"0.96703","published_at":"2026-04-29T12:55:00Z"},{"value":"0.30296","scoring_system":"epss","scoring_elements":"0.96701","published_at":"2026-04-26T12:55:00Z"},{"value":"0.30296","scoring_system":"epss","scoring_elements":"0.96698","published_at":"2026-04-24T12:55:00Z"},{"value":"0.30296","scoring_system":"epss","scoring_elements":"0.96699","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45337"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45337","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45337"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/golang/crypto","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/golang/crypto"},{"reference_url":"https://github.com/golang/crypto/commit/b4f1988a35dee11ec3e05d6bf3e90b695fbd8909","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-12-12T17:57:55Z/"}],"url":"https://github.com/golang/crypto/commit/b4f1988a35dee11ec3e05d6bf3e90b695fbd8909"},{"reference_url":"https://go.dev/cl/635315","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-12-12T17:57:55Z/"}],"url":"https://go.dev/cl/635315"},{"reference_url":"https://go.dev/issue/70779","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-12-12T17:57:55Z/"}],"url":"https://go.dev/issue/70779"},{"reference_url":"https://groups.google.com/g/golang-announce/c/-nPEi39gI4Q/m/cGVPJCqdAQAJ","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-12-12T17:57:55Z/"}],"url":"https://groups.google.com/g/golang-announce/c/-nPEi39gI4Q/m/cGVPJCqdAQAJ"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45337","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45337"},{"reference_url":"https://pkg.go.dev/vuln/GO-2024-3321","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-12-12T17:57:55Z/"}],"url":"https://pkg.go.dev/vuln/GO-2024-3321"},{"reference_url":"https://security.netapp.com/advisory/ntap-20250131-0007","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20250131-0007"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/12/11/2","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2024/12/11/2"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1089754","reference_id":"1089754","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1089754"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2331720","reference_id":"2331720","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2331720"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:11037","reference_id":"RHSA-2024:11037","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:11037"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:11038","reference_id":"RHSA-2024:11038","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:11038"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6121","reference_id":"RHSA-2024:6121","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6121"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:0370","reference_id":"RHSA-2025:0370","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:0370"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:0385","reference_id":"RHSA-2025:0385","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:0385"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:0386","reference_id":"RHSA-2025:0386","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:0386"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:0390","reference_id":"RHSA-2025:0390","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:0390"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:0444","reference_id":"RHSA-2025:0444","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:0444"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:0445","reference_id":"RHSA-2025:0445","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:0445"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:0485","reference_id":"RHSA-2025:0485","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:0485"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:0522","reference_id":"RHSA-2025:0522","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:0522"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:0535","reference_id":"RHSA-2025:0535","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:0535"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:0536","reference_id":"RHSA-2025:0536","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:0536"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:0552","reference_id":"RHSA-2025:0552","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:0552"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:0560","reference_id":"RHSA-2025:0560","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:0560"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:0576","reference_id":"RHSA-2025:0576","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:0576"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:0577","reference_id":"RHSA-2025:0577","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:0577"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:0645","reference_id":"RHSA-2025:0645","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:0645"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:0649","reference_id":"RHSA-2025:0649","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:0649"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:0653","reference_id":"RHSA-2025:0653","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:0653"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:0676","reference_id":"RHSA-2025:0676","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:0676"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:0679","reference_id":"RHSA-2025:0679","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:0679"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:0723","reference_id":"RHSA-2025:0723","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:0723"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:0778","reference_id":"RHSA-2025:0778","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:0778"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:0785","reference_id":"RHSA-2025:0785","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:0785"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:0839","reference_id":"RHSA-2025:0839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:0839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:0851","reference_id":"RHSA-2025:0851","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:0851"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