зеркало из https://github.com/golang/vulndb.git
27 строки
826 B
YAML
27 строки
826 B
YAML
modules:
|
|
- module: golang.org/x/crypto
|
|
versions:
|
|
- fixed: 0.0.0-20170330155735-e4e2799dd7aa
|
|
vulnerable_at: 0.0.0-20170317163734-459e26527287
|
|
packages:
|
|
- package: golang.org/x/crypto/ssh
|
|
symbols:
|
|
- NewClientConn
|
|
derived_symbols:
|
|
- Dial
|
|
description: |
|
|
By default host key verification is disabled which allows for
|
|
man-in-the-middle attacks against SSH clients if
|
|
ClientConfig.HostKeyCallback is not set.
|
|
published: 2021-04-14T20:04:52Z
|
|
cves:
|
|
- CVE-2017-3204
|
|
ghsas:
|
|
- GHSA-xhjq-w7xm-p8qj
|
|
credit: Phil Pennock
|
|
references:
|
|
- fix: https://go.dev/cl/340830
|
|
- fix: https://go.googlesource.com/crypto/+/e4e2799dd7aab89f583e1d898300d96367750991
|
|
- report: https://go.dev/issue/19767
|
|
- web: https://bridge.grumpy-troll.org/2017/04/golang-ssh-security/
|