Bug 1804533 (CVE-2020-9283) - CVE-2020-9283 golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic
Summary: CVE-2020-9283 golang.org/x/crypto: Processing of crafted ssh-ed25519 public k...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2020-9283
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1806489 1806494 1808163 1808164 1808165 1808166 1808167 1808168 1808169 1808170 1808171 1808172 1808173 1808174 1808175 1808176 1808177 1808178 1808179 1808180 1808181 1808182 1808199 1808200 1808201 1808202 1808204 1808205 1808206 1808207 1808208 1808209 1808210 1808211 1808212 1808213 1808214 1808215 1808216 1808217 1808218 1808219 1808220 1808221 1808222 1808223 1808224 1808225 1808226 1808227 1808228 1808229 1808230 1808231 1808232 1808233 1808234 1808243 1808244 1808246 1808247 1808248 1808251 1808252 1821598 1821623 1837979 1837987 1843575 1854385 1857071 1857612 1857613 1857614 1857615 1857616 1857617 1857618 1857619 1857620 1857621 1857622 1857623 1857624 1857625 1857626 1857628 1857629 1857630 1857631 1857632 1857633 1857634 1857635 1857636 1857637 1857638 1857639 1857640 1857641 1857642 1857643 1857644 1857645 1857646 1857647 1857648
Blocks: 1804534
TreeView+ depends on / blocked
 
Reported: 2020-02-19 04:20 UTC by Sam Fowler
Modified: 2021-04-07 10:31 UTC (History)
55 users (show)

Fixed In Version: golang.org/x/crypto 0.0.0-20200220183623-bac4c82f6975
Doc Type: If docs needed, set a value
Doc Text:
A denial of service vulnerability was found in the SSH package of the golang.org/x/crypto library. An attacker could exploit this flaw by supplying crafted SSH ed25519 keys to cause a crash in applications that use this package as either an SSH client or server.
Clone Of:
Environment:
Last Closed: 2020-07-07 01:27:37 UTC
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2020:2412 0 None None None 2020-07-13 17:23:12 UTC
Red Hat Product Errata RHSA-2020:2789 0 None None None 2020-07-06 20:30:32 UTC
Red Hat Product Errata RHSA-2020:2790 0 None None None 2020-07-06 20:12:57 UTC
Red Hat Product Errata RHSA-2020:2793 0 None None None 2020-07-06 20:14:21 UTC
Red Hat Product Errata RHSA-2020:2878 0 None None None 2020-07-14 01:20:57 UTC
Red Hat Product Errata RHSA-2020:3078 0 None None None 2020-07-28 12:49:15 UTC
Red Hat Product Errata RHSA-2020:3369 0 None None None 2020-08-06 20:17:49 UTC
Red Hat Product Errata RHSA-2020:3370 0 None None None 2020-08-06 20:16:23 UTC
Red Hat Product Errata RHSA-2020:3372 0 None None None 2020-08-06 20:21:51 UTC
Red Hat Product Errata RHSA-2020:3414 0 None None None 2020-08-12 04:49:00 UTC
Red Hat Product Errata RHSA-2020:3809 0 None None None 2020-09-23 14:15:05 UTC
Red Hat Product Errata RHSA-2020:4264 0 None None None 2020-10-20 21:56:12 UTC
Red Hat Product Errata RHSA-2020:4298 0 None None None 2020-10-27 16:23:54 UTC
Red Hat Product Errata RHSA-2021:0799 0 None None None 2021-03-10 11:15:25 UTC

Description Sam Fowler 2020-02-19 04:20:25 UTC
An attacker can craft an ssh-ed25519 or sk-ssh-ed25519 public key, such that the library will panic when trying to verify a signature with it. Clients can deliver such a public key and signature to any golang.org/x/crypto/ssh server with a PublicKeyCallback, and servers can deliver them to any golang.org/x/crypto/ssh client.


