High severityNVD Advisory· Published Sep 6, 2022· Updated Aug 4, 2024
CVE-2021-43565
CVE-2021-43565
Description
The x/crypto/ssh package before 0.0.0-20211202192323-5770296d904e of golang.org/x/crypto allows an attacker to panic an SSH server.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Unauthenticated clients can panic Go SSH servers by sending a malformed packet with empty plaintext, leading to denial of service.
Vulnerability
Description
The vulnerability resides in the golang.org/x/crypto/ssh package before version v0.0.0-20211202192323-5770296d904e. When using AES-GCM or ChaCha20Poly1305 encryption modes, the SSH server assumes that a decrypted packet will always contain at least one byte (the padding length). A specially crafted packet with empty plaintext violates this assumption, causing a nil pointer dereference or index-out-of-range panic [3][4].
Exploitation
An unauthenticated attacker can trigger the panic by sending a malformed SSH transport layer packet during the key exchange or any subsequent encrypted phase. No prior authentication or special network position is required; the attacker only needs to establish a TCP connection to the SSH server and send the crafted packet [3].
Impact
Successful exploitation results in a panic of the SSH server process, leading to a denial of service (DoS). The server becomes unavailable for legitimate connections until restarted. Since the panic occurs before any authentication, the attack can be launched by any client that can reach the SSH port [3][4].
Mitigation
The fix was released in commit 5770296d904e and is included in golang.org/x/crypto version v0.0.0-20211202192323-5770296d904e and later. Users should update their dependency to this version or newer. The Go security team has also published a vulnerability entry (GO-2022-0968) tracking this issue [2][3].
References
AI Insight generated on May 21, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
golang.org/x/cryptoGo | < 0.0.0-20211202192323-5770296d904e | 0.0.0-20211202192323-5770296d904e |
Affected products
142- golang.org/x/crypto/x/crypto/sshdescription
- osv-coords141 versionspkg:apk/chainguard/dynamic-localpv-provisionerpkg:apk/chainguard/dynamic-localpv-provisioner-fipspkg:apk/chainguard/eks-distro-coredns-1.8pkg:apk/chainguard/k3dpkg:apk/chainguard/k3d-proxypkg:apk/chainguard/k3d-toolspkg:apk/chainguard/kubeflowpkg:apk/chainguard/kubeflow-access-managementpkg:apk/chainguard/kubeflow-access-management-compatpkg:apk/chainguard/kubeflow-access-management-fipspkg:apk/chainguard/kubeflow-access-management-fips-compatpkg:apk/chainguard/kubeflow-admission-webhookpkg:apk/chainguard/kubeflow-admission-webhook-compatpkg:apk/chainguard/kubeflow-admission-webhook-fipspkg:apk/chainguard/kubeflow-admission-webhook-fips-compatpkg:apk/chainguard/kubeflow-fipspkg:apk/chainguard/kubeflow-notebook-controllerpkg:apk/chainguard/kubeflow-notebook-controller-compatpkg:apk/chainguard/kubeflow-notebook-controller-fipspkg:apk/chainguard/kubeflow-notebook-controller-fips-compatpkg:apk/chainguard/kubeflow-profile-controllerpkg:apk/chainguard/kubeflow-profile-controller-compatpkg:apk/chainguard/kubeflow-profile-controller-fipspkg:apk/chainguard/kubeflow-profile-controller-fips-compatpkg:apk/chainguard/kubeflow-pvcviewer-controllerpkg:apk/chainguard/kubeflow-pvcviewer-controller-compatpkg:apk/chainguard/kubeflow-pvcviewer-controller-fipspkg:apk/chainguard/kubeflow-pvcviewer-controller-fips-compatpkg:apk/chainguard/kubeflow-tensorboard-controllerpkg:apk/chainguard/kubeflow-tensorboard-controller-compatpkg:apk/chainguard/kubeflow-tensorboard-controller-fipspkg:apk/chainguard/kubeflow-tensorboard-controller-fips-compatpkg:apk/chainguard/prometheus-postgres-exporter-0.10pkg:apk/chainguard/terraform-provider-sendgridpkg:apk/chainguard/terraform-provider-sendgrid-fipspkg:apk/wolfi/dynamic-localpv-provisionerpkg:apk/wolfi/k3dpkg:apk/wolfi/k3d-proxypkg:apk/wolfi/k3d-toolspkg:apk/wolfi/kubeflowpkg:apk/wolfi/kubeflow-access-managementpkg:apk/wolfi/kubeflow-access-management-compatpkg:apk/wolfi/kubeflow-admission-webhookpkg:apk/wolfi/kubeflow-admission-webhook-compatpkg:apk/wolfi/kubeflow-notebook-controllerpkg:apk/wolfi/kubeflow-notebook-controller-compatpkg:apk/wolfi/kubeflow-profile-controllerpkg:apk/wolfi/kubeflow-profile-controller-compatpkg:apk/wolfi/kubeflow-pvcviewer-controllerpkg:apk/wolfi/kubeflow-pvcviewer-controller-compatpkg:apk/wolfi/kubeflow-tensorboard-controllerpkg:apk/wolfi/kubeflow-tensorboard-controller-compatpkg:apk/wolfi/terraform-provider-sendgridpkg:golang/golang.org/x/cryptopkg:rpm/opensuse/containerd&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/containerd&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/docker&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/docker&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/docker-kubic&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/docker-kubic&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/docker-stable&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/kubevirt&distro=openSUSE%20Leap%2015.3pkg:rpm/suse/containerd&distro=SUSE%20Enterprise%20Storage%206pkg:rpm/suse/containerd&distro=SUSE%20Enterprise%20Storage%207pkg:rpm/suse/containerd&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-ESPOSpkg:rpm/suse/containerd&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSSpkg:rpm/suse/containerd&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-ESPOSpkg:rpm/suse/containerd&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/containerd&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOSpkg:rpm/suse/containerd&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSSpkg:rpm/suse/containerd&distro=SUSE%20Linux%20Enterprise%20Micro%205.0pkg:rpm/suse/containerd&distro=SUSE%20Linux%20Enterprise%20Micro%205.1pkg:rpm/suse/containerd&distro=SUSE%20Linux%20Enterprise%20Micro%205.2pkg:rpm/suse/containerd&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Containers%2012pkg:rpm/suse/containerd&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Containers%2015%20SP3pkg:rpm/suse/containerd&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Containers%2015%20SP4pkg:rpm/suse/containerd&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP3pkg:rpm/suse/containerd&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-BCLpkg:rpm/suse/containerd&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSSpkg:rpm/suse/containerd&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-BCLpkg:rpm/suse/containerd&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSSpkg:rpm/suse/containerd&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSSpkg:rpm/suse/containerd&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015pkg:rpm/suse/containerd&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1pkg:rpm/suse/containerd&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2pkg:rpm/suse/containerd&distro=SUSE%20Manager%20Proxy%204.1pkg:rpm/suse/containerd&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.1pkg:rpm/suse/containerd&distro=SUSE%20Manager%20Server%204.1pkg:rpm/suse/docker&distro=SUSE%20Enterprise%20Storage%206pkg:rpm/suse/docker&distro=SUSE%20Enterprise%20Storage%207pkg:rpm/suse/docker&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-ESPOSpkg:rpm/suse/docker&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSSpkg:rpm/suse/docker&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-ESPOSpkg:rpm/suse/docker&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/docker&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOSpkg:rpm/suse/docker&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSSpkg:rpm/suse/docker&distro=SUSE%20Linux%20Enterprise%20Micro%205.0pkg:rpm/suse/docker&distro=SUSE%20Linux%20Enterprise%20Micro%205.1pkg:rpm/suse/docker&distro=SUSE%20Linux%20Enterprise%20Micro%205.2pkg:rpm/suse/docker&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Containers%2012pkg:rpm/suse/docker&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Containers%2015%20SP3pkg:rpm/suse/docker&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Containers%2015%20SP4pkg:rpm/suse/docker&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-BCLpkg:rpm/suse/docker&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSSpkg:rpm/suse/docker&