GHSA-q4h4-gmj2-qvw2HighCVSS 7.5
golang.org/x/crypto/ssh: Invoking byte arithmetic causes underflow and panic
🔗 CVE IDs covered (1)
📋 Description
An incorrectly placed cast from bytes to int allowed for server-side panic in the AES-GCM packet decoder for well-crafted inputs.
🎯 Affected products1
- go/golang.org/x/crypto/ssh:< 0.52.0