{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "A nil pointer dereference in the golang.org/x/crypto/ssh component through v0.0.0-20201203163018-be400aefbc4c for Go allows remote attackers to cause a denial of service against SSH servers."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-10-18T05:06:13.000Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://groups.google.com/g/golang-announce/c/ouZIlBimOsE?pli=1"}, {"tags": ["x_refsource_MISC"], "url": "https://go-review.googlesource.com/c/crypto/+/278852"}, {"name": "[skywalking-notifications] 20211018 [GitHub] [skywalking-swck] hanahmily opened a new pull request #37: Fix vulnerabilities", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r68032132c0399c29d6cdc7bd44918535da54060a10a12b1591328bff%40%3Cnotifications.skywalking.apache.org%3E"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-29652", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A nil pointer dereference in the golang.org/x/crypto/ssh component through v0.0.0-20201203163018-be400aefbc4c for Go allows remote attackers to cause a denial of service against SSH servers."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://groups.google.com/g/golang-announce/c/ouZIlBimOsE?pli=1", "refsource": "MISC", "url": "https://groups.google.com/g/golang-announce/c/ouZIlBimOsE?pli=1"}, {"name": "https://go-review.googlesource.com/c/crypto/+/278852", "refsource": "MISC", "url": "https://go-review.googlesource.com/c/crypto/+/278852"}, {"name": "[skywalking-notifications] 20211018 [GitHub] [skywalking-swck] hanahmily opened a new pull request #37: Fix vulnerabilities", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r68032132c0399c29d6cdc7bd44918535da54060a10a12b1591328bff@%3Cnotifications.skywalking.apache.org%3E"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T16:55:10.695Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://groups.google.com/g/golang-announce/c/ouZIlBimOsE?pli=1"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://go-review.googlesource.com/c/crypto/+/278852"}, {"name": "[skywalking-notifications] 20211018 [GitHub] [skywalking-swck] hanahmily opened a new pull request #37: Fix vulnerabilities", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r68032132c0399c29d6cdc7bd44918535da54060a10a12b1591328bff%40%3Cnotifications.skywalking.apache.org%3E"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-29652", "datePublished": "2020-12-17T04:12:17.000Z", "dateReserved": "2020-12-09T00:00:00.000Z", "dateUpdated": "2024-08-04T16:55:10.695Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:golang:ssh:*:*:*:*:*:*:*:*", "matchCriteriaId": "997992AC-BE5D-4E27-8042-B64AA2B2AA81", "versionEndIncluding": "0.0.0-20201203163018-be400aefbc4c", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A nil pointer dereference in the golang.org/x/crypto/ssh component through v0.0.0-20201203163018-be400aefbc4c for Go allows remote attackers to cause a denial of service against SSH servers."}, {"lang": "es", "value": "Una desreferencia de puntero null en el componente golang.org/x/crypto/ssh versiones hasta v0.0.0-20201203163018-be400aefbc4c para Go, permite a atacantes remotos causar una denegaci\u00f3n de servicio contra servidores SSH"}], "id": "CVE-2020-29652", "lastModified": "2024-11-21T05:24:21.410", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-12-17T05:15:10.580", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://go-review.googlesource.com/c/crypto/+/278852"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://groups.google.com/g/golang-announce/c/ouZIlBimOsE?pli=1"}, {"source": "cve@mitre.org", "url": "https://lists.apache.org/thread.html/r68032132c0399c29d6cdc7bd44918535da54060a10a12b1591328bff%40%3Cnotifications.skywalking.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://go-review.googlesource.com/c/crypto/+/278852"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://groups.google.com/g/golang-announce/c/ouZIlBimOsE?pli=1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/r68032132c0399c29d6cdc7bd44918535da54060a10a12b1591328bff%40%3Cnotifications.skywalking.apache.org%3E"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2021:1796", "cpe": "cpe:/a:redhat:enterprise_linux:8", "impact": "low", "package": "container-tools:rhel8-8040020210407081426.59631bd5", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2021-05-18T00:00:00Z"}, {"advisory": "RHSA-2020:5633", "cpe": "cpe:/a:redhat:openshift:4.7::el8", "impact": "low", "package": "openshift4/ose-aws-ebs-csi-driver-rhel8:v4.7.0-202102130115.p0", "product_name": "Red Hat OpenShift Container Platform 