CVE-2022-27191
Summary
| CVE | CVE-2022-27191 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-03-18 07:15:00 UTC |
| Updated | 2023-11-07 03:45:00 UTC |
| Description | The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to crash a server in certain circumstances involving AddHostKey. |
Risk And Classification
Problem Types: NVD-CWE-noinfo
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Fedoraproject | Extra Packages For Enterprise Linux | 8.0 | All | All | All |
| Operating System | Fedoraproject | Fedora | 34 | All | All | All |
| Operating System | Fedoraproject | Fedora | 35 | All | All | All |
| Operating System | Fedoraproject | Fedora | 36 | All | All | All |
| Application | Golang | Go | All | All | All | All |
| Application | Golang | Go | All | All | All | All |
| Application | Golang | Ssh | All | All | All | All |
| Application | Redhat | Advanced Cluster Management For Kubernetes | 2.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux | 7.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux | 8.0 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| [SECURITY] Fedora 34 Update: golang-github-containerd-stargz-snapshotter-0.7.0-4.fc34 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| [SECURITY] Fedora 36 Update: golang-github-chromedp-0.8.1-2.fc36 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| An update of golang.org/x/crypto/ssh might be necessary | CONFIRM | groups.google.com | |
| [SECURITY] Fedora 35 Update: podman-3.4.7-1.fc35 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| [SECURITY] Fedora 36 Update: aquatone-1.7.0-7.fc36 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| [SECURITY] Fedora 35 Update: podman-3.4.7-1.fc35 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | |
| [SECURITY] Fedora 35 Update: golang-x-crypto-0-0.43.20220412git7b82a4e.fc35 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | |
| [SECURITY] Fedora 36 Update: golang-github-chromedp-0.8.1-2.fc36 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | |
| [SECURITY] Fedora 34 Update: golang-x-crypto-0-0.43.20220412git7b82a4e.fc34 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | |
| [SECURITY] Fedora 36 Update: golang-x-crypto-0-0.43.20220412git7b82a4e.fc36 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| [SECURITY] Fedora 34 Update: podman-3.4.7-1.fc34 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| [SECURITY] Fedora 36 Update: aquatone-1.7.0-7.fc36 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | |
| [SECURITY] Fedora 35 Update: golang-github-theupdateframework-notary-0.7.0-4.fc35 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| [SECURITY] Fedora 35 Update: golang-github-theupdateframework-notary-0.7.0-4.fc35 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | |
| [SECURITY] Fedora 36 Update: golang-x-crypto-0-0.43.20220412git7b82a4e.fc36 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | |
| [SECURITY] Fedora 35 Update: golang-x-crypto-0-0.43.20220412git7b82a4e.fc35 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| [SECURITY] Fedora 34 Update: podman-3.4.7-1.fc34 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | |
| [SECURITY] Fedora 34 Update: golang-x-crypto-0-0.43.20220412git7b82a4e.fc34 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| [SECURITY] Fedora 34 Update: golang-github-containerd-stargz-snapshotter-0.7.0-4.fc34 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | |
| [SECURITY] Fedora 35 Update: fzf-0.29.0-2.fc35 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| [SECURITY] Fedora 36 Update: shellz-1.5.0-6.fc36 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | |
| [SECURITY] Fedora 35 Update: fzf-0.29.0-2.fc35 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | |
| golang-announce - Google Groups | MISC | groups.google.com | |
| CVE-2022-27191 Golang Vulnerability in NetApp Products | NetApp Product Security | CONFIRM | security.netapp.com | |
| [SECURITY] Fedora 36 Update: shellz-1.5.0-6.fc36 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 160213 Oracle Enterprise Linux Security Update for container-tools:4.0 (ELSA-2022-7469)
- 160233 Oracle Enterprise Linux Security Update for container-tools:ol8 (ELSA-2022-7457)
- 160285 Oracle Enterprise Linux Security Update for buildah (ELSA-2022-8008)
- 160293 Oracle Enterprise Linux Security Update for podman (ELSA-2022-7954)
- 182130 Debian Security Update for golang-go.crypto (CVE-2022-27191)
- 240607 Red Hat OpenShift Container Platform 4.11 Security Update (RHSA-2022:5068)
