Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

x/crypto/ssh: empty plaintext packet causes panic #49932

Closed
rolandshoemaker opened this issue Dec 2, 2021 · 2 comments
Closed

x/crypto/ssh: empty plaintext packet causes panic #49932

rolandshoemaker opened this issue Dec 2, 2021 · 2 comments
Labels
FrozenDueToAge Security
Milestone
Unreleased

Comments

@rolandshoemaker
Copy link
Member

When using AES-GCM or ChaCha20Poly1305, consuming a malformed packet which contains empty plaintext causes a panic, due to the assumption that there will always be at least one byte, containing the number of padding bytes.
@gopherbot gopherbot added this to the Unreleased milestone Dec 2, 2021
@gopherbot
Copy link
Contributor

Change https://golang.org/cl/368814 mentions this issue: ssh: don't assume packet plaintext size

@dhcgn
Copy link

dhcgn commented Dec 3, 2021

This CVE 2021-43565 has a status of RESERVED by CVE, but should be public soon: https://nvd.nist.gov/vuln/detail/CVE-2021-43565

thaJeztah added a commit to thaJeztah/buildkit that referenced this issue Dec 3, 2021
@thaJeztah
go.mod: golang.org/x/crypto v0.0.0-20211202192323-5770296d904e

Verified

This commit was signed with the committer’s verified signature.
sxzz Kevin Deng 三咲智子
GPG key ID: 69992F2250DFD93E
Verified
Learn about vigilant mode
367ae02 
full diff: golang/crypto@0c34fe9...5770296

includes a fix in golang.org/x/crypto/ssh for CVE-2021-43565

- golang/go#49932
- golang/crypto@5770296

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
@thaJeztah thaJeztah mentioned this issue Dec 3, 2021
Merged
thaJeztah added a commit to thaJeztah/docker that referenced this issue Dec 3, 2021
@thaJeztah
go.mod: golang.org/x/crypto v0.0.0-20211202192323-5770296d904e

Verified

This commit was signed with the committer’s verified signature.
sxzz Kevin Deng 三咲智子
GPG key ID: 69992F2250DFD93E
Verified
Learn about vigilant mode
4008b58 
full diff: golang/crypto@0c34fe9...5770296

includes a fix in golang.org/x/crypto/ssh for CVE-2021-43565

- golang/go#49932
- golang/crypto@5770296

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
thaJeztah added a commit to thaJeztah/docker that referenced this issue Dec 3, 2021
@thaJeztah
go.mod: golang.org/x/crypto 5770296d904e90f15f38f77dfc2e43fdf5efc083

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode
dd9782f 
full diff: golang/crypto@0c34fe9...5770296

includes a fix in golang.org/x/crypto/ssh for CVE-2021-43565

- golang/go#49932
- golang/crypto@5770296

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
@thaJeztah thaJeztah mentioned this issue Dec 3, 2021
Merged
wadey added a commit to slackhq/nebula that referenced this issue Dec 6, 2021
@wadey
update golang.org/x/crypto
3b233de 
> Version v0.0.0-20211202192323-5770296d904e of golang.org/x/crypto fixes a vulnerability in the golang.org/x/crypto/ssh package which allowed unauthenticated clients to cause a panic in SSH servers.
>
> This issue was discovered and reported by Rod Hynes, Psiphon Inc., and is tracked as CVE-2021-43565 and Issue golang/go#49932.

    Updated  golang.org/x/crypto  golang/crypto@089bfa5...5770296
    Updated  golang.org/x/net     golang/net@4a448f8...69e39ba
@wadey wadey mentioned this issue Dec 6, 2021
Merged
wadey added a commit to slackhq/nebula that referenced this issue Dec 6, 2021
@wadey
update golang.org/x/crypto (#603)
127a116 
> Version v0.0.0-20211202192323-5770296d904e of golang.org/x/crypto fixes a vulnerability in the golang.org/x/crypto/ssh package which allowed unauthenticated clients to cause a panic in SSH servers.
>
> This issue was discovered and reported by Rod Hynes, Psiphon Inc., and is tracked as CVE-2021-43565 and Issue golang/go#49932.

    Updated  golang.org/x/crypto  golang/crypto@089bfa5...5770296
    Updated  golang.org/x/net     golang/net@4a448f8...69e39ba
@bcmills bcmills mentioned this issue Dec 14, 2021
Closed
vasiliy-ul added a commit to vasiliy-ul/kubevirt that referenced this issue Dec 21, 2021
@vasiliy-ul
Update golang.org/x/crypto (CVE-2021-43565)
514effd 
Version v0.0.0-20211202192323-5770296d904e of golang.org/x/crypto fixes
a vulnerability in the golang.org/x/crypto/ssh package which allowed
unauthenticated clients to cause a panic in SSH servers.

