The x/crypto/ssh package before 0.0.0-20211202192323-5770296d904e of golang.org/x/crypto allows an unauthenticated attacker to panic an SSH server. When using AES-GCM or ChaCha20Poly1305, consuming a malformed packet which contains an empty plaintext causes a panic.
Improper Input Validation
3.9
3.9
-
3.9
-
-
-
-
-
-
-
3.9
3.9
CVE-2021-43565
-
CVE-2021-43565
-