:0892","reference_id":"RHSA-2025:0892","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:0892"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10771","reference_id":"RHSA-2025:10771","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10771"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:11396","reference_id":"RHSA-2025:11396","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:11396"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:1285","reference_id":"RHSA-2025:1285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:1285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:1287","reference_id":"RHSA-2025:1287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:1287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:1289","reference_id":"RHSA-2025:1289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:1289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:1322","reference_id":"RHSA-2025:1322","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:1322"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:1324","reference_id":"RHSA-2025:1324","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:1324"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:1325","reference_id":"RHSA-2025:1325","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:1325"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:1326","reference_id":"RHSA-2025:1326","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:1326"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:1327","reference_id":"RHSA-2025:1327","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:1327"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:1331","reference_id":"RHSA-2025:1331","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:1331"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:1332","reference_id":"RHSA-2025:1332","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:1332"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:1333","reference_id":"RHSA-2025:1333","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:1333"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:1448","reference_id":"RHSA-2025:1448","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:1448"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:1451","reference_id":"RHSA-2025:1451","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:1451"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:15680","reference_id":"RHSA-2025:15680","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:15680"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:16160","reference_id":"RHSA-2025:16160","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:16160"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:16165","reference_id":"RHSA-2025:16165","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:16165"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:1710","reference_id":"RHSA-2025:1710","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:1710"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:17232","reference_id":"RHSA-2025:17232","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:17232"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:17657","reference_id":"RHSA-2025:17657","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:17657"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:17690","reference_id":"RHSA-2025:17690","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:17690"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:1824","reference_id":"RHSA-2025:1824","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:1824"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:1829","reference_id":"RHSA-2025:1829","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:1829"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:1841","reference_id":"RHSA-2025:1841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:1841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:1845","reference_id":"RHSA-2025:1845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:1845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:1847","reference_id":"RHSA-2025:1847","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:1847"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:1848","reference_id":"RHSA-2025:1848","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:1848"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:1849","reference_id":"RHSA-2025:1849","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:1849"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19306","reference_id":"RHSA-2025:19306","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19306"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22182","reference_id":"RHSA-2025:22182","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22182"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22287","reference_id":"RHSA-2025:22287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23061","reference_id":"RHSA-2025:23061","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23061"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23064","reference_id":"RHSA-2025:23064","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23064"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:2588","reference_id":"RHSA-2025:2588","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:2588"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:2652","reference_id":"RHSA-2025:2652","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:2652"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:2903","reference_id":"RHSA-2025:2903","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:2903"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:2933","reference_id":"RHSA-2025:2933","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:2933"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3069","reference_id":"RHSA-2025:3069","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3069"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3542","reference_id":"RHSA-2025:3542","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3542"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3560","reference_id":"RHSA-2025:3560","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3560"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3820","reference_id":"RHSA-2025:3820","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3820"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:8244","reference_id":"RHSA-2025:8244