{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47250?format=json","vulnerability_id":"VCID-37zk-9fax-v7e1","summary":"Improper Verification of Cryptographic Signature in golang.org/x/crypto\ngolang.org/x/crypto before v0.0.0-20200220183623-bac4c82f6975 for Go allows a panic during signature verification in the golang.org/x/crypto/ssh package. A client can attack an SSH server that accepts public keys. Also, a server can attack any SSH client.","aliases":[{"alias":"CVE-2020-9283"},{"alias":"GHSA-ffhg-7mh4-33c4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/924150?format=json","purl":"pkg:deb/debian/golang-go.crypto@1:0.0~git20200221.2aa609c-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.0~git20200221.2aa609c-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/924147?format=json","purl":"pkg:deb/debian/golang-go.crypto@1:0.0~git20201221.eec23a3-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1n1h-e2p4-9yhs"},{"vulnerability":"VCID-cmts-6kz4-zkh8"},{"vulnerability":"VCID-et4d-ak3r-1bfa"},{"vulnerability":"VCID-hu5a-ewvg-6ya7"},{"vulnerability":"VCID-jwxs-gteb-kfg5"},{"vulnerability":"VCID-jzn6-bzzf-nugp"},{"vulnerability":"VCID-mn45-w3s3-syej"},{"vulnerability":"VCID-n34c-71wq-s3e4"},{"vulnerability":"VCID-sty6-gwh1-hbcy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.0~git20201221.eec23a3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/994457?format=json","purl":"pkg:deb/debian/golang-go.crypto@1:0.0~git20201221.eec23a3-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1n1h-e2p4-9yhs"},{"vulnerability":"VCID-cmts-6kz4-zkh8"},{"vulnerability":"VCID-et4d-ak3r-1bfa"},{"vulnerability":"VCID-hu5a-ewvg-6ya7"},{"vulnerability":"VCID-jwxs-gteb-kfg5"},{"vulnerability":"VCID-jzn6-bzzf-nugp"},{"vulnerability":"VCID-mn45-w3s3-syej"},{"vulnerability":"VCID-n34c-71wq-s3e4"},{"vulnerability":"VCID-sty6-gwh1-hbcy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.0~git20201221.eec23a3-1"},{"url":"http://public2.vulnerablecode.io/api/packages/924145?format=json","purl":"pkg:deb/debian/golang-go.crypto@1:0.4.0-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cmts-6kz4-zkh8"},{"vulnerability":"VCID-hu5a-ewvg-6ya7"},{"vulnerability":"VCID-jwxs-gteb-kfg5"},{"vulnerability":"VCID-jzn6-bzzf-nugp"},{"vulnerability":"VCID-mn45-w3s3-syej"},{"vulnerability":"VCID-sty6-gwh1-hbcy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.4.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/924149?format=json","purl":"pkg:deb/debian/golang-go.crypto@1:0.25.0-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cmts-6kz4-zkh8"},{"vulnerability":"VCID-hu5a-ewvg-6ya7"},{"vulnerability":"VCID-jwxs-gteb-kfg5"},{"vulnerability":"VCID-mn45-w3s3-syej"},{"vulnerability":"VCID-sty6-gwh1-hbcy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.25.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/924148?format=json","purl":"pkg:deb/debian/golang-go.crypto@1:0.47.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.47.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1076070?format=json","purl":"pkg:deb/debian/golang-go.crypto@1:0.50.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.50.0-1%3Fdistro=trixie"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1051175?format=json","purl":"pkg:deb/debian/golang-go.crypto@0.0~hg190-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-37zk-9fax-v7e1"},{"vulnerability":"VCID-3tpx-rnju-w3dw"},{"vulnerability":"VCID-andp-4snd-rbbt"},{"vulnerability":"VCID-t5dk-qg2g-3qhp"},{"vulnerability":"VCID-zvd3-3b1h-77ef"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@0.0~hg190-1"},{"url":"http://public2.vulnerablecode.io/api/packages/1051176?format=json","purl":"pkg:deb/debian/golang-go.crypto@1:0.0~git20150608-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-37zk-9fax-v7e1"},{"vulnerability":"VCID-3tpx-rnju-w3dw"},{"vulnerability":"VCID-andp-4snd-rbbt"},{"vulnerability":"VCID-t5dk-qg2g-3qhp"},{"vulnerability":"VCID-zvd3-3b1h-77ef"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.0~git20150608-1"},{"url":"http://public2.vulnerablecode.io/api/packages/1051177?format=json","purl":"pkg:deb/debian/golang-go.crypto@1:0.0~git20161012.0.5f31782-1~bpo8%2B1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-37zk-9fax-v7e1"},{"vulnerability":"VCID-3tpx-rnju-w3dw"},{"vulnerability":"VCID-andp-4snd-rbbt"},{"vulnerability":"VCID-t5dk-qg2g-3qhp"},{"vulnerability":"VCID-zvd3-3b1h-77ef"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.0~git20161012.0.5f31782-1~bpo8%252B1"},{"url":"http://public2.vulnerablecode.io/api/packages/1051178?format=json","purl":"pkg:deb/debian/golang-go.crypto@1:0.0~git20161012.0.5f31782-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