SecBoard
Zurück zur CVE-Übersicht

CVE-2026-39835

MEDIUM(5.3)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Risk Signal Score13/100 — NIEDRIG
  • CVSS 5.3 — Mittel

EPSS-Score

0%

Exploit-Wahrscheinlichkeit (30 Tage)

CVSS Score

5.3

Technische Schwere

Beschreibung

SSH servers which use CertChecker as a public key callback without setting IsUserAuthority or IsHostAuthority could be caused to panic by a client presenting a certificate. CertChecker now returns an error instead of panicking when these callbacks are nil.

GitHub Advisories

GHSA-78mq-xcr3-xm33MEDIUM

golang.org/x/crypto is vulnerable to invoking server panic during CheckHostKey/Authenticate flow

go/golang.org/x/crypto0.52.0
GitHub Advisory

Referenzen