vulnerability

Oracle Linux: CVE-2020-29652: ELSA-2021-1796: container-tools:ol8 security, bug fix, and enhancement update (MODERATE)

Try Surface Command
Back to search
Severity
5
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
Published
Dec 16, 2020
Added
Jul 22, 2024
Modified
Dec 3, 2025

Description

A nil pointer dereference in the golang.org/x/crypto/ssh component through v0.0.0-20201203163018-be400aefbc4c for Go allows remote attackers to cause a denial of service against SSH servers.
A null pointer dereference vulnerability was found in golang. When using the library's ssh server without specifying an option for GSSAPIWithMICConfig, it is possible for an attacker to craft an ssh client connection using the `gssapi-with-mic` authentication method and cause the server to panic resulting in a denial of service. The highest threat from this vulnerability is to system availability.

Solutions

oracle-linux-upgrade-buildahoracle-linux-upgrade-buildah-testsoracle-linux-upgrade-cockpit-podmanoracle-linux-upgrade-conmonoracle-linux-upgrade-containernetworking-pluginsoracle-linux-upgrade-containers-commonoracle-linux-upgrade-container-selinuxoracle-linux-upgrade-critoracle-linux-upgrade-criuoracle-linux-upgrade-crunoracle-linux-upgrade-fuse-overlayfsoracle-linux-upgrade-libslirporacle-linux-upgrade-libslirp-develoracle-linux-upgrade-oci-seccomp-bpf-hookoracle-linux-upgrade-podmanoracle-linux-upgrade-podman-catatonitoracle-linux-upgrade-podman-dockeroracle-linux-upgrade-podman-pluginsoracle-linux-upgrade-podman-remoteoracle-linux-upgrade-podman-testsoracle-linux-upgrade-python3-criuoracle-linux-upgrade-runcoracle-linux-upgrade-skopeooracle-linux-upgrade-skopeo-testsoracle-linux-upgrade-slirp4netnsoracle-linux-upgrade-udica

References

Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today