[GO-2023-2402] Man-in-the-middle attacker can compromise integrity of secure channel in
golang.org/x/crypto
Severity
Medium
Affected Packages
1
Fixed Packages
1
CVEs
1
A protocol weakness allows a MITM attacker to compromise the integrity of the
secure channel before it is established, allowing the attacker to prevent
transmission of a number of messages immediately after the secure channel is
established without either side being aware.
The impact of this attack is relatively limited, as it does not compromise
confidentiality of the channel. Notably this attack would allow an attacker to
prevent the transmission of the SSH2_MSG_EXT_INFO message, disabling a handful
of newer security features.
This protocol weakness was also fixed in OpenSSH 9.6.
| Package | Affected Version |
|---|---|
 pkg:golang/golang.org/x/crypto/ssh
|
>= 0.16.0, < 0.17.0 |
| Package | Fixed Version |
|---|---|
|
pkg:golang/golang.org/x/crypto/ssh
|
= 0.17.0 |
- ID
- GO-2023-2402
- Severity
- medium
- Severity from
- CVE-2023-48795
- URL
- https://pkg.go.dev/vuln/GO-2023-2402
- Published
-
2023-12-18T18:34:01
(9 months ago) - Modified
-
2024-05-14T19:19:00
(4 months ago) - Other Advisories
-
-
ALAS-2023-1898
-
ALAS2-2023-2376
-
ALPINE:CVE-2023-48795
-
ALSA-2024:0606
-
ALSA-2024:0628
-
ALSA-2024:1130
-
ALSA-2024:1150
-
DSA-5586-1
-
DSA-5588-1
-
DSA-5591-1
-
DSA-5599-1
-
DSA-5600-1
-
DSA-5601-1
-
DSA-5750-1
-
ELSA-2024-0606
-
ELSA-2024-0628
-
ELSA-2024-1130
-
ELSA-2024-1150
-
ELSA-2024-12157
-
ELSA-2024-12158
-
ELSA-2024-12164
-
ELSA-2024-12232
-
ELSA-2024-12233
-
ELSA-2024-2988
-
FEDORA-2023-0733306be9
-
FEDORA-2023-153404713b
-
FEDORA-2023-20feb865d8
-
FEDORA-2023-55800423a8
-
FEDORA-2023-b87ec6cf47
-
FEDORA-2023-cb8c606fbb
-
FEDORA-2023-e77300e4b5
-
FEDORA-2024-06ebb70bdd
-
FEDORA-2024-2705241461
-
FEDORA-2024-37627e432e
-
FEDORA-2024-39a8c72ea9
-
FEDORA-2024-3bb23c77f3
-
FEDORA-2024-3fd1bc9276
-
FEDORA-2024-71c2c6526c
-
FEDORA-2024-7b08207cdb
-
FEDORA-2024-7e301327c2
-
FEDORA-2024-a53b24023d
-
FEDORA-2024-ae653fb07b
-
FEDORA-2024-d946b9ad25
-
FEDORA-2024-fb32950d11
-
FREEBSD:0F7598CC-9FE2-11EE-B47F-901B0E9408DC
-
FREEBSD:13D83980-9F18-11EE-8E38-002590C1F29C
-
FREEBSD:4EBDD56B-FE72-11EE-BC57-00E081B7AA2D
-
FREEBSD:91955195-9EBB-11EE-BC14-A703705DB3A6
-
FREEBSD:B5E22EC5-BC4B-11EE-B0B5-B42E991FC52E
-
GLSA-202312-16
-
GLSA-202312-17
-
GLSA-202407-11
-
GLSA-202407-12
-
JENKINS:SECURITY-3333
-
JENKINS:SECURITY-3386
-
openSUSE-SU-2023:0411-1
-
openSUSE-SU-2023:0421-1
-
openSUSE-SU-2024:0005-1
-
openSUSE-SU-2024:0008-1
-
openSUSE-SU-2024:0036-1
-
RHBA-2024:1127
-
RHBA-2024:1136
-
RHSA-2024:0606
-
RHSA-2024:0628
-
RHSA-2024:1130
-
RHSA-2024:1150
-
RHSA-2024:2988
-
RLSA-2024:0606
-
RLSA-2024:0628
-
SSA:2023-353-01
-
SSA:2023-354-01
-
SUSE-SU-2023:4902-1
-
SUSE-SU-2023:4903-1
-
SUSE-SU-2023:4904-1
-
SUSE-SU-2023:4905-1
-
SUSE-SU-2023:4946-1
-
SUSE-SU-2024:0006-1
-
SUSE-SU-2024:0035-1
-
SUSE-SU-2024:0140-1
-
SUSE-SU-2024:0210-1
-
SUSE-SU-2024:0224-1
-
SUSE-SU-2024:0327-1
-
SUSE-SU-2024:0430-1
-
SUSE-SU-2024:0460-1
-
SUSE-SU-2024:0525-1
-
SUSE-SU-2024:0539-1
-
SUSE-SU-2024:0543-1
-
SUSE-SU-2024:0558-1
-
SUSE-SU-2024:0972-1
-
SUSE-SU-2024:0974-1
-
USN-6560-1
-
USN-6560-2
-
USN-6561-1
-
USN-6585-1
-
USN-6589-1
-
USN-6598-1
-
USN-6738-1
-
| Source | # ID | Name | URL |
|---|---|---|---|
| Security Advisory |
|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |