All vulnerabilities

CVE-2021-43565

Panic on malformed packets in golang.org/x/crypto/ssh

Description

Unauthenticated clients can cause a panic in SSH servers.

When using AES-GCM or ChaCha20Poly1305, consuming a malformed packet which contains an empty plaintext causes a panic.

Patch Available

Fix available through Seal Security. No upgrade required, protect your application instantly.

Fix without upgrading
Score
7.5
Severity
High
Ecosystem
GO
Publish Date
September 12, 2022
Modified Date
February 3, 2026
Score Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Versions