CVE编号
CVE-2022-27191利用情况
暂无补丁情况
N/A披露时间
2022-03-18漏洞描述
golang.org/x/crypto/ssh before 0.0.0-20220314234659-1baeb1ce4c0b in Go through 1.16.15 and 1.17.x through 1.17.8 allows an attacker to crash a server in certain circumstances involving AddHostKey.解决建议
建议您更新当前系统或软件至最新版,完成漏洞的修复。
参考链接 |
|
|---|---|
| https://groups.google.com/g/golang-announce | |
| https://groups.google.com/g/golang-announce/c/-cp44ypCT5s |
受影响软件情况
| # | 类型 | 厂商 | 产品 | 版本 | 影响面 | ||||
| 1 | |||||||||
|---|---|---|---|---|---|---|---|---|---|
| 运行在以下环境 | |||||||||
| 应用 | golang | go | * |
Up to (including) 1.16.15 |
|||||
| 运行在以下环境 | |||||||||
| 应用 | golang | go | * |
From (including) 1.17.0 |
Up to (including) 1.17.8 |
||||
| 运行在以下环境 | |||||||||
| 系统 | alpine_3.14 | go | * |
Up to (excluding) 1.16.15-r0 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | alpine_3.15 | podman | * |
Up to (excluding) 3.4.6-r0 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | debian_10 | golang-go.crypto | * |
Up to (excluding) 0.0~git20181203.505ab14-1 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | debian_11 | golang-go.crypto | * |
Up to (excluding) 0.0~git20201221.eec23a3-1 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | debian_12 | golang-go.crypto | * |
Up to (excluding) 0.0~git20211202.5770296-1 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | debian_9 | golang-go.crypto | * |
Up to (excluding) 0.0~git20170407.0.55a552f+REALLY.0.0~git20161012.0.5f31782-1 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | fedora_34 | golang-go.crypto | * |
Up to (excluding) 0-0.43.20220412git7b82a4e.fc34 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | fedora_35 | golang-go.crypto | * |
Up to (excluding) 0-0.43.20220412git7b82a4e.fc35 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | fedora_36 | golang-go.crypto | * |
Up to (excluding) 0-0.43.20220412git7b82a4e.fc36 |
|||||
- 攻击路径 网络
- 攻击复杂度 低
- 权限要求 无
- 影响范围 未更改
- 用户交互 无
- 可用性 高
- 保密性 无
- 完整性 无
还没有评论,来说两句吧...