","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:8244"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1730","reference_id":"RHSA-2026:1730","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1730"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2681","reference_id":"RHSA-2026:2681","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2681"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2754","reference_id":"RHSA-2026:2754","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2754"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2762","reference_id":"RHSA-2026:2762","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2762"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6568","reference_id":"RHSA-2026:6568","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6568"},{"reference_url":"https://usn.ubuntu.com/7839-1/","reference_id":"USN-7839-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7839-1/"},{"reference_url":"https://usn.ubuntu.com/7839-2/","reference_id":"USN-7839-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7839-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/924155?format=json","purl":"pkg:deb/debian/golang-go.crypto@1:0.42.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.42.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/924148?format=json","purl":"pkg:deb/debian/golang-go.crypto@1:0.47.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.47.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1076070?format=json","purl":"pkg:deb/debian/golang-go.crypto@1:0.50.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.50.0-1%3Fdistro=trixie"}],"aliases":["CVE-2024-45337","GHSA-v778-237x-gjrc"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mn45-w3s3-syej"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/52120?format=json","vulnerability_id":"VCID-n34c-71wq-s3e4","summary":"x/crypto/ssh vulnerable to panic via malformed packets\nThe x/crypto/ssh package before 0.0.0-20211202192323-5770296d904e of golang.org/x/crypto allows an unauthenticated attacker to panic an SSH server. When using AES-GCM or ChaCha20Poly1305, consuming a malformed packet which contains an empty plaintext causes a panic.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-43565.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-43565.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-43565","reference_id":"","reference_type":"","scores":[{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03304","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03265","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03266","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03272","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03153","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03142","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.0317","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03191","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03261","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.0324","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03233","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03161","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03218","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03227","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07397","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09465","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09309","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-43565"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43565","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43565"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://go.dev/cl/368814","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://go.dev/cl/368814"},{"reference_url":"https://go.dev/issues/49932","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://go.dev/issues/49932"},{"reference_url":"https://groups.google.com/forum/#!forum/golang-announce","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!forum/golang-announce"},{"reference_url":"https://groups.google.com/g/golang-announce/c/2AR1sKiM-Qs","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/g/golang-announce/c/2AR1sKiM-Qs"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-43565","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-43565"},{"reference_url":"https://pkg.go.dev/vuln/GO-2022-0968","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://pkg.go.dev/vuln/GO-2022-0968"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2030787","reference_id":"2030787","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2030787"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1276","reference_id":"RHSA-2022:1276","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1276"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1361","reference_id":"RHSA-2022:1361","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1361"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1372","reference_id":"RHSA-2022:1372","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1372"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4956","reference_id":"RHSA-2022:4956","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4956"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5068","reference_id":"RHSA-2022:5068","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5068"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5069","reference_id":"RHSA-2022:5069","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5069"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5188","reference_id":"RHSA-2022:5188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5673","reference_id":"RHSA-2022:5673","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5673"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8938","reference_id":"RHSA-2022:8938","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8938"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2944","reference_id":"RHSA-2024:2944","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2944"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/924151?format=json","purl":"pkg:deb/debian/golang-go.crypto@1:0.0~git20211202.5770296-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.0~git20211202.5770296-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/924145?format=json","purl":"pkg:deb/debian/golang-go.crypto@1:0.4.0-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cmts-6kz4-zkh8"},{"vulnerability":"VCID-hu5a-ewvg-6ya7"},{"vulnerability":"VCID-jwxs-gteb-kfg5"},{"vulnerability":"VCID-jzn6-bzzf-nugp"},{"vulnerability":"VCID-mn45-w3s3-syej"},{"vulnerability":"VCID-sty6-gwh1-hbcy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.4.