Zurück zur CVE-Übersicht
CVE-2026-39835
MEDIUM(5.3)CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Risk Signal Score13/100 — NIEDRIG
- CVSS 5.3 — Mittel
EPSS-Score
0%
Exploit-Wahrscheinlichkeit (30 Tage)
CVSS Score
5.3
Technische Schwere
Beschreibung
SSH servers which use CertChecker as a public key callback without setting IsUserAuthority or IsHostAuthority could be caused to panic by a client presenting a certificate. CertChecker now returns an error instead of panicking when these callbacks are nil.
GitHub Advisories
GHSA-78mq-xcr3-xm33MEDIUM
golang.org/x/crypto is vulnerable to invoking server panic during CheckHostKey/Authenticate flow
go/golang.org/x/crypto→ 0.52.0
GitHub AdvisoryReferenzen
- https://go.dev/cl/781660
- https://go.dev/issue/79563
- https://groups.google.com/g/golang-announce/c/a082jnz-LvI
- https://pkg.go.dev/vuln/GO-2026-5015
- https://access.redhat.com/errata/RHSA-2026:26546
- https://access.redhat.com/errata/RHSA-2026:26547
- https://access.redhat.com/errata/RHSA-2026:36199
- https://access.redhat.com/errata/RHSA-2026:36207
- https://access.redhat.com/errata/RHSA-2026:36319
- https://access.redhat.com/errata/RHSA-2026:36625