Skip to main content

Use of a Broken or Risky Cryptographic Algorithm

CVE-2022-27191

Severity High
Score 7.5/10

Summary

"golang.org/x/crypto/ssh" before 0.0.0-20220314234659-1baeb1ce4c0b in Go through 1.16.15 and 1.17.x through 1.17.8 allows an attacker to crash a server in certain circumstances involving "AddHostKey".

  • LOW
  • NETWORK
  • NONE
  • UNCHANGED
  • NONE
  • NONE
  • NONE
  • HIGH

CWE-327 - Use of a Broken or Risky Cryptographic Algorithm

The use of a broken or risky cryptographic algorithm is an unnecessary risk that may result in the exposure of sensitive information.

Advisory Timeline

  • Published