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-BCLpkg:rpm/suse/docker&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSSpkg:rpm/suse/docker&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSSpkg:rpm/suse/docker&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015pkg:rpm/suse/docker&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1pkg:rpm/suse/docker&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2pkg:rpm/suse/docker&distro=SUSE%20Manager%20Proxy%204.1pkg:rpm/suse/docker&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.1pkg:rpm/suse/docker&distro=SUSE%20Manager%20Server%204.1pkg:rpm/suse/docker-stable&distro=SUSE%20Enterprise%20Storage%207.1pkg:rpm/suse/docker-stable&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSSpkg:rpm/suse/docker-stable&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/docker-stable&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/docker-stable&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOSpkg:rpm/suse/docker-stable&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSSpkg:rpm/suse/docker-stable&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Containers%2015%20SP6pkg:rpm/suse/docker-stable&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Containers%2015%20SP7pkg:rpm/suse/docker-stable&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5-LTSSpkg:rpm/suse/docker-stable&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSSpkg:rpm/suse/docker-stable&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/docker-stable&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSSpkg:rpm/suse/docker-stable&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3pkg:rpm/suse/docker-stable&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/docker-stable&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5pkg:rpm/suse/docker-stable&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5pkg:rpm/suse/kafka&distro=SUSE%20Package%20Hub%2015%20SP2pkg:rpm/suse/kafka-kit&distro=SUSE%20Package%20Hub%2015%20SP2pkg:rpm/suse/kubevirt&distro=SUSE%20Enterprise%20Storage%207pkg:rpm/suse/kubevirt&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-ESPOSpkg:rpm/suse/kubevirt&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/kubevirt&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Containers%2015%20SP3pkg:rpm/suse/kubevirt&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-BCLpkg:rpm/suse/kubevirt&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSSpkg:rpm/suse/kubevirt&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2pkg:rpm/suse/kubevirt&distro=SUSE%20Manager%20Proxy%204.1pkg:rpm/suse/kubevirt&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.1pkg:rpm/suse/kubevirt&distro=SUSE%20Manager%20Server%204.1
< 3.4.1-r3+ 140 more
- (no CPE)range: < 3.4.1-r3
- (no CPE)range: < 3.5.0-r0
- (no CPE)range: < 1.8.7-r5
- (no CPE)range: < 5.6.0-r11
- (no CPE)range: < 5.6.0-r11
- (no CPE)range: < 5.6.0-r11
- (no CPE)range: < 1.10.0-r4
- (no CPE)range: < 1.10.0-r4
- (no CPE)range: < 1.10.0-r4
- (no CPE)range: < 1.10.0-r2
- (no CPE)range: < 1.10.0-r2
- (no CPE)range: < 1.10.0-r4
- (no CPE)range: < 1.10.0-r4
- (no CPE)range: < 1.10.0-r2
- (no CPE)range: < 1.10.0-r2
- (no CPE)range: < 1.10.0-r2
- (no CPE)range: < 1.10.0-r4
- (no CPE)range: < 1.10.0-r4
- (no CPE)range: < 1.10.0-r2
- (no CPE)range: < 1.10.0-r2
- (no CPE)range: < 1.10.0-r4
- (no CPE)range: < 1.10.0-r4
- (no CPE)range: < 1.10.0-r2
- (no CPE)range: < 1.10.0-r2
- (no CPE)range: < 1.10.0-r4
- (no CPE)range: < 1.10.0-r4
- (no CPE)range: < 1.10.0-r2
- (no CPE)range: < 1.10.0-r2
- (no CPE)range: < 1.10.0-r4
- (no CPE)range: < 1.10.0-r4
- (no CPE)range: < 1.10.0-r2
- (no CPE)range: < 1.10.0-r2
- (no CPE)range: < 0
- (no CPE)range: < 1.0.1-r1
- (no CPE)range: < 1.0.1-r1
- (no CPE)range: < 3.4.1-r3
- (no CPE)range: < 5.6.0-r11
- (no CPE)range: < 5.6.0-r11
- (no CPE)range: < 5.6.0-r11
- (no CPE)range: < 1.10.0-r4
- (no CPE)range: < 1.10.0-r4
- (no CPE)range: < 1.10.0-r4
- (no CPE)range: < 1.10.0-r4
- (no CPE)range: < 1.10.0-r4
- (no CPE)range: < 1.10.0-r4
- (no CPE)range: < 1.10.0-r4
- (no CPE)range: < 1.10.0-r4
- (no CPE)range: < 1.10.0-r4
