GO-2023-2402

See a problem?

Source

https://pkg.go.dev/vuln/GO-2023-2402

Import Source

https://vuln.go.dev/ID/GO-2023-2402.json

JSON Data

https://api.osv.dev/v1/vulns/GO-2023-2402

Aliases

Published

2023-12-18T21:18:26Z

Modified

2024-09-11T06:13:37.624814Z

Summary

Man-in-the-middle attacker can compromise integrity of secure channel in golang.org/x/crypto

Details

A protocol weakness allows a MITM attacker to compromise the integrity of the secure channel before it is established, allowing the attacker to prevent transmission of a number of messages immediately after the secure channel is established without either side being aware.

The impact of this attack is relatively limited, as it does not compromise confidentiality of the channel. Notably this attack would allow an attacker to prevent the transmission of the SSH2MSGEXT_INFO message, disabling a handful of newer security features.

This protocol weakness was also fixed in OpenSSH 9.6.

References

Credits

- Fabian Bäumer (Ruhr University Bochum)
- Marcus Brinkmann (Ruhr University Bochum)
- Jörg Schwenk (Ruhr University Bochum)

Affected packages

Go / golang.org/x/crypto

Package

Name: golang.org/x/crypto; View open source insights on deps.dev
Purl: pkg:golang/golang.org/x/crypto

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.17.0

Ecosystem specific

{
    "imports": [
        {
            "path": "golang.org/x/crypto/ssh",
            "symbols": [
                "Client.Dial",
                "Client.DialContext",
                "Client.DialTCP",
                "Client.Listen",
                "Client.ListenTCP",
                "Client.ListenUnix",
                "Client.NewSession",
                "Dial",
                "DiscardRequests",
                "NewClient",
                "NewClientConn",
                "NewServerConn",
                "Request.Reply",
                "Session.Close",
                "Session.CombinedOutput",
                "Session.Output",
                "Session.RequestPty",
                "Session.RequestSubsystem",
                "Session.Run",
                "Session.SendRequest",
                "Session.Setenv",
                "Session.Shell",
                "Session.Signal",
                "Session.Start",
                "Session.WindowChange",
                "channel.Accept",
                "channel.Close",
                "channel.CloseWrite",
                "channel.Read",
                "channel.ReadExtended",
                "channel.Reject",
                "channel.SendRequest",
                "channel.Write",
                "channel.WriteExtended",
                "connectionState.readPacket",
                "connectionState.writePacket",
                "curve25519sha256.Client",
                "curve25519sha256.Server",
                "dhGEXSHA.Client",
                "dhGEXSHA.Server",
                "dhGroup.Client",
                "dhGroup.Server",
                "ecdh.Client",
                "ecdh.Server",
                "extChannel.Read",
                "extChannel.Write",
                "handshakeTransport.enterKeyExchange",
                "handshakeTransport.readLoop",
                "handshakeTransport.sendKexInit",
                "mux.OpenChannel",
                "mux.SendRequest",
                "sessionStdin.Close",
                "sshClientKeyboardInteractive.Challenge",
                "tcpListener.Accept",
                "tcpListener.Close",
                "transport.readPacket",
                "transport.writePacket",
                "unixListener.Accept",
                "unixListener.Close"
            ]
        }
    ]
}