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/924149?format=json","purl":"pkg:deb/debian/golang-go.crypto@1:0.25.0-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cmts-6kz4-zkh8"},{"vulnerability":"VCID-hu5a-ewvg-6ya7"},{"vulnerability":"VCID-jwxs-gteb-kfg5"},{"vulnerability":"VCID-mn45-w3s3-syej"},{"vulnerability":"VCID-sty6-gwh1-hbcy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.25.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/924148?format=json","purl":"pkg:deb/debian/golang-go.crypto@1:0.47.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.47.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1076070?format=json","purl":"pkg:deb/debian/golang-go.crypto@1:0.50.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.50.0-1%3Fdistro=trixie"}],"aliases":["CVE-2021-43565","GHSA-gwc9-m7rh-j2ww"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n34c-71wq-s3e4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/66475?format=json","vulnerability_id":"VCID-sty6-gwh1-hbcy","summary":"golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSH_AGENT_SUCCESS","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-47913.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-47913.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-47913","reference_id":"","reference_type":"","scores":[{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01899","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02017","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02039","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02044","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02031","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02274","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04957","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04813","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04852","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04864","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04913","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.0592","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11696","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11751","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11611","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11781","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11824","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-47913"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47913","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47913"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2414943","reference_id":"2414943","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2414943"},{"reference_url":"https://go.dev/cl/700295","reference_id":"700295","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-13T21:47:44Z/"}],"url":"https://go.dev/cl/700295"},{"reference_url":"https://go.dev/issue/75178","reference_id":"75178","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-13T21:47:44Z/"}],"url":"https://go.dev/issue/75178"},{"reference_url":"https://github.com/advisories/GHSA-56w8-48fp-6mgv","reference_id":"GHSA-56w8-48fp-6mgv","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-13T21:47:44Z/"}],"url":"https://github.com/advisories/GHSA-56w8-48fp-6mgv"},{"reference_url":"https://pkg.go.dev/vuln/GO-2025-4116","reference_id":"GO-2025-4116","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-13T21:47:44Z/"}],"url":"https://pkg.go.dev/vuln/GO-2025-4116"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22743","reference_id":"RHSA-2025:22743","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22743"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22955","reference_id":"RHSA-2025:22955","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22955"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23028","reference_id":"RHSA-2025:23028","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23028"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23059","reference_id":"RHSA-2025:23059","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23059"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23060","reference_id":"RHSA-2025:23060","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23060"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23061","reference_id":"RHSA-2025:23061","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23061"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23064","reference_id":"RHSA-2025:23064","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23064"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23176","reference_id":"RHSA-2025:23176","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23176"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23531","reference_id":"RHSA-2025:23531","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23531"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23546","reference_id":"RHSA-2025:23546","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23546"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0436","reference_id":"RHSA-2026:0436","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0436"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0437","reference_id":"RHSA-2026:0437","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0437"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0470","reference_id":"RHSA-2026:0470","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0470"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0527","reference_id":"RHSA-2026:0527","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0527"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0545","reference_id":"RHSA-2026:0545","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0545"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0753","reference_id":"RHSA-2026:0753","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0753"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1018","reference_id":"RHSA-2026:1018","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1018"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10703","reference_id":"RHSA-2026:10703","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10703"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