What is the severity of CVE-2020-9283?

CVE-2020-9283 is classified as a denial of service vulnerability.

How do I fix CVE-2020-9283?

To resolve CVE-2020-9283, upgrade to the fixed versions listed for affected packages, such as Kiali 0:v1.12.10.redhat2-1.el7 or similar remediation versions.

Which software is affected by CVE-2020-9283?

CVE-2020-9283 affects various packages including Kiali, IOR, and Servicemesh among others in Red Hat systems.

How can attackers exploit CVE-2020-9283?

Attackers can exploit CVE-2020-9283 by supplying specially crafted SSH ed25519 keys to crash applications using the affected SSH package.

What applications are vulnerable due to CVE-2020-9283?

Applications using the SSH components of the golang.org/x/crypto library are vulnerable due to CVE-2020-9283.

Vulnerability/
CVE-2020-9283

high

7.5

CWE

347 130

19/2/2020

20/2/2020

4/8/2024

CVE-2020-9283

First published: Wed Feb 19 2020(Updated: )

A denial of service vulnerability was found in the SSH package of the golang.org/x/crypto library. An attacker could exploit this flaw by supplying crafted SSH ed25519 keys to cause a crash in applications that use this package as either an SSH client or server.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
redhat/kiali	<0:v1.12.10.redhat2-1.el7	0:v1.12.10.redhat2-1.el7
redhat/ior	<0:1.1.6-1.el8	0:1.1.6-1.el8
redhat/servicemesh	<0:1.1.6-1.el8	0:1.1.6-1.el8
redhat/servicemesh-cni	<0:1.1.6-1.el8	0:1.1.6-1.el8
redhat/servicemesh-grafana	<0:6.4.3-13.el8	0:6.4.3-13.el8
redhat/servicemesh-operator	<0:1.1.6-2.el8	0:1.1.6-2.el8
redhat/servicemesh-prometheus	<0:2.14.0-14.el8	0:2.14.0-14.el8
redhat/jenkins-agent-maven	<35-rhel7	35-rhel7
redhat/openshift-clients	<0:4.3.31-202007250052.p0.git.3329.59998b9.el7	0:4.3.31-202007250052.p0.git.3329.59998b9.el7
redhat/openshift	<0:4.5.0-202007012112.p0.git.0.582d7fc.el8	0:4.5.0-202007012112.p0.git.0.582d7fc.el8
redhat/golang.org/x/crypto 0.0.0	<20200220183623	20200220183623
Go	=0.0.0-20200220183623-bac4c82f6975
Debian Linux	=9.0

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

Frequently Asked Questions

What is the severity of CVE-2020-9283?
CVE-2020-9283 is classified as a denial of service vulnerability.
How do I fix CVE-2020-9283?
To resolve CVE-2020-9283, upgrade to the fixed versions listed for affected packages, such as Kiali 0:v1.12.10.redhat2-1.el7 or similar remediation versions.
Which software is affected by CVE-2020-9283?
CVE-2020-9283 affects various packages including Kiali, IOR, and Servicemesh among others in Red Hat systems.
How can attackers exploit CVE-2020-9283?
Attackers can exploit CVE-2020-9283 by supplying specially crafted SSH ed25519 keys to crash applications using the affected SSH package.
What applications are vulnerable due to CVE-2020-9283?
Applications using the SSH components of the golang.org/x/crypto library are vulnerable due to CVE-2020-9283.

collector/redhat-cve
agent/type
agent/first-publish-date
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2020-9283
agent/software-canonical-lookup
agent/severity
agent/author
agent/weakness
agent/description
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/references
agent/event
agent/trending
agent/source
agent/softwarecombine
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
package-manager/redhat
vendor/golang
canonical/go
version/go/0.0.0-20200220183623-bac4c82f6975
vendor/debian
canonical/debian linux
version/debian linux/9.0