High severityNVD Advisory· Published Dec 17, 2020· Updated Aug 4, 2024
CVE-2020-29652
CVE-2020-29652
Description
A nil pointer dereference in the golang.org/x/crypto/ssh component through v0.0.0-20201203163018-be400aefbc4c for Go allows remote attackers to cause a denial of service against SSH servers.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
golang.org/x/cryptoGo | < 0.0.0-20201216223049-8b5274cf687f | 0.0.0-20201216223049-8b5274cf687f |
Affected products
20- osv-coords20 versionspkg:apk/chainguard/dex-k8s-authenticatorpkg:apk/chainguard/k3dpkg:apk/chainguard/k3d-proxypkg:apk/chainguard/k3d-toolspkg:apk/wolfi/k3dpkg:apk/wolfi/k3d-proxypkg:apk/wolfi/k3d-toolspkg:golang/golang.org/x/cryptopkg:rpm/almalinux/cockpit-podmanpkg:rpm/almalinux/conmonpkg:rpm/almalinux/containernetworking-pluginspkg:rpm/almalinux/critpkg:rpm/almalinux/criupkg:rpm/almalinux/fuse-overlayfspkg:rpm/almalinux/libslirppkg:rpm/almalinux/libslirp-develpkg:rpm/almalinux/python3-criupkg:rpm/almalinux/slirp4netnspkg:rpm/almalinux/udicapkg:rpm/opensuse/velero&distro=openSUSE%20Tumbleweed
< 0+ 19 more
- (no CPE)range: < 0
- (no CPE)range: < 5.6.0-r11
- (no CPE)range: < 5.6.0-r11
- (no CPE)range: < 5.6.0-r11
- (no CPE)range: < 5.6.0-r11
- (no CPE)range: < 5.6.0-r11
- (no CPE)range: < 5.6.0-r11
- (no CPE)range: < 0.0.0-20201216223049-8b5274cf687f
- (no CPE)range: < 29-2.module_el8.6.0+2876+9ed4eae2
- (no CPE)range: < 2:2.0.26-1.module_el8.6.0+2876+9ed4eae2
- (no CPE)range: < 0.9.1-1.module_el8.6.0+2876+9ed4eae2
- (no CPE)range: < 3.15-1.module_el8.6.0+2876+9ed4eae2
- (no CPE)range: < 3.15-1.module_el8.6.0+2876+9ed4eae2
- (no CPE)range: < 1.4.0-2.module_el8.6.0+2876+9ed4eae2
- (no CPE)range: < 4.3.1-1.module_el8.6.0+2876+9ed4eae2
- (no CPE)range: < 4.3.1-1.module_el8.6.0+2876+9ed4eae2
- (no CPE)range: < 3.15-1.module_el8.6.0+2876+9ed4eae2
- (no CPE)range: < 1.1.8-1.module_el8.6.0+2876+9ed4eae2
- (no CPE)range: < 0.2.4-1.module_el8.6.0+2876+9ed4eae2
- (no CPE)range: < 1.7.1-1.1
Patches
Vulnerability mechanics
References
9- github.com/advisories/GHSA-3vm4-22fp-5rfmghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-29652ghsaADVISORY
- go-review.googlesource.com/c/crypto/+/278852ghsax_refsource_MISCWEB
- go.dev/cl/278852ghsaWEB
- go.googlesource.com/crypto/+/8b5274cf687fd9316b4108863654cc57385531e8ghsaWEB
- groups.google.com/g/golang-announce/c/ouZIlBimOsEghsax_refsource_MISCWEB
- lists.apache.org/thread.html/r68032132c0399c29d6cdc7bd44918535da54060a10a12b1591328bff%40%3Cnotifications.skywalking.apache.org%3Emitremailing-listx_refsource_MLIST
- lists.apache.org/thread.html/r68032132c0399c29d6cdc7bd44918535da54060a10a12b1591328bff@%3Cnotifications.skywalking.apache.org%3EghsaWEB
- pkg.go.dev/vuln/GO-2021-0227ghsaWEB
News mentions
0No linked articles in our index yet.