1084","reference_id":"RHSA-2026:1084","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1084"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11749","reference_id":"RHSA-2026:11749","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11749"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12030","reference_id":"RHSA-2026:12030","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:12030"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13431","reference_id":"RHSA-2026:13431","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13431"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13450","reference_id":"RHSA-2026:13450","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13450"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13630","reference_id":"RHSA-2026:13630","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13630"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:14868","reference_id":"RHSA-2026:14868","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:14868"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1942","reference_id":"RHSA-2026:1942","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1942"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2136","reference_id":"RHSA-2026:2136","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2136"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2454","reference_id":"RHSA-2026:2454","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2454"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2737","reference_id":"RHSA-2026:2737","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2737"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2922","reference_id":"RHSA-2026:2922","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2922"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3122","reference_id":"RHSA-2026:3122","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3122"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3827","reference_id":"RHSA-2026:3827","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3827"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4215","reference_id":"RHSA-2026:4215","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4215"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4532","reference_id":"RHSA-2026:4532","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4532"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4693","reference_id":"RHSA-2026:4693","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4693"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5167","reference_id":"RHSA-2026:5167","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5167"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5222","reference_id":"RHSA-2026:5222","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5222"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6503","reference_id":"RHSA-2026:6503","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6503"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8325","reference_id":"RHSA-2026:8325","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8325"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/924156?format=json","purl":"pkg:deb/debian/golang-go.crypto@1:0.43.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.43.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/924148?format=json","purl":"pkg:deb/debian/golang-go.crypto@1:0.47.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.47.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1076070?format=json","purl":"pkg:deb/debian/golang-go.crypto@1:0.50.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.50.0-1%3Fdistro=trixie"}],"aliases":["CVE-2025-47913"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sty6-gwh1-hbcy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/30852?format=json","vulnerability_id":"VCID-t5dk-qg2g-3qhp","summary":"golang.org/x/crypto/ssh Man-in-the-Middle attack\nThe Go SSH library (golang.org/x/crypto/ssh) by default does not verify host keys, facilitating man-in-the-middle attacks if ClientConfig.HostKeyCallback is not set. Default behavior changed in commit e4e2799 to require explicitly registering a hostkey verification mechanism.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-3204.json","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-3204.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-3204","reference_id":"","reference_type":"","scores":[{"value":"0.00453","scoring_system":"epss","scoring_elements":"0.63885","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00453","scoring_system":"epss","scoring_elements":"0.63766","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00453","scoring_system":"epss","scoring_elements":"0.63761","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00453","scoring_system":"epss","scoring_elements":"0.63794","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00453","scoring_system":"epss","scoring_elements":"0.63808","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00453","scoring_system":"epss","scoring_elements":"0.63795","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00453","scoring_system":"epss","scoring_elements":"0.63778","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00453","scoring_system":"epss","scoring_elements":"0.63726","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00453","scoring_system":"epss","scoring_elements":"0.6368","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00453","scoring_system":"epss","scoring_elements":"0.6374","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00453","scoring_system":"epss","scoring_elements":"0.63836","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00453","scoring_system":"epss","scoring_elements":"0.63792","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00453","scoring_system":"epss","scoring_elements":"0.6382","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00453","scoring_system":"epss","scoring_elements":"0.63822","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00453","scoring_system":"epss","scoring_elements":"0.6381","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00453","scoring_system":"epss","scoring_elements":"0.63793","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00453","scoring_system":"epss","scoring_elements":"0.63806","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00453","scoring_system":"epss","scoring_elements":"0.63797","published_at":"2026-04-16T