-37zk-9fax-v7e1"},{"vulnerability":"VCID-3tpx-rnju-w3dw"},{"vulnerability":"VCID-andp-4snd-rbbt"},{"vulnerability":"VCID-t5dk-qg2g-3qhp"},{"vulnerability":"VCID-zvd3-3b1h-77ef"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.0~git20161012.0.5f31782-1"},{"url":"http://public2.vulnerablecode.io/api/packages/1051179?format=json","purl":"pkg:deb/debian/golang-go.crypto@1:0.0~git20170407.0.55a552f%2BREALLY.0.0~git20161012.0.5f31782-1~bpo8%2B1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-37zk-9fax-v7e1"},{"vulnerability":"VCID-3tpx-rnju-w3dw"},{"vulnerability":"VCID-andp-4snd-rbbt"},{"vulnerability":"VCID-t5dk-qg2g-3qhp"},{"vulnerability":"VCID-zvd3-3b1h-77ef"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.0~git20170407.0.55a552f%252BREALLY.0.0~git20161012.0.5f31782-1~bpo8%252B1"},{"url":"http://public2.vulnerablecode.io/api/packages/1051180?format=json","purl":"pkg:deb/debian/golang-go.crypto@1:0.0~git20170407.0.55a552f%2BREALLY.0.0~git20161012.0.5f31782-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-37zk-9fax-v7e1"},{"vulnerability":"VCID-3tpx-rnju-w3dw"},{"vulnerability":"VCID-andp-4snd-rbbt"},{"vulnerability":"VCID-zvd3-3b1h-77ef"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.0~git20170407.0.55a552f%252BREALLY.0.0~git20161012.0.5f31782-1"},{"url":"http://public2.vulnerablecode.io/api/packages/1057302?format=json","purl":"pkg:deb/debian/golang-go.crypto@1:0.0~git20181203.505ab14-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-37zk-9fax-v7e1"},{"vulnerability":"VCID-3tpx-rnju-w3dw"},{"vulnerability":"VCID-andp-4snd-rbbt"},{"vulnerability":"VCID-zvd3-3b1h-77ef"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.0~git20181203.505ab14-1"},{"url":"http://public2.vulnerablecode.io/api/packages/102889?format=json","purl":"pkg:rpm/redhat/ior@1.1.6-1?arch=el8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-37zk-9fax-v7e1"},{"vulnerability":"VCID-44qf-p2rd-6qay"},{"vulnerability":"VCID-cvxp-ctj9-guej"},{"vulnerability":"VCID-n82z-sfd6-x3af"},{"vulnerability":"VCID-sx44-1d9e-bban"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/ior@1.1.6-1%3Farch=el8"},{"url":"http://public2.vulnerablecode.io/api/packages/102884?format=json","purl":"pkg:rpm/redhat/kiali@1.12.10.redhat2-1?arch=el7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-37zk-9fax-v7e1"},{"vulnerability":"VCID-44qf-p2rd-6qay"},{"vulnerability":"VCID-cvxp-ctj9-guej"},{"vulnerability":"VCID-n82z-sfd6-x3af"},{"vulnerability":"VCID-sx44-1d9e-bban"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/kiali@1.12.10.redhat2-1%3Farch=el7"},{"url":"http://public2.vulnerablecode.io/api/packages/102810?format=json","purl":"pkg:rpm/redhat/openshift@4.5.0-202007012112.p0.git.0.582d7fc?arch=el7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-37zk-9fax-v7e1"},{"vulnerability":"VCID-fbzn-vujj-pud5"},{"vulnerability":"VCID-jwt2-1eqe-qyfq"},{"vulnerability":"VCID-tc46-9vdm-xudz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/openshift@4.5.0-202007012112.p0.git.0.582d7fc%3Farch=el7"},{"url":"http://public2.vulnerablecode.io/api/packages/104029?format=json","purl":"pkg:rpm/redhat/openshift-clients@4.3.31-202007250052.p0.git.3329.59998b9?arch=el7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-37zk-9fax-v7e1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/openshift-clients@4.3.31-202007250052.p0.git.3329.59998b9%3Farch=el7"},{"url":"http://public2.vulnerablecode.io/api/packages/102893?format=json","purl":"pkg:rpm/redhat/servicemesh@1.1.6-1?arch=el8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-37zk-9fax-v7e1"},{"vulnerability":"VCID-44qf-p2rd-6qay"},{"vulnerability":"VCID-cvxp-ctj9-guej"},{"vulnerability":"VCID-n82z-sfd6-x3af"},{"vulnerability":"VCID-sx44-1d9e-bban"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/servicemesh@1.1.6-1%3Farch=el8"},{"url":"http://public2.vulnerablecode.io/api/packages/102885?format=json","purl":"pkg:rpm/redhat/servicemesh-cni@1.1.6-1?arch=el8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-37zk-9fax-v7e1"},{"vulnerability":"VCID-44qf-p2rd-6qay"},{"vulnerability":"VCID-cvxp-ctj9-guej"},{"vulnerability":"VCID-n82z-sfd6-x3af"},{"vulnerability":"VCID-sx44-1d9e-bban"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/servicemesh-cni@1.1.6-1%3Farch=el8"},{"url":"http://public2.vulnerablecode.io/api/packages/102891?format=json","purl":"pkg:rpm/redhat/servicemesh-grafana@6.4.3-13?arch=el8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-37zk-9fax-v7e1"},{"vulnerability":"VCID-44qf-p2rd-6qay"},{"vulnerability":"VCID-cvxp-ctj9-guej"},{"vulnerability":"VCID-n82z-sfd6-x3af"},{"vulnerability":"VCID-sx44-1d9e-bban"