Search CVE reports
11 – 12 of 12 results
An issue was discovered in the supplementary Go cryptography library, golang.org/x/crypto, before v0.0.0-20190320223903-b7391e95e576. A flaw was found in the amd64 implementation of the golang.org/x/crypto/salsa20...
3 affected packages
golang-go.crypto, lxd, snapd
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| golang-go.crypto | Not affected | Not affected | Not affected | Vulnerable |
| lxd | — | — | Not affected | Not affected |
| snapd | Ignored | Ignored | Ignored | Ignored |
The Go SSH library (x/crypto/ssh) by default does not verify host keys, facilitating man-in-the-middle attacks. Default behavior changed in commit e4e2799 to require explicitly registering a hostkey verification mechanism.
3 affected packages
golang-go.crypto, ubuntu-snappy, snapd
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| golang-go.crypto | Not affected | Not affected | Not affected | Not affected |
| ubuntu-snappy | Not in release | Not in release | Not in release | Not in release |
| snapd | Ignored | Ignored | Ignored | Ignored |