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-3204"},{"reference_url":"https://bridge.grumpy-troll.org/2017/04/golang-ssh-security","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bridge.grumpy-troll.org/2017/04/golang-ssh-security"},{"reference_url":"https://bridge.grumpy-troll.org/2017/04/golang-ssh-security/","reference_id":"","reference_type":"","scores":[],"url":"https://bridge.grumpy-troll.org/2017/04/golang-ssh-security/"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3204","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3204"},{"reference_url":"https://github.com/golang/crypto/commit/e4e2799dd7aab89f583e1d898300d96367750991","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/golang/crypto/commit/e4e2799dd7aab89f583e1d898300d96367750991"},{"reference_url":"https://github.com/golang/go/issues/19767","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/golang/go/issues/19767"},{"reference_url":"https://go.dev/cl/340830","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://go.dev/cl/340830"},{"reference_url":"https://go.dev/cl/38701","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://go.dev/cl/38701"},{"reference_url":"https://go.dev/issue/19767","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://go.dev/issue/19767"},{"reference_url":"https://godoc.org/golang.org/x/crypto/ssh","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://godoc.org/golang.org/x/crypto/ssh"},{"reference_url":"https://go.googlesource.com/crypto/+/e4e2799dd7aab89f583e1d898300d96367750991","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://go.googlesource.com/crypto/+/e4e2799dd7aab89f583e1d898300d96367750991"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-3204","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"},{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-3204"},{"reference_url":"https://pkg.go.dev/vuln/GO-2020-0013","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://pkg.go.dev/vuln/GO-2020-0013"},{"reference_url":"https://web.archive.org/web/20170423080311/https://www.securityfocus.com/bid/97481","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20170423080311/https://www.securityfocus.com/bid/97481"},{"reference_url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-3204","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-3204"},{"reference_url":"http://www.securityfocus.com/bid/97481","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/97481"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1439748","reference_id":"1439748","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1439748"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859655","reference_id":"859655","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859655"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:golang:crypto:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:golang:crypto:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:golang:crypto:*:*:*:*:*:*:*:*"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/924146?format=json","purl":"pkg:deb/debian/golang-go.crypto@1:0.0~git20170407.0.55a552f%2BREALLY.0.0~git20161012.0.5f31782-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.0~git20170407.0.55a552f%252BREALLY.0.0~git20161012.0.5f31782-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/924147?format=json","purl":"pkg:deb/debian/golang-go.crypto@1:0.0~git20201221.eec23a3-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1n1h-e2p4-9yhs"},{"vulnerability":"VCID-cmts-6kz4-zkh8"},{"vulnerability":"VCID-et4d-ak3r-1bfa"},{"vulnerability":"VCID-hu5a-ewvg-6ya7"},{"vulnerability":"VCID-jwxs-gteb-kfg5"},{"vulnerability":"VCID-jzn6-bzzf-nugp"},{"vulnerability":"VCID-mn45-w3s3-syej"},{"vulnerability":"VCID-n34c-71wq-s3e4"},{"vulnerability":"VCID-sty6-gwh1-hbcy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.0~git20201221.eec23a3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/924145?format=json","purl":"pkg:deb/debian/golang-go.crypto@1:0.4.0-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cmts-6kz4-zkh8"},{"vulnerability":"VCID-hu5a-ewvg-6ya7"},{"vulnerability":"VCID-jwxs-gteb-kfg5"},{"vulnerability":"VCID-jzn6-bzzf-nugp"},{"vulnerability":"VCID-mn45-w3s3-syej"},{"vulnerability":"VCID-sty6-gwh1-hbcy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.4.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/924149?format=json","purl":"pkg:deb/debian/golang-go.crypto@1:0.25.0-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cmts-6kz4-zkh8"},{"vulnerability":"VCID-hu5a-ewvg-6ya7"},{"vulnerability":"VCID-jwxs-gteb-kfg5"},{"vulnerability":"VCID-mn45-w3s3-syej"},{"vulnerability":"VCID-sty6-gwh1-hbcy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.25.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/924148?format=json","purl":"pkg:deb/debian/golang-go.crypto@1:0.47.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.47.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1076070?format=json","purl":"pkg:deb/debian/golang-go.crypto@1:0.50.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.50.0-1%3Fdistro=trixie"}],"aliases":["CVE-2017-3204","GHSA-xhjq-w7xm-p8qj"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t5dk-qg2g-3qhp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/57463?format=json","vulnerability_id":"VCID-zvd3-3b1h-77ef","summary":"Golang/x/crypto message forgery vulnerability\nA message-forgery issue was discovered in `crypto/openpgp/clearsign/clearsign.go` in supplementary Go cryptography libraries 2019-03-25. According to the OpenPGP Message Format specification in RFC 4880 chapter 7, a cleartext signed message can contain one or more optional \"Hash\" Armor Headers. The \"Hash\" Armor Header specifies the message digest algorithm(s) used for the signature. However, the Go clearsign package ignores the value of this header, which allows an attacker to spoof it. Consequently, an attacker can lead a victim to believe the signature was generated using a different message digest algorithm than what was actually used. Moreover, since the library skips Armor Header parsing in general, an attacker can not only embed arbitrary Armor Headers, but also prepend arbitrary text to cleartext messages without invalidating the signatures.","references":[{"reference_url":"http://packetstormsecurity.com/files/152840/Go-Cryptography-Libraries-Cleartext-Message-Spoofing.html","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://packetstormsecurity.com/files/152840/Go-Cryptography-Libraries-Cleartext-Message-Spoofing.