golang.org/x/crypto before v0.0.0-20200220183623-bac4c82f6975 for Go allows a panic during signature verification in the golang.org/x/crypto/ssh package. A client can attack an SSH server that accepts public keys. Also, a server can attack any SSH client.
Improper Verification of Cryptographic Signature
Improper Verification of Cryptographic Signature
Improper Handling of Length Parameter Inconsistency
See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.
Sign in