Vulnerabilities
Vulnerable Software
Golang:  >> Crypto  >> 0.18.0  Security Vulnerabilities
A malicious SSH peer could send unsolicited global request responses to fill an internal buffer, blocking the connection's read loop. The blocked goroutine could not be released by calling Close(), resulting in a resource leak per connection. Unsolicited global responses are now discarded.
CVSS Score
9.1
EPSS Score
0.005
Published
2026-05-22
When adding a key to a remote agent constraint extensions such as restrict-destination-v00@openssh.com were not serialized in the request. Destination restrictions were silently stripped when forwarding keys, allowing unrestricted use of the key on the remote host. The client now serializes all constraint extensions. Additionally, the in-memory keyring returned by NewKeyring() now rejects keys with unsupported constraint extensions instead of silently ignoring them.
CVSS Score
9.1
EPSS Score
0.005
Published
2026-05-22
An authenticated SSH client that repeatedly opened channels which were rejected by the server caused unbounded memory growth, eventually crashing the server process and affecting all connected users. Rejected channels are now properly removed from the connection's internal state and released for garbage collection.
CVSS Score
6.5
EPSS Score
0.002
Published
2026-05-22
SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read.
CVSS Score
5.3
EPSS Score
0.005
Published
2025-11-19
SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption.
CVSS Score
5.3
EPSS Score
0.005
Published
2025-11-19
The Go SSH library (x/crypto/ssh) by default does not verify host keys, facilitating man-in-the-middle attacks. Default behavior changed in commit e4e2799 to require explicitly registering a hostkey verification mechanism.
CVSS Score
8.1
EPSS Score
0.032
Published
2017-04-04


Contact Us

Shodan ® - All rights reserved