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-11841","reference_id":"","reference_type":"","scores":[{"value":"0.00397","scoring_system":"epss","scoring_elements":"0.6063","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00397","scoring_system":"epss","scoring_elements":"0.60526","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00397","scoring_system":"epss","scoring_elements":"0.60525","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00397","scoring_system":"epss","scoring_elements":"0.60498","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00397","scoring_system":"epss","scoring_elements":"0.60423","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00397","scoring_system":"epss","scoring_elements":"0.60572","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00397","scoring_system":"epss","scoring_elements":"0.60567","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00397","scoring_system":"epss","scoring_elements":"0.60578","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00397","scoring_system":"epss","scoring_elements":"0.60565","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00397","scoring_system":"epss","scoring_elements":"0.60592","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00397","scoring_system":"epss","scoring_elements":"0.60586","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00397","scoring_system":"epss","scoring_elements":"0.60545","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00397","scoring_system":"epss","scoring_elements":"0.60566","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00397","scoring_system":"epss","scoring_elements":"0.6058","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00397","scoring_system":"epss","scoring_elements":"0.60559","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00397","scoring_system":"epss","scoring_elements":"0.60543","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00397","scoring_system":"epss","scoring_elements":"0.60494","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-11841"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11841","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11841"},{"reference_url":"https://github.com/golang/crypto/commit/c05e17bb3b2dca130fc919668a96b4bec9eb9442","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/golang/crypto/commit/c05e17bb3b2dca130fc919668a96b4bec9eb9442"},{"reference_url":"https://github.com/golang/crypto/tree/master/openpgp/clearsign","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/golang/crypto/tree/master/openpgp/clearsign"},{"reference_url":"https://go.googlesource.com/crypto/+/c05e17bb3b2dca130fc919668a96b4bec9eb9442","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://go.googlesource.com/crypto/+/c05e17bb3b2dca130fc919668a96b4bec9eb9442"},{"reference_url":"https://go-review.git.corp.google.com/c/crypto/+/173778","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://go-review.git.corp.google.com/c/crypto/+/173778"},{"reference_url":"https://groups.google.com/d/msg/golang-openpgp/6vdgZoTgbIY/K6bBY9z3DAAJ","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/d/msg/golang-openpgp/6vdgZoTgbIY/K6bBY9z3DAAJ"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2019/09/msg00011.html","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2019/09/msg00011.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/10/msg00014.html","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2020/10/msg00014.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/06/msg00017.html","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2023/06/msg00017.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-11841","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-11841"},{"reference_url":"https://pkg.go.dev/vuln/GO-2023-1992","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://pkg.go.dev/vuln/GO-2023-1992"},{"reference_url":"https://web.archive.org/web/20201207161832/https://sec-consult.com/en/blog/advisories/cleartext-message-spoofing-in-go-cryptography-libraries-cve-2019-11841","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20201207161832/https://sec-consult.com/en/blog/advisories/cleartext-message-spoofing-in-go-cryptography-libraries-cve-2019-11841"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/924150?format=json","purl":"pkg:deb/debian/golang-go.crypto@1:0.0~git20200221.2aa609c-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.0~git20200221.2aa609c-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/924147?format=json","purl":"pkg:deb/debian/golang-go.crypto@1:0.0~git20201221.eec23a3-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1n1h-e2p4-9yhs"},{"vulnerability":"VCID-cmts-6kz4-zkh8"},{"vulnerability":"VCID-et4d-ak3r-1bfa"},{"vulnerability":"VCID-hu5a-ewvg-6ya7"},{"vulnerability":"VCID-jwxs-gteb-kfg5"},{"vulnerability":"VCID-jzn6-bzzf-nugp"},{"vulnerability":"VCID-mn45-w3s3-syej"},{"vulnerability":"VCID-n34c-71wq-s3e4"},{"vulnerability":"VCID-sty6-gwh1-hbcy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.0~git20201221.eec23a3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/924145?format=json","purl":"pkg:deb/debian/golang-go.crypto@1:0.4.0-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cmts-6kz4-zkh8"},{"vulnerability":"VCID-hu5a-ewvg-6ya7"},{"vulnerability":"VCID-jwxs-gteb-kfg5"},{"vulnerability":"VCID-jzn6-bzzf-nugp"},{"vulnerability":"VCID-mn45-w3s3-syej"},{"vulnerability":"VCID-sty6-gwh1-hbcy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.4.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/924149?format=json","purl":"pkg:deb/debian/golang-go.crypto@1:0.25.0-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cmts-6kz4-zkh8"},{"vulnerability":"VCID-hu5a-ewvg-6ya7"},{"vulnerability":"VCID-jwxs-gteb-kfg5"},{"vulnerability":"VCID-mn45-w3s3-syej"},{"vulnerability":"VCID-sty6-gwh1-hbcy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.25.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/924148?format=json","purl":"pkg:deb/debian/golang-go.crypto@1:0.47.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.47.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1076070?format=json","purl":"pkg:deb/debian/golang-go.crypto@1:0.50.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.50.0-1%3Fdistro=trixie"}],"aliases":["CVE-2019-11841","GHSA-x3jr-pf6g-c48f"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zvd3-3b1h-77ef"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.47.0-1%3Fdistro=trixie"}