VIR Vulnerability Intelligence Relay

Package impact

golang Go / golang.org/x/crypto

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2017-3204 high 8.1 8.1 9y ago The Go SSH library (x/crypto/ssh) by default does not verify host keys, facilitating man-in-the-middle attacks. Default behavior changed in commit e4e2799 to require explicitly registering a hostkey … debiangolang
CVE-2025-47913 high 8.0 5mo ago Important: buildah security update rockylinuxredhatdebiansuse+1
CVE-2025-22869 high 8.0 1y ago Important: gvisor-tap-vsock security update redhatrockylinuxdebiansuse+1
CVE-2026-46597 high 7.5 7.5 6d ago An incorrectly placed cast from bytes to int allowed for server-side panic in the AES-GCM packet decoder for well-crafted inputs. debiansusegolang
CVE-2026-39829 high 7.5 7.5 6d ago The RSA and DSA public key parsers did not enforce size limits on key parameters. A crafted public key with an excessively large modulus or DSA parameter could cause several minutes of CPU consumptio… debiansusegolang