VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-kwsu-jrtp-aaaq

Essentials
Severities (102)
References (29)
Severity details (14)
Exploits (0)
EPSS
History (0)

Vulnerability ID	VCID-kwsu-jrtp-aaaq
Aliases	CVE-2021-43565 GHSA-gwc9-m7rh-j2ww
Summary	The x/crypto/ssh package before 0.0.0-20211202192323-5770296d904e of golang.org/x/crypto allows an attacker to panic an SSH server.
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-20

Improper Input Validation

System	Score	Found at
rhas	Important	https://access.redhat.com/errata/RHSA-2022:0595
rhas	Important	https://access.redhat.com/errata/RHSA-2022:0735
rhas	Moderate	https://access.redhat.com/errata/RHSA-2022:1081
rhas	Important	https://access.redhat.com/errata/RHSA-2022:1276
rhas	Important	https://access.redhat.com/errata/RHSA-2022:1361
rhas	Important	https://access.redhat.com/errata/RHSA-2022:1372
rhas	Moderate	https://access.redhat.com/errata/RHSA-2022:1476
rhas	Moderate	https://access.redhat.com/errata/RHSA-2022:1681
rhas	Important	https://access.redhat.com/errata/RHSA-2022:4956
rhas	Moderate	https://access.redhat.com/errata/RHSA-2022:5068
rhas	Important	https://access.redhat.com/errata/RHSA-2022:5069
rhas	Important	https://access.redhat.com/errata/RHSA-2022:5188
rhas	Moderate	https://access.redhat.com/errata/RHSA-2022:5201
rhas	Important	https://access.redhat.com/errata/RHSA-2022:5673
cvssv3	7.5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-43565.json
epss	0.00012	https://api.first.org/data/v1/epss?cve=CVE-2021-43565
epss	0.00012	https://api.first.org/data/v1/epss?cve=CVE-2021-43565
epss	0.00012	https://api.first.org/data/v1/epss?cve=CVE-2021-43565
epss	0.00012	https://api.first.org/data/v1/epss?cve=CVE-2021-43565
epss	0.00012	https://api.first.org/data/v1/epss?cve=CVE-2021-43565
epss	0.00012	https://api.first.org/data/v1/epss?cve=CVE-2021-43565
epss	0.00012	https://api.first.org/data/v1/epss?cve=CVE-2021-43565
epss	0.00012	https://api.first.org/data/v1/epss?cve=CVE-2021-43565
epss	0.00012	https://api.first.org/data/v1/epss?cve=CVE-2021-43565
epss	0.00012	https://api.first.org/data/v1/epss?cve=CVE-2021-43565
epss	0.00012	https://api.first.org/data/v1/epss?cve=CVE-2021-43565
epss	0.00012	https://api.first.org/data/v1/epss?cve=CVE-2021-43565
epss	0.00012	https://api.first.org/data/v1/epss?cve=CVE-2021-43565
epss	0.00012	https://api.first.org/data/v1/epss?cve=CVE-2021-43565
epss	0.00012	https://api.first.org/data/v1/epss?cve=CVE-2021-43565
epss	0.00012	https://api.first.org/data/v1/epss?cve=CVE-2021-43565
epss	0.00012	https://api.first.org/data/v1/epss?cve=CVE-2021-43565
epss	0.00012	https://api.first.org/data/v1/epss?cve=CVE-2021-43565
epss	0.00012	https://api.first.org/data/v1/epss?cve=CVE-2021-43565
epss	0.00012	https://api.first.org/data/v1/epss?cve=CVE-2021-43565
epss	0.00012	https://api.first.org/data/v1/epss?cve=CVE-2021-43565
epss	0.00012	https://api.first.org/data/v1/epss?cve=CVE-2021-43565
epss	0.00012	https://api.first.org/data/v1/epss?cve=CVE-2021-43565
epss	0.00012	https://api.first.org/data/v1/epss?cve=CVE-2021-43565
epss	0.00012	https://api.first.org/data/v1/epss?cve=CVE-2021-43565
epss	0.00012	https://api.first.org/data/v1/epss?cve=CVE-2021-43565
epss	0.00012	https://api.first.org/data/v1/epss?cve=CVE-2021-43565
epss	0.00012	https://api.first.org/data/v1/epss?cve=CVE-2021-43565
epss	0.00012	https://api.first.org/data/v1/epss?cve=CVE-2021-43565
epss	0.00012	https://api.first.org/data/v1/epss?cve=CVE-2021-43565
epss	0.00012	https://api.first.org/data/v1/epss?cve=CVE-2021-43565
epss	0.00012	https://api.first.org/data/v1/epss?cve=CVE-2021-43565
epss	0.00012	https://api.first.org/data/v1/epss?cve=CVE-2021-43565
epss	0.00012	https://api.first.org/data/v1/epss?cve=CVE-2021-43565
epss	0.00012	https://api.first.org/data/v1/epss?cve=CVE-2021-43565
epss	0.00012	https://api.first.org/data/v1/epss?cve=CVE-2021-43565
epss	0.00012	https://api.first.org/data/v1/epss?cve=CVE-2021-43565
epss	0.00012	https://api.first.org/data/v1/epss?cve=CVE-2021-43565
epss	0.00012	https://api.first.org/data/v1/epss?cve=CVE-2021-43565
epss	0.00012	https://api.first.org/data/v1/epss?cve=CVE-2021-43565
epss	0.00012	https://api.first.org/data/v1/epss?cve=CVE-2021-43565
epss	0.00013	https://api.first.org/data/v1/epss?cve=CVE-2021-43565
epss	0.00014	https://api.first.org/data/v1/epss?cve=CVE-2021-43565
epss	0.00014	https://api.first.org/data/v1/epss?cve=CVE-2021-43565
epss	0.00014	https://api.first.org/data/v1/epss?cve=CVE-2021-43565
epss	0.00014	https://api.first.org/data/v1/epss?cve=CVE-2021-43565
epss	0.00014	https://api.first.org/data/v1/epss?cve=CVE-2021-43565
epss	0.00014	https://api.first.org/data/v1/epss?cve=CVE-2021-43565
epss	0.00014	https://api.first.org/data/v1/epss?cve=CVE-2021-43565
epss	0.00014	https://api.first.org/data/v1/epss?cve=CVE-2021-43565
epss	0.00014	https://api.first.org/data/v1/epss?cve=CVE-2021-43565
epss	0.00014	https://api.first.org/data/v1/epss?cve=CVE-2021-43565
epss	0.00014	https://api.first.org/data/v1/epss?cve=CVE-2021-43565
epss	0.00014	https://api.first.org/data/v1/epss?cve=CVE-2021-43565
epss	0.00014	https://api.first.org/data/v1/epss?cve=CVE-2021-43565
epss	0.00014	https://api.first.org/data/v1/epss?cve=CVE-2021-43565
epss	0.00038	https://api.first.org/data/v1/epss?cve=CVE-2021-43565
epss	0.00081	https://api.first.org/data/v1/epss?cve=CVE-2021-43565
epss	0.00081	https://api.first.org/data/v1/epss?cve=CVE-2021-43565
epss	0.00081	https://api.first.org/data/v1/epss?cve=CVE-2021-43565
epss	0.00081	https://api.first.org/data/v1/epss?cve=CVE-2021-43565
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2021-43565
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2021-43565
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2021-43565
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2021-43565
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2021-43565
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2021-43565
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2021-43565
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2021-43565
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2021-43565
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2021-43565
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2021-43565
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2021-43565
rhbs	medium	https://bugzilla.redhat.com/show_bug.cgi?id=2030787
cvssv3.1	7.5	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1	7.5	https://go.dev/cl/368814
generic_textual	HIGH	https://go.dev/cl/368814
cvssv3.1	7.5	https://go.dev/issues/49932
generic_textual	HIGH	https://go.dev/issues/49932
cvssv3.1	7.5	https://groups.google.com/forum/#!forum/golang-announce
generic_textual	HIGH	https://groups.google.com/forum/#!forum/golang-announce
cvssv3.1	7.5	https://groups.google.com/g/golang-announce/c/2AR1sKiM-Qs
generic_textual	HIGH	https://groups.google.com/g/golang-announce/c/2AR1sKiM-Qs
cvssv3	7.5	https://nvd.nist.gov/vuln/detail/CVE-2021-43565
cvssv3.1	7.5	https://nvd.nist.gov/vuln/detail/CVE-2021-43565
cvssv3.1	7.5	https://pkg.go.dev/vuln/GO-2022-0968
generic_textual	HIGH	https://pkg.go.dev/vuln/GO-2022-0968

