What is CVE-2021-43565?

CVE-2021-43565 is a vulnerability in the x/crypto/ssh package of golang.org/x/crypto that allows an unauthenticated attacker to panic an SSH server.

What is the severity of CVE-2021-43565?

The severity of CVE-2021-43565 is high with a score of 7.5.

How does CVE-2021-43565 affect golang.org/x/crypto?

CVE-2021-43565 affects golang.org/x/crypto by allowing an unauthenticated attacker to panic an SSH server.

How do I fix CVE-2021-43565?

To fix CVE-2021-43565, update to version 0.0.0-20211202192323-5770296d904e or later of the x/crypto/ssh package from golang.org/x/crypto.

Are there any references for CVE-2021-43565?

Yes, you can find more information about CVE-2021-43565 at the following references: [CVE-2021-43565](https://www.cve.org/CVERecord?id=CVE-2021-43565), [NVD](https://nvd.nist.gov/vuln/detail/CVE-2021-43565), [Red Hat Bugzilla](https://bugzilla.redhat.com/show_bug.cgi?id=2030787), [Red Hat Security Advisory](https://access.redhat.com/errata/RHSA-2022:1276).

Vulnerability/
CVE-2021-43565

high

7.5

CWE

2/12/2021

6/9/2022

7/9/2022

4/8/2024

CVE-2021-43565: Input Validation

First published: Thu Dec 02 2021(Updated: )

The x/crypto/ssh package before 0.0.0-20211202192323-5770296d904e of golang.org/x/crypto allows an unauthenticated attacker to panic an SSH server.

Credit: cve@mitre.org cve@mitre.org

Affected Software	Affected Version	How to fix
redhat/kiali	<0:v1.24.7.redhat1-1.el8	0:v1.24.7.redhat1-1.el8
redhat/cri-o	<0:1.24.1-11.rhaos4.11.gitb0d2ef3.el8	0:1.24.1-11.rhaos4.11.gitb0d2ef3.el8
redhat/openshift	<0:4.11.0-202207082037.p0.g9546431.assembly.stream.el8	0:4.11.0-202207082037.p0.g9546431.assembly.stream.el8
redhat/podman	<2:4.0.2-6.rhaos4.11.el8	2:4.0.2-6.rhaos4.11.el8
redhat/mcg	<0:5.10.0-72.el8	0:5.10.0-72.el8
Golang Ssh	<0.0.0-20211202192323-5770296d904e
go/golang.org/x/crypto	<0.0.0-20211202192323-5770296d904e	0.0.0-20211202192323-5770296d904e

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

Frequently Asked Questions

What is CVE-2021-43565?
CVE-2021-43565 is a vulnerability in the x/crypto/ssh package of golang.org/x/crypto that allows an unauthenticated attacker to panic an SSH server.
What is the severity of CVE-2021-43565?
The severity of CVE-2021-43565 is high with a score of 7.5.
How does CVE-2021-43565 affect golang.org/x/crypto?
CVE-2021-43565 affects golang.org/x/crypto by allowing an unauthenticated attacker to panic an SSH server.
How do I fix CVE-2021-43565?
To fix CVE-2021-43565, update to version 0.0.0-20211202192323-5770296d904e or later of the x/crypto/ssh package from golang.org/x/crypto.
Are there any references for CVE-2021-43565?
Yes, you can find more information about CVE-2021-43565 at the following references: [CVE-2021-43565](https://www.cve.org/CVERecord?id=CVE-2021-43565), [NVD](https://nvd.nist.gov/vuln/detail/CVE-2021-43565), [Red Hat Bugzilla](https://bugzilla.redhat.com/show_bug.cgi?id=2030787), [Red Hat Security Advisory](https://access.redhat.com/errata/RHSA-2022:1276).

collector/github-advisory
alias/GHSA-gwc9-m7rh-j2ww
alias/CVE-2021-43565
collector/github-advisory-latest
collector/redhat-cve
collector/nvd-index
collector/nvd-cve
agent/type
agent/author
agent/first-publish-date
agent/softwarecombine
agent/description
agent/weakness
agent/severity
collector/redhat-bugzilla
source/Red Hat
agent/software-canonical-lookup
collector/mitre-cve
source/MITRE
agent/references
agent/last-modified-date
agent/event
agent/trending
agent/tags
agent/source
package-manager/go
package-manager/redhat
vendor/golang
canonical/golang ssh