- (no CPE)range: < 1.10.0-r4
- (no CPE)range: < 1.10.0-r4
- (no CPE)range: < 1.10.0-r4
- (no CPE)range: < 1.10.0-r4
- (no CPE)range: < 1.0.1-r1
- (no CPE)range: < 0.0.0-20211202192323-5770296d904e
- (no CPE)range: < 1.5.11-150000.68.1
- (no CPE)range: < 1.5.11-150000.68.1
- (no CPE)range: < 20.10.14_ce-150000.163.1
- (no CPE)range: < 20.10.14_ce-150000.163.1
- (no CPE)range: < 20.10.14_ce-150000.163.1
- (no CPE)range: < 20.10.14_ce-150000.163.1
- (no CPE)range: < 24.0.9_ce-150000.1.25.1
- (no CPE)range: < 0.45.0-8.7.1
- (no CPE)range: < 1.5.11-150000.68.1
- (no CPE)range: < 1.5.11-150000.68.1
- (no CPE)range: < 1.5.11-150000.68.1
- (no CPE)range: < 1.5.11-150000.68.1
- (no CPE)range: < 1.5.11-150000.68.1
- (no CPE)range: < 1.5.11-150000.68.1
- (no CPE)range: < 1.5.11-150000.68.1
- (no CPE)range: < 1.5.11-150000.68.1
- (no CPE)range: < 1.5.11-150000.68.1
- (no CPE)range: < 1.5.11-150000.68.1
- (no CPE)range: < 1.5.11-150000.68.1
- (no CPE)range: < 1.5.11-16.57.1
- (no CPE)range: < 1.5.11-150000.68.1
- (no CPE)range: < 1.5.11-150000.68.1
- (no CPE)range: < 1.5.11-150000.68.1
- (no CPE)range: < 1.5.11-150000.68.1
- (no CPE)range: < 1.5.11-150000.68.1
- (no CPE)range: < 1.5.11-150000.68.1
- (no CPE)range: < 1.5.11-150000.68.1
- (no CPE)range: < 1.5.11-150000.68.1
- (no CPE)range: < 1.5.11-150000.68.1
- (no CPE)range: < 1.5.11-150000.68.1
- (no CPE)range: < 1.5.11-150000.68.1
- (no CPE)range: < 1.5.11-150000.68.1
- (no CPE)range: < 1.5.11-150000.68.1
- (no CPE)range: < 1.5.11-150000.68.1
- (no CPE)range: < 20.10.14_ce-150000.163.1
- (no CPE)range: < 20.10.14_ce-150000.163.1
- (no CPE)range: < 20.10.14_ce-150000.163.1
- (no CPE)range: < 20.10.14_ce-150000.163.1
- (no CPE)range: < 20.10.14_ce-150000.163.1
- (no CPE)range: < 20.10.14_ce-150000.163.1
- (no CPE)range: < 20.10.14_ce-150000.163.1
- (no CPE)range: < 20.10.14_ce-150000.163.1
- (no CPE)range: < 20.10.14_ce-150000.163.1
- (no CPE)range: < 20.10.14_ce-150000.163.1
- (no CPE)range: < 20.10.14_ce-150000.163.1
- (no CPE)range: < 20.10.14_ce-98.80.1
- (no CPE)range: < 20.10.14_ce-150000.163.1
- (no CPE)range: < 20.10.14_ce-150000.163.1
- (no CPE)range: < 20.10.14_ce-150000.163.1
- (no CPE)range: < 20.10.14_ce-150000.163.1
- (no CPE)range: < 20.10.14_ce-150000.163.1
- (no CPE)range: < 20.10.14_ce-150000.163.1
- (no CPE)range: < 20.10.14_ce-150000.163.1
- (no CPE)range: < 20.10.14_ce-150000.163.1
- (no CPE)range: < 20.10.14_ce-150000.163.1
- (no CPE)range: < 20.10.14_ce-150000.163.1
- (no CPE)range: < 20.10.14_ce-150000.163.1
- (no CPE)range: < 20.10.14_ce-150000.163.1
- (no CPE)range: < 20.10.14_ce-150000.163.1
- (no CPE)range: < 24.0.9_ce-150000.1.25.1
- (no CPE)range: < 24.0.9_ce-150000.1.25.1
- (no CPE)range: < 24.0.9_ce-150000.1.25.1
- (no CPE)range: < 24.0.9_ce-150000.1.25.1
- (no CPE)range: < 24.0.9_ce-150000.1.25.1
- (no CPE)range: < 24.0.9_ce-150000.1.25.1
- (no CPE)range: < 24.0.9_ce-150000.1.25.1
- (no CPE)range: < 24.0.9_ce-150000.1.25.1
- (no CPE)range: < 24.0.9_ce-1.20.1
- (no CPE)range: < 24.0.9_ce-150000.1.25.1
- (no CPE)range: < 24.0.9_ce-150000.1.25.1
- (no CPE)range: < 24.0.9_ce-150000.1.25.1
- (no CPE)range: < 24.0.9_ce-150000.1.25.1
- (no CPE)range: < 24.0.9_ce-150000.1.25.1
- (no CPE)range: < 24.0.9_ce-150000.1.25.1
- (no CPE)range: < 24.0.9_ce-1.20.1
- (no CPE)range: < 2.1.0-bp152.2.3.1
- (no CPE)range: < 2.1.0-bp152.2.3.1
- (no CPE)range: < 0.40.0-5.17.2
- (no CPE)range: < 0.40.0-5.17.2
- (no CPE)range: < 0.40.0-5.17.2
- (no CPE)range: < 0.45.0-8.7.1
- (no CPE)range: < 0.40.0-5.17.2
- (no CPE)range: < 0.40.0-5.17.2
- (no CPE)range: < 0.40.0-5.17.2
- (no CPE)range: < 0.40.0-5.17.2
- (no CPE)range: < 0.40.0-5.17.2
- (no CPE)range: < 0.40.0-5.17.2
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
8- github.com/advisories/GHSA-gwc9-m7rh-j2wwghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-43565ghsaADVISORY
- go.dev/cl/368814ghsaWEB
- go.dev/issues/49932ghsaWEB
- groups.google.com/forum/ghsaWEB
- groups.google.com/forum/mitrex_refsource_MISC
- groups.google.com/g/golang-announce/c/2AR1sKiM-Qsghsax_refsource_CONFIRMWEB
- pkg.go.dev/vuln/GO-2022-0968ghsaWEB
News mentions
0No linked articles in our index yet.