CVE-2022-27191 The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b allows attackers to crash servers with AddHostKey.

This issue arises due to a race condition in the AddHostKey function. A remote attacker can leverage this issue to crash a server. The AddHostKey function calls the AcceptEnv function, which calls the AcceptEnv function, which calls the AcceptEnv function, which invokes the Init function. This process may lead to a situation where the AcceptEnv function is invoked during AddHostKey, and the AcceptEnv function then invokes the Init function. This can lead to a situation where the AcceptEnv function returns an error, which then crashes the server. This issue does not affect Go users who do not have write access to the remote SSH configuration. It is recommended that Go servers be configured in such a way that only the root user has write access to the remote SSH configuration. If a server is configured in a way that allows other users to modify the SSH configuration, it is possible that those users may run AddHostKey at a time when it is invoked during AcceptEnv. This can lead to a situation where AddHostKey invokes AcceptEnv during AcceptEnv, and this can lead to a situation where an error is returned during AcceptEnv, which then invokes Init, which then invokes the AcceptEnv function, which then invokes the Init function. This can result in a situation where the Init function returns an error, which then crashes the server.

This issue was reported to golang.org/ on 2019-02-

CVE-2023-27192

This issue arises due to a race condition in the AcceptEnv function. A remote attacker can leverage this issue to crash a server. The AcceptEnv function calls the Asn1DecodeLen function, which calls the Asn1DecodeLen function, which calls the Asn1DecodeLen function, which invokes the NewSessionKeyX509Certificate function. This process may lead to a situation where the AcceptEnv function is invoked during Asn1DecodeLen, and the AcceptEnv function then invokes the NewSessionKeyX509Certificate function. This can lead to a situation where the AcceptEnv function returns an error, which then crashes the server.
This issue does not affect Go users who do not have write access to remote SSH configuration. It is recommended that Go servers be configured in such a way that only root has write access to remote SSH configuration. If a server is configured in a way that allows other users to modify remote SSH configuration, it is possible that those users may run AddHostKey at a time when it is invoked during AcceptEnv. This can result in a situation where AddHostKey invokes AcceptEnv during AcceptEnv, and this can lead to a situation where an error is returned during AcceptEnv, which then invokes NewSessionKeyX509Certificate, which then invokes Init, which then invokes the PresentCRL function. This can result in a situation where PresentCRL

CVE-2022-27192

This issue arises due to a race condition in the AddHostKey function. A remote attacker can leverage this issue to crash a server. The AddHostKey function calls the AcceptEnv function, which calls the AcceptEnv function, which calls the AcceptEnv function, which invokes the Init function. This process may lead to a situation where the AcceptEnv function is invoked during AddHostKey, and the AcceptEnv function then invokes the Init function. This can lead to a situation where the AcceptEnv function returns an error, which then crashes the server.
This issue does not affect Go users who do not have write access to the remote SSH configuration. It is recommended that Go servers be configured in such a way that only root has write access to the remote SSH configuration. If a server is configured in a way that allows other users to modify the SSH configuration, it is possible that those users may run AddHostKey at a time when it is invoked during AcceptEnv. This can lead to a situation where AddHostKey invokes AcceptEnv during AcceptEnv, and this can lead to a situation where an error is returned during AcceptEnv, which then invokes Init, which then invokes the AcceptEnv function, which then invokes the Init function. This can result in a situation where Init returns an error, which then crashes the server.

Timeline

Published on: 03/18/2022 07:15:00 UTC
Last modified on: 08/17/2022 04:15:00 UTC

References