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-43565.json
		https://api.first.org/data/v1/epss?cve=CVE-2021-43565
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43565
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://go.dev/cl/368814
		https://go.dev/issues/49932
		https://groups.google.com/forum/#%21forum/golang-announce
		https://groups.google.com/forum/#!forum/golang-announce
		https://groups.google.com/g/golang-announce/c/2AR1sKiM-Qs
		https://pkg.go.dev/vuln/GO-2022-0968
2030787		https://bugzilla.redhat.com/show_bug.cgi?id=2030787
cpe:2.3:a:golang:ssh::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:golang:ssh::::::::
CVE-2021-43565		https://nvd.nist.gov/vuln/detail/CVE-2021-43565
RHSA-2022:0595		https://access.redhat.com/errata/RHSA-2022:0595
RHSA-2022:0735		https://access.redhat.com/errata/RHSA-2022:0735
RHSA-2022:1081		https://access.redhat.com/errata/RHSA-2022:1081
RHSA-2022:1276		https://access.redhat.com/errata/RHSA-2022:1276
RHSA-2022:1361		https://access.redhat.com/errata/RHSA-2022:1361
RHSA-2022:1372		https://access.redhat.com/errata/RHSA-2022:1372
RHSA-2022:1476		https://access.redhat.com/errata/RHSA-2022:1476
RHSA-2022:1681		https://access.redhat.com/errata/RHSA-2022:1681
RHSA-2022:4956		https://access.redhat.com/errata/RHSA-2022:4956
RHSA-2022:5068		https://access.redhat.com/errata/RHSA-2022:5068
RHSA-2022:5069		https://access.redhat.com/errata/RHSA-2022:5069
RHSA-2022:5188		https://access.redhat.com/errata/RHSA-2022:5188
RHSA-2022:5201		https://access.redhat.com/errata/RHSA-2022:5201
RHSA-2022:5673		https://access.redhat.com/errata/RHSA-2022:5673
RHSA-2022:8938		https://access.redhat.com/errata/RHSA-2022:8938
RHSA-2024:2944		https://access.redhat.com/errata/RHSA-2024:2944

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-43565.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://go.dev/cl/368814

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://go.dev/issues/49932

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://groups.google.com/forum/#!forum/golang-announce

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://groups.google.com/g/golang-announce/c/2AR1sKiM-Qs

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2021-43565

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2021-43565

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://pkg.go.dev/vuln/GO-2022-0968

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.01076
EPSS Score	0.00012
Published At	April 17, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.