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/servicemesh-grafana@6.4.3-13%3Farch=el8"},{"url":"http://public2.vulnerablecode.io/api/packages/102892?format=json","purl":"pkg:rpm/redhat/servicemesh-operator@1.1.6-2?arch=el8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-37zk-9fax-v7e1"},{"vulnerability":"VCID-44qf-p2rd-6qay"},{"vulnerability":"VCID-cvxp-ctj9-guej"},{"vulnerability":"VCID-n82z-sfd6-x3af"},{"vulnerability":"VCID-sx44-1d9e-bban"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/servicemesh-operator@1.1.6-2%3Farch=el8"},{"url":"http://public2.vulnerablecode.io/api/packages/102888?format=json","purl":"pkg:rpm/redhat/servicemesh-prometheus@2.14.0-14?arch=el8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-37zk-9fax-v7e1"},{"vulnerability":"VCID-44qf-p2rd-6qay"},{"vulnerability":"VCID-cvxp-ctj9-guej"},{"vulnerability":"VCID-n82z-sfd6-x3af"},{"vulnerability":"VCID-sx44-1d9e-bban"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/servicemesh-prometheus@2.14.0-14%3Farch=el8"}],"references":[{"reference_url":"http://packetstormsecurity.com/files/156480/Go-SSH-0.0.2-Denial-Of-Service.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://packetstormsecurity.com/files/156480/Go-SSH-0.0.2-Denial-Of-Service.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-9283.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-9283.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-9283","reference_id":"","reference_type":"","scores":[{"value":"0.18682","scoring_system":"epss","scoring_elements":"0.95349","published_at":"2026-05-16T12:55:00Z"},{"value":"0.18682","scoring_system":"epss","scoring_elements":"0.95239","published_at":"2026-04-01T12:55:00Z"},{"value":"0.18682","scoring_system":"epss","scoring_elements":"0.95251","published_at":"2026-04-02T12:55:00Z"},{"value":"0.18682","scoring_system":"epss","scoring_elements":"0.95254","published_at":"2026-04-04T12:55:00Z"},{"value":"0.18682","scoring_system":"epss","scoring_elements":"0.95259","published_at":"2026-04-07T12:55:00Z"},{"value":"0.18682","scoring_system":"epss","scoring_elements":"0.95266","published_at":"2026-04-08T12:55:00Z"},{"value":"0.18682","scoring_system":"epss","scoring_elements":"0.95269","published_at":"2026-04-09T12:55:00Z"},{"value":"0.18682","scoring_system":"epss","scoring_elements":"0.95274","published_at":"2026-04-11T12:55:00Z"},{"value":"0.18682","scoring_system":"epss","scoring_elements":"0.95275","published_at":"2026-04-12T12:55:00Z"},{"value":"0.18682","scoring_system":"epss","scoring_elements":"0.95277","published_at":"2026-04-13T12:55:00Z"},{"value":"0.18682","scoring_system":"epss","scoring_elements":"0.95285","published_at":"2026-04-16T12:55:00Z"},{"value":"0.18682","scoring_system":"epss","scoring_elements":"0.9529","published_at":"2026-04-18T12:55:00Z"},{"value":"0.18682","scoring_system":"epss","scoring_elements":"0.95292","published_at":"2026-04-21T12:55:00Z"},{"value":"0.18682","scoring_system":"epss","scoring_elements":"0.95293","published_at":"2026-04-24T12:55:00Z"},{"value":"0.18682","scoring_system":"epss","scoring_elements":"0.95295","published_at":"2026-04-29T12:55:00Z"},{"value":"0.18682","scoring_system":"epss","scoring_elements":"0.95308","published_at":"2026-05-05T12:55:00Z"},{"value":"0.18682","scoring_system":"epss","scoring_elements":"0.95313","published_at":"2026-05-07T12:55:00Z"},{"value":"0.18682","scoring_system":"epss","scoring_elements":"0.95322","published_at":"2026-05-09T12:55:00Z"},{"value":"0.18682","scoring_system":"epss","scoring_elements":"0.95328","published_at":"2026-05-11T12:55:00Z"},{"value":"0.18682","scoring_system":"epss","scoring_elements":"0.95334","published_at":"2026-05-12T12:55:00Z"},{"value":"0.18682","scoring_system":"epss","scoring_elements":"0.95347","published_at":"2026-05-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-9283"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9283","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9283"},{"reference_url":"https://github.com/golang/crypto","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/golang/crypto"},{"reference_url":"https://github.com/golang/crypto/commit/bac4c82f69751a6dd76e702d54b3ceb88adab236","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/golang/crypto/commit/bac4c82f69751a6dd76e702d54b3ceb88adab236"},{"reference_url":"https://go.dev/cl/220357","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://go.dev/cl/220357"},{"reference_url":"https://go.googlesource.com/crypto/+/bac4c82f69751a6dd76e702d54b3ceb88adab236","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://go.googlesource.com/crypto/+/bac4c82f69751a6dd76e702d54b3ceb88adab236"},{"reference_url":"https://groups.google.com/forum/#!topic/golang-announce/3L45YRc91SY","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!topic/golang-announce/3L45YRc91SY"},{"reference_url":"https://groups.google.com/g/golang-announce/c/3L45YRc91SY","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/g/golang-announce/c/3L45YRc91SY"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/10/msg00014.