Golang

Crypto

22 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.36%
  • Veröffentlicht 22.05.2026 02:31:26
  • Zuletzt bearbeitet 28.05.2026 15:04:39

The in-memory keyring returned by NewKeyring() silently accepted keys with the ConfirmBeforeUse constraint but never enforced it. The key would sign without any confirmation prompt, with no indication to the caller that the constraint was not in effe...

  • EPSS 0.39%
  • Veröffentlicht 22.05.2026 02:31:26
  • Zuletzt bearbeitet 09.07.2026 13:17:03

SSH servers which use CertChecker as a public key callback without setting IsUserAuthority or IsHostAuthority could be caused to panic by a client presenting a certificate. CertChecker now returns an error instead of panicking when these callbacks ar...

  • EPSS 0.36%
  • Veröffentlicht 22.05.2026 02:31:26
  • Zuletzt bearbeitet 28.05.2026 14:44:17

An incorrectly placed cast from bytes to int allowed for server-side panic in the AES-GCM packet decoder for well-crafted inputs.

  • EPSS 0.48%
  • Veröffentlicht 19.11.2025 20:33:43
  • Zuletzt bearbeitet 11.12.2025 19:36:41

SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read.

  • EPSS 0.53%
  • Veröffentlicht 19.11.2025 20:33:42
  • Zuletzt bearbeitet 11.12.2025 19:29:24

SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption.

Exploit
  • EPSS 0.59%
  • Veröffentlicht 13.11.2025 21:29:39
  • Zuletzt bearbeitet 09.01.2026 15:32:12

SSH clients receiving SSH_AGENT_SUCCESS when expecting a typed response will panic and cause early termination of the client process.

  • EPSS 3.15%
  • Veröffentlicht 12.12.2024 02:02:07
  • Zuletzt bearbeitet 15.04.2026 00:35:42

Applications and libraries which misuse connection.serverAuthenticate (via callback field ServerConfig.PublicKeyCallback) may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that "A call to this fu...

  • EPSS 0.63%
  • Veröffentlicht 02.07.2024 20:15:05
  • Zuletzt bearbeitet 15.04.2026 00:35:42

httpTokenCacheKey uses path.Base to extract the expected HTTP-01 token value to lookup in the DirCache implementation. On Windows, path.Base acts differently to filepath.Base, since Windows uses a different path separator (\ vs. /), allowing a user t...

Medienbericht Exploit
  • EPSS 93.31%
  • Veröffentlicht 18.12.2023 16:15:10
  • Zuletzt bearbeitet 12.05.2026 11:16:15

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client a...

Exploit
  • EPSS 2%
  • Veröffentlicht 22.05.2019 17:29:00
  • Zuletzt bearbeitet 21.11.2024 04:21:52

A message-forgery issue was discovered in crypto/openpgp/clearsign/clearsign.go in supplementary Go cryptography libraries 2019-03-25. According to the OpenPGP Message Format specification in RFC 4880 chapter 7, a cleartext signed message can contain...