Reference:

https://groups.google.com/forum/#!topic/kubernetes-security-discuss/s15RxeNdBLc

Comment 1 Sam Fowler 2020-02-24 00:13:49 UTC
External Reference:

https://groups.google.com/forum/#!topic/golang-announce/3L45YRc91SY

Comment 11 Sam Fowler 2020-02-28 01:08:41 UTC
Statement:

OpenShift Container Platform uses the vulnerable library in a number of components but strictly as an SSH client. The severity of this vulnerability is reduced for clients as it requires connections to malicious SSH servers, with the maximum impact only a client crash. This vulnerability is rated Low for OpenShift Container Platform.

Comment 24 errata-xmlrpc 2020-07-06 20:12:54 UTC
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.4

Via RHSA-2020:2790 https://access.redhat.com/errata/RHSA-2020:2790

Comment 25 errata-xmlrpc 2020-07-06 20:14:17 UTC
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.4

Via RHSA-2020:2793 https://access.redhat.com/errata/RHSA-2020:2793

Comment 26 errata-xmlrpc 2020-07-06 20:30:30 UTC
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.4

Via RHSA-2020:2789 https://access.redhat.com/errata/RHSA-2020:2789

Comment 27 Product Security DevOps Team 2020-07-07 01:27:37 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2020-9283

Comment 28 errata-xmlrpc 2020-07-13 17:23:09 UTC
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.5

Via RHSA-2020:2412 https://access.redhat.com/errata/RHSA-2020:2412

Comment 32 errata-xmlrpc 2020-07-14 01:20:54 UTC
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.4

Via RHSA-2020:2878 https://access.redhat.com/errata/RHSA-2020:2878

Comment 38 errata-xmlrpc 2020-07-28 12:49:11 UTC
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.4

Via RHSA-2020:3078 https://access.redhat.com/errata/RHSA-2020:3078

Comment 39 errata-xmlrpc 2020-08-06 20:16:21 UTC
This issue has been addressed in the following products:

  Jaeger-1.17

Via RHSA-2020:3370 https://access.redhat.com/errata/RHSA-2020:3370

Comment 40 errata-xmlrpc 2020-08-06 20:17:46 UTC
This issue has been addressed in the following products:

  OpenShift Service Mesh 1.1
  Openshift Service Mesh 1.1

Via RHSA-2020:3369 https://access.redhat.com/errata/RHSA-2020:3369

Comment 41 errata-xmlrpc 2020-08-06 20:21:48 UTC
This issue has been addressed in the following products:

  OpenShift Service Mesh 1.0

Via RHSA-2020:3372 https://access.redhat.com/errata/RHSA-2020:3372

Comment 42 errata-xmlrpc 2020-08-12 04:48:57 UTC
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.5

Via RHSA-2020:3414 https://access.redhat.com/errata/RHSA-2020:3414

Comment 43 errata-xmlrpc 2020-09-23 14:15:06 UTC
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.3

Via RHSA-2020:3809 https://access.redhat.com/errata/RHSA-2020:3809

Comment 44 errata-xmlrpc 2020-10-20 21:56:10 UTC
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.3

Via RHSA-2020:4264 https://access.redhat.com/errata/RHSA-2020:4264

Comment 45 errata-xmlrpc 2020-10-27 16:23:47 UTC
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.6

Via RHSA-2020:4298 https://access.redhat.com/errata/RHSA-2020:4298

Comment 46 errata-xmlrpc 2021-03-10 11:15:18 UTC
This issue has been addressed in the following products:

  RHEL-8-CNV-2.6

Via RHSA-2021:0799 https://access.redhat.com/errata/RHSA-2021:0799

Comment 49 errata-xmlrpc 2021-04-07 10:31:22 UTC
This issue has been addressed in the following products:

  3scale API Management

Via RHSA-2021:1129 https://access.redhat.com/errata/RHSA-2021:1129


Note You need to log in before you can comment on or make changes to this bug.