CVE-2020-9283 in GoLang and Debian Products
Published on February 20, 2020
golang.org/x/crypto before v0.0.0-20200220183623-bac4c82f6975 for Go allows a panic during signature verification in the golang.org/x/crypto/ssh package. A client can attack an SSH server that accepts public keys. Also, a server can attack any SSH client.
Products Associated with CVE-2020-9283
stack.watch emails you whenever new vulnerabilities are published in GoLang Package Ssh or Debian Linux. Just hit a watch button to start following.
Exploit Probability
EPSS
18.68%
Percentile
95.15%
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.