​
DirectorySecurity Advisories
Sign In
Security Advisories

CGA-qvj2-wprq-pwfh

Published

Last updated

https://images.chainguard.dev/security/CGA-qvj2-wprq-pwfh
Package

k3d

Latest Update
Fixed
Fixed Version

5.6.0-r11

Aliases
  • CVE-2020-9283
  • GHSA-ffhg-7mh4-33c4

Severity

7.5

High

CVSS V3

Summary

Improper Verification of Cryptographic Signature in golang.org/x/crypto

Description

golang.org/x/crypto before v0.0.0-20200220183623-bac4c82f6975 for Go allows a panic during signature verification in the golang.org/x/crypto/ssh package. A client can attack an SSH server that accepts public keys. Also, a server can attack any SSH client.

References

Updates

Safe Source for Open Sourceâ„¢
Media KitContact Us
© 2024 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Product

Chainguard Images

Why Chainguard

Container Image SecurityVulnerability RemediationCompliance and Risk MitigationSoftware Supply Chain SecurityAI/ML Security

Customers

Customer StoriesChainguard Love

Company

About UsOpen SourceCareersNewsroomLegal

Resources

Unchained BlogResearchEventsTrust CenterDocumentation