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2020/10/msg00014.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/11/msg00027.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2020/11/msg00027.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/11/msg00031.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2020/11/msg00031.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-9283","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-9283"},{"reference_url":"https://pkg.go.dev/vuln/GO-2020-0012","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://pkg.go.dev/vuln/GO-2020-0012"},{"reference_url":"https://www.exploit-db.com/exploits/48121","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.exploit-db.com/exploits/48121"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1804533","reference_id":"1804533","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1804533"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=952462","reference_id":"952462","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=952462"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/48121.py","reference_id":"CVE-2020-9283","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/48121.py"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2412","reference_id":"RHSA-2020:2412","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2412"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2413","reference_id":"RHSA-2020:2413","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2413"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2789","reference_id":"RHSA-2020:2789","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2789"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2790","reference_id":"RHSA-2020:2790","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2790"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2793","reference_id":"RHSA-2020:2793","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2793"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2878","reference_id":"RHSA-2020:2878","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2878"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3078","reference_id":"RHSA-2020:3078","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3078"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3369","reference_id":"RHSA-2020:3369","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3369"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3370","reference_id":"RHSA-2020:3370","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3370"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3372","reference_id":"RHSA-2020:3372","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3372"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3414","reference_id":"RHSA-2020:3414","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3414"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3809","reference_id":"RHSA-2020:3809","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3809"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4298","reference_id":"RHSA-2020:4298","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4298"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1129","reference_id":"RHSA-2021:1129","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1129"}],"weaknesses":[{"cwe_id":347,"name":"Improper Verification of Cryptographic Signature","description":"The product does not verify, or incorrectly verifies, the cryptographic signature for data."},{"cwe_id":130,"name":"Improper Handling of Length Parameter Inconsistency","description":"The product parses a formatted message or structure, but it does not handle or incorrectly handles a length field that is inconsistent with the actual length of the associated data."}],"exploits":[{"date_added":"2020-02-24","description":"Go SSH servers 0.0.2 - Denial of Service (PoC)","required_action":null,"due_date":null,"notes":null,"known_ransomware_campaign_use":false,"source_date_published":"2020-02-24","exploit_type":"dos","platform":"linux","source_date_updated":"2020-02-24","data_source":"Exploit-DB","source_url":""}],"severity_range_score":"7.0 - 8.9","exploitability":"2.0","weighted_severity":"8.0","risk_score":10.0,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-37zk-9fax-v7e1"}