- 240829 Red Hat Update for container-tools:rhel8 security (RHSA-2022:7457)
- 240847 Red Hat Update for container-tools:4.0 (RHSA-2022:7469)
- 240876 Red Hat Update for podman (RHSA-2022:7954)
- 240894 Red Hat Update for buildah (RHSA-2022:8008)
- 241623 Red Hat OpenShift Container Platform 4.13 Security Update (RHSA-2023:3366)
- 282613 Fedora Security Update for golang (FEDORA-2022-d37fb34309)
- 282614 Fedora Security Update for golang (FEDORA-2022-a4c9009f3e)
- 282625 Fedora Security Update for bettercap (FEDORA-2022-3a63897745)
- 282627 Fedora Security Update for bettercap (FEDORA-2022-5cbd6de569)
- 282631 Fedora Security Update for podman (FEDORA-2022-c87047f163)
- 282683 Fedora Security Update for podman (FEDORA-2022-5e637f6cc6)
- 282893 Fedora Security Update for 3mux (FEDORA-2022-fae3ecee19)
- 282931 Fedora Security Update for apptainer (FEDORA-2022-ba365d3703)
- 283049 Fedora Security Update for fzf (FEDORA-2022-30c5ed5625)
- 284299 Fedora Security Update for etcd (FEDORA-2022-28d38313c8)
- 354064 Amazon Linux Security Advisory for golist : ALAS2-2022-1847
- 354067 Amazon Linux Security Advisory for golang : ALAS2-2022-1846
- 354069 Amazon Linux Security Advisory for golang : ALAS-2022-1635
- 354083 Amazon Linux Security Advisory for runc : ALAS2DOCKER-2022-020
- 354088 Amazon Linux Security Advisory for golang-github-syndtr-gocapability : ALAS2-2022-1865
- 354089 Amazon Linux Security Advisory for golang-googlecode-sqlite : ALAS2-2022-1862
- 354090 Amazon Linux Security Advisory for golang-github-kr-pty : ALAS2-2022-1864
- 354091 Amazon Linux Security Advisory for go-rpm-macros : ALAS2-2022-1863
- 354092 Amazon Linux Security Advisory for golang-googlecode-net : ALAS2-2022-1861
- 354093 Amazon Linux Security Advisory for golang-github-gorilla-mux : ALAS2-2022-1860
- 354094 Amazon Linux Security Advisory for golang-github-gorilla-context : ALAS2-2022-1859
- 354096 Amazon Linux Security Advisory for golang-github-godbus-dbus : ALAS2-2022-1858
- 354370 Amazon Linux Security Advisory for golang-github-cpuguy83-md2man : ALAS2022-2022-140
- 354493 Amazon Linux Security Advisory for golist : ALAS2022-2022-133
- 354504 Amazon Linux Security Advisory for golist : ALAS2022-2022-192
- 354527 Amazon Linux Security Advisory for golang : ALAS2022-2022-193
- 354566 Amazon Linux Security Advisory for golang : ALAS-2022-193
- 355111 Amazon Linux Security Advisory for golist : ALAS2023-2023-046
- 355186 Amazon Linux Security Advisory for golang-github-cpuguy83-md2man : ALAS2023-2023-047
- 355212 Amazon Linux Security Advisory for golang : ALAS2023-2023-048
- 378599 Splunk Enterprise Third Party Package Updates for June (SVD-2023-0613)
- 378883 Splunk Enterprise August Third Party Package Updates (SVD-2023-0808)
- 379641 Alibaba Cloud Linux Security Update for container-tools:rhel8 (ALINUX3-SA-2024:0050)
- 501856 Alpine Linux Security Update for go
- 502156 Alpine Linux Security Update for podman
- 502261 Alpine Linux Security Update for coredns
- 502289 Alpine Linux Security Update for git-lfs
- 504649 Alpine Linux Security Update for coredns
- 752133 SUSE Enterprise Linux Security Update for containerd, docker (SUSE-SU-2022:1689-1)
- 752988 SUSE Enterprise Linux Security Update for containerd (SUSE-SU-2022:4409-1)
- 752994 SUSE Enterprise Linux Security Update for containerd (SUSE-SU-2022:4463-1)
- 753361 SUSE Enterprise Linux Security Update for podman (SUSE-SU-2022:2834-1)
- 753444 SUSE Enterprise Linux Security Update for podman (SUSE-SU-2022:2839-1)
- 753592 SUSE Enterprise Linux Security Update for podman (SUSE-SU-2023:0187-1)
- 753659 SUSE Enterprise Linux Security Update for podman (SUSE-SU-2023:0326-1)
- 753994 SUSE Enterprise Linux Security Update for Prometheus Golang clients (SUSE-SU-2023:2187-1)
- 753995 SUSE Enterprise Linux Security Update for SUSE Manager Client Tools (SUSE-SU-2023:2183-1)
- 770161 Red Hat OpenShift Container Platform 4.1 Security Update (RHSA-2022:5068)
- 770189 Red Hat OpenShift Container Platform 4.13 Security Update (RHSA-2023:3366)
- 900768 Common Base Linux Mariner (CBL-Mariner) Security Update for golang (9089)
- 940774 AlmaLinux Security Update for container-tools:4.0 (ALSA-2022:7469)
- 940827 AlmaLinux Security Update for buildah (ALSA-2022:8008)
- 940834 AlmaLinux Security Update for podman (ALSA-2022:7954)
- 960172 Rocky Linux Security Update for container-tools:rhel8 (RLSA-2022:7457)
- 960188 Rocky Linux Security Update for container-tools:4.0 (RLSA-2022:7469)