VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-4rha-xvqa-qbh9

Essentials
Severities (40)
References (29)
Severity details (14)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-4rha-xvqa-qbh9
Aliases	CVE-2021-43565 GHSA-gwc9-m7rh-j2ww
Summary	x/crypto/ssh vulnerable to panic via malformed packets The x/crypto/ssh package before 0.0.0-20211202192323-5770296d904e of golang.org/x/crypto allows an unauthenticated attacker to panic an SSH server. When using AES-GCM or ChaCha20Poly1305, consuming a malformed packet which contains an empty plaintext causes a panic.
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-20

Improper Input Validation

System	Score	Found at
cvssv3	7.5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-43565.json
epss	0.00013	https://api.first.org/data/v1/epss?cve=CVE-2021-43565
epss	0.00013	https://api.first.org/data/v1/epss?cve=CVE-2021-43565
epss	0.00013	https://api.first.org/data/v1/epss?cve=CVE-2021-43565
epss	0.00013	https://api.first.org/data/v1/epss?cve=CVE-2021-43565
epss	0.00013	https://api.first.org/data/v1/epss?cve=CVE-2021-43565
epss	0.00013	https://api.first.org/data/v1/epss?cve=CVE-2021-43565
epss	0.00013	https://api.first.org/data/v1/epss?cve=CVE-2021-43565
epss	0.00013	https://api.first.org/data/v1/epss?cve=CVE-2021-43565
epss	0.00013	https://api.first.org/data/v1/epss?cve=CVE-2021-43565
epss	0.00013	https://api.first.org/data/v1/epss?cve=CVE-2021-43565
epss	0.00013	https://api.first.org/data/v1/epss?cve=CVE-2021-43565
epss	0.00013	https://api.first.org/data/v1/epss?cve=CVE-2021-43565
epss	0.00013	https://api.first.org/data/v1/epss?cve=CVE-2021-43565
epss	0.00013	https://api.first.org/data/v1/epss?cve=CVE-2021-43565
epss	0.00013	https://api.first.org/data/v1/epss?cve=CVE-2021-43565
epss	0.00013	https://api.first.org/data/v1/epss?cve=CVE-2021-43565
epss	0.00013	https://api.first.org/data/v1/epss?cve=CVE-2021-43565
epss	0.00013	https://api.first.org/data/v1/epss?cve=CVE-2021-43565
epss	0.00013	https://api.first.org/data/v1/epss?cve=CVE-2021-43565
epss	0.00013	https://api.first.org/data/v1/epss?cve=CVE-2021-43565
epss	0.00013	https://api.first.org/data/v1/epss?cve=CVE-2021-43565
epss	0.00013	https://api.first.org/data/v1/epss?cve=CVE-2021-43565
epss	0.00013	https://api.first.org/data/v1/epss?cve=CVE-2021-43565
epss	0.00013	https://api.first.org/data/v1/epss?cve=CVE-2021-43565
epss	0.00013	https://api.first.org/data/v1/epss?cve=CVE-2021-43565
epss	0.00013	https://api.first.org/data/v1/epss?cve=CVE-2021-43565
cvssv3.1	7.5	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1	7.5	https://go.dev/cl/368814
generic_textual	HIGH	https://go.dev/cl/368814
cvssv3.1	7.5	https://go.dev/issues/49932
generic_textual	HIGH	https://go.dev/issues/49932
cvssv3.1	7.5	https://groups.google.com/forum/#!forum/golang-announce
generic_textual	HIGH	https://groups.google.com/forum/#!forum/golang-announce
cvssv3.1	7.5	https://groups.google.com/g/golang-announce/c/2AR1sKiM-Qs
generic_textual	HIGH	https://groups.google.com/g/golang-announce/c/2AR1sKiM-Qs
cvssv3.1	7.5	https://nvd.nist.gov/vuln/detail/CVE-2021-43565
generic_textual	HIGH	https://nvd.nist.gov/vuln/detail/CVE-2021-43565
cvssv3.1	7.5	https://pkg.go.dev/vuln/GO-2022-0968
generic_textual	HIGH	https://pkg.go.dev/vuln/GO-2022-0968

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-43565.json
		https://api.first.org/data/v1/epss?cve=CVE-2021-43565
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43565
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://go.dev/cl/368814
		https://go.dev/issues/49932
		https://groups.google.com/forum/#%21forum/golang-announce
		https://groups.google.com/forum/#!forum/golang-announce
		https://groups.google.com/g/golang-announce/c/2AR1sKiM-Qs
		https://nvd.nist.gov/vuln/detail/CVE-2021-43565
		https://pkg.go.dev/vuln/GO-2022-0968
2030787		https://bugzilla.redhat.com/show_bug.cgi?id=2030787
cpe:2.3:a:golang:ssh::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:golang:ssh::::::::
RHSA-2022:0595		https://access.redhat.com/errata/RHSA-2022:0595
RHSA-2022:0735		https://access.redhat.com/errata/RHSA-2022:0735
RHSA-2022:1081		https://access.redhat.com/errata/RHSA-2022:1081
RHSA-2022:1276		https://access.redhat.com/errata/RHSA-2022:1276
RHSA-2022:1361		https://access.redhat.com/errata/RHSA-2022:1361
RHSA-2022:1372		https://access.redhat.com/errata/RHSA-2022:1372
RHSA-2022:1476		https://access.redhat.com/errata/RHSA-2022:1476
RHSA-2022:1681		https://access.redhat.com/errata/RHSA-2022:1681
RHSA-2022:4956		https://access.redhat.com/errata/RHSA-2022:4956
RHSA-2022:5068		https://access.redhat.com/errata/RHSA-2022:5068
RHSA-2022:5069		https://access.redhat.com/errata/RHSA-2022:5069
RHSA-2022:5188		https://access.redhat.com/errata/RHSA-2022:5188
RHSA-2022:5201		https://access.redhat.com/errata/RHSA-2022:5201
RHSA-2022:5673		https://access.redhat.com/errata/RHSA-2022:5673
RHSA-2022:8938		https://access.redhat.com/errata/RHSA-2022:8938
RHSA-2024:2944		https://access.redhat.com/errata/RHSA-2024:2944

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-43565.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://go.dev/cl/368814

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://go.dev/issues/49932

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://groups.google.com/forum/#!forum/golang-announce

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://groups.google.com/g/golang-announce/c/2AR1sKiM-Qs

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2021-43565

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://pkg.go.dev/vuln/GO-2022-0968

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.01276
EPSS Score	0.00013
Published At	July 30, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-31T09:00:00.863355+00:00	GithubOSV Importer	Import	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/09/GHSA-gwc9-m7rh-j2ww/GHSA-gwc9-m7rh-j2ww.json	37.0.0