Reference:
golang/go#49932
golang/crypto@5770296
https://bugzilla.redhat.com/show_bug.cgi?id=2030787
https://bugzilla.suse.com/show_bug.cgi?id=1193930
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43565

Signed-off-by: Vasiliy Ulyanov <vulyanov@suse.de>
@vasiliy-ul vasiliy-ul mentioned this issue Dec 21, 2021
Merged
kubevirt-bot pushed a commit to kubevirt-bot/kubevirt that referenced this issue Dec 21, 2021
@vasiliy-ul
Update golang.org/x/crypto (CVE-2021-43565)
735cc85 
Version v0.0.0-20211202192323-5770296d904e of golang.org/x/crypto fixes
a vulnerability in the golang.org/x/crypto/ssh package which allowed
unauthenticated clients to cause a panic in SSH servers.

Reference:
golang/go#49932
golang/crypto@5770296
https://bugzilla.redhat.com/show_bug.cgi?id=2030787
https://bugzilla.suse.com/show_bug.cgi?id=1193930
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43565

Signed-off-by: Vasiliy Ulyanov <vulyanov@suse.de>
evol262 pushed a commit to evol262/moby that referenced this issue Jan 12, 2022
@thaJeztah
go.mod: golang.org/x/crypto 5770296d904e90f15f38f77dfc2e43fdf5efc083
7ca1c63 
full diff: golang/crypto@0c34fe9...5770296

includes a fix in golang.org/x/crypto/ssh for CVE-2021-43565

- golang/go#49932
- golang/crypto@5770296

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
@petrovicboban petrovicboban mentioned this issue Feb 14, 2022
Closed
@RSAlderman RSAlderman mentioned this issue Mar 18, 2022
Closed
@blankdots blankdots mentioned this issue Mar 23, 2022
Merged
iamacarpet pushed a commit to affordablemobiles/xcrypto that referenced this issue Aug 2, 2022
@rolandshoemaker @iamacarpet
ssh: don't assume packet plaintext size
08aac5d 
When reading GCM and ChaChaPoly1305 packets, don't make assumptions
about the size of the enciphered plaintext. This fixes two panics
caused by standards non-compliant malformed packets.

Thanks to Rod Hynes, Psiphon Inc. for reporting this issue.

Fixes golang/go#49932
Fixes CVE-2021-43565

Change-Id: I660cff39d197e0d04ec44d11d792b22d954df2ef
Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1262659
Reviewed-by: Katie Hockman <katiehockman@google.com>
Reviewed-by: Julie Qiu <julieqiu@google.com>
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/368814
Trust: Roland Shoemaker <roland@golang.org>
Trust: Katie Hockman <katie@golang.org>
Run-TryBot: Roland Shoemaker <roland@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Julie Qiu <julie@golang.org>
Reviewed-by: Katie Hockman <katie@golang.org>
@golang golang locked and limited conversation to collaborators Dec 3, 2022
LewiGoddard pushed a commit to LewiGoddard/crypto that referenced this issue Feb 16, 2023
@rolandshoemaker
ssh: don't assume packet plaintext size
6862871 
When reading GCM and ChaChaPoly1305 packets, don't make assumptions
about the size of the enciphered plaintext. This fixes two panics
caused by standards non-compliant malformed packets.

Thanks to Rod Hynes, Psiphon Inc. for reporting this issue.

Fixes golang/go#49932
Fixes CVE-2021-43565

Change-Id: I660cff39d197e0d04ec44d11d792b22d954df2ef
Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1262659
Reviewed-by: Katie Hockman <katiehockman@google.com>
Reviewed-by: Julie Qiu <julieqiu@google.com>
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/368814
Trust: Roland Shoemaker <roland@golang.org>
Trust: Katie Hockman <katie@golang.org>
Run-TryBot: Roland Shoemaker <roland@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Julie Qiu <julie@golang.org>
Reviewed-by: Katie Hockman <katie@golang.org>
BiiChris pushed a commit to BiiChris/crypto that referenced this issue Sep 15, 2023
@rolandshoemaker
ssh: don't assume packet plaintext size
4e0220a 
When reading GCM and ChaChaPoly1305 packets, don't make assumptions
about the size of the enciphered plaintext. This fixes two panics
caused by standards non-compliant malformed packets.

Thanks to Rod Hynes, Psiphon Inc. for reporting this issue.

Fixes golang/go#49932
Fixes CVE-2021-43565

Change-Id: I660cff39d197e0d04ec44d11d792b22d954df2ef
Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1262659
Reviewed-by: Katie Hockman <katiehockman@google.com>
Reviewed-by: Julie Qiu <julieqiu@google.com>
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/368814
Trust: Roland Shoemaker <roland@golang.org>
Trust: Katie Hockman <katie@golang.org>
Run-TryBot: Roland Shoemaker <roland@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Julie Qiu <julie@golang.org>
Reviewed-by: Katie Hockman <katie@golang.org>
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
FrozenDueToAge Security
Projects
None yet
Milestone
Unreleased
Development

No branches or pull requests
3 participants
@rolandshoemaker @dhcgn @gopherbot