4.7", "release_date": "2021-02-24T00:00:00Z"}, {"advisory": "RHSA-2020:5633", "cpe": "cpe:/a:redhat:openshift:4.7::el8", "impact": "low", "package": "openshift4/ose-azure-machine-controllers:v4.7.0-202102130115.p0", "product_name": "Red Hat OpenShift Container Platform 4.7", "release_date": "2021-02-24T00:00:00Z"}, {"advisory": "RHSA-2020:5633", "cpe": "cpe:/a:redhat:openshift:4.7::el8", "impact": "low", "package": "openshift4/ose-baremetal-installer-rhel8:v4.7.0-202102130115.p0", "product_name": "Red Hat OpenShift Container Platform 4.7", "release_date": "2021-02-24T00:00:00Z"}, {"advisory": "RHSA-2020:5633", "cpe": "cpe:/a:redhat:openshift:4.7::el8", "impact": "low", "package": "openshift4/ose-installer:v4.7.0-202102130115.p0", "product_name": "Red Hat OpenShift Container Platform 4.7", "release_date": "2021-02-24T00:00:00Z"}, {"advisory": "RHSA-2020:5633", "cpe": "cpe:/a:redhat:openshift:4.7::el8", "impact": "low", "package": "openshift4/ose-installer-artifacts:v4.7.0-202102130115.p0", "product_name": "Red Hat OpenShift Container Platform 4.7", "release_date": "2021-02-24T00:00:00Z"}, {"advisory": "RHSA-2021:0799", "cpe": "cpe:/a:redhat:container_native_virtualization:2.6::el8", "package": "kubevirt-cpu-model-nfd-plugin-container", "product_name": "Red Hat OpenShift Virtualization 2", "release_date": "2021-03-10T00:00:00Z"}, {"advisory": "RHSA-2021:0799", "cpe": "cpe:/a:redhat:container_native_virtualization:2.6::el8", "package": "kubevirt-cpu-node-labeller-container", "product_name": "Red Hat OpenShift Virtualization 2", "release_date": "2021-03-10T00:00:00Z"}, {"advisory": "RHSA-2021:0799", "cpe": "cpe:/a:redhat:container_native_virtualization:2.6::el8", "package": "kubevirt-kvm-info-nfd-plugin-container", "product_name": "Red Hat OpenShift Virtualization 2", "release_date": "2021-03-10T00:00:00Z"}, {"advisory": "RHSA-2021:0799", "cpe": "cpe:/a:redhat:container_native_virtualization:2.6::el8", "package": "vm-import-controller-container", "product_name": "Red Hat OpenShift Virtualization 2", "release_date": "2021-03-10T00:00:00Z"}, {"advisory": "RHSA-2021:2920", "cpe": "cpe:/a:redhat:container_native_virtualization:4.8::el8", "package": "container-native-virtualization/kubernetes-nmstate-handler-rhel8:v4.8.0-21", "product_name": "RHEL-8-CNV-4.8", "release_date": "2021-07-28T00:00:00Z"}, {"advisory": "RHSA-2021:2920", "cpe": "cpe:/a:redhat:container_native_virtualization:4.8::el8", "package": "container-native-virtualization/kubevirt-v2v-conversion:v4.8.0-10", "product_name": "RHEL-8-CNV-4.8", "release_date": "2021-07-28T00:00:00Z"}, {"advisory": "RHSA-2021:2920", "cpe": "cpe:/a:redhat:container_native_virtualization:4.8::el8", "package": "container-native-virtualization/kubevirt-vmware:v4.8.0-11", "product_name": "RHEL-8-CNV-4.8", "release_date": "2021-07-28T00:00:00Z"}, {"advisory": "RHSA-2021:2920", "cpe": "cpe:/a:redhat:container_native_virtualization:4.8::el8", "package": "container-native-virtualization/node-maintenance-operator:v4.8.0-19", "product_name": "RHEL-8-CNV-4.8", "release_date": "2021-07-28T00:00:00Z"}, {"advisory": "RHSA-2021:2920", "cpe": "cpe:/a:redhat:container_native_virtualization:4.8::el8", "package": "container-native-virtualization/vm-import-controller:v4.8.0-18", "product_name": "RHEL-8-CNV-4.8", "release_date": "2021-07-28T00:00:00Z"}, {"advisory": "RHSA-2021:2920", "cpe": "cpe:/a:redhat:container_native_virtualization:4.8::el8", "package": "container-native-virtualization/vm-import-controller-rhel8:v4.8.0-18", "product_name": "RHEL-8-CNV-4.8", "release_date": "2021-07-28T00:00:00Z"}, {"advisory": "RHSA-2021:2920", "cpe": "cpe:/a:redhat:container_native_virtualization:4.8::el8", "package": "container-native-virtualization/vm-import-operator-rhel8:v4.8.0-18", "product_name": "RHEL-8-CNV-4.8", "release_date": "2021-07-28T00:00:00Z"}, {"advisory": "RHSA-2021:2920", "cpe": "cpe:/a:redhat:container_native_virtualization:4.8::el8", "package": "container-native-virtualization/vm-import-virtv2v-rhel8:v4.8.0-18", "product_name": "RHEL-8-CNV-4.8", "release_date": "2021-07-28T00:00:00Z"}], "bugzilla": {"description": "golang: crypto/ssh: crafted authentication request can lead to nil pointer dereference", "id": "1908883", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1908883"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-476", "details": ["A nil pointer dereference in the golang.org/x/crypto/ssh component through v0.0.0-20201203163018-be400aefbc4c for Go allows remote attackers to cause a denial of service against SSH servers.", "A null pointer dereference vulnerability was found in golang. When using the library's ssh server without specifying an option for GSSAPIWithMICConfig, it is possible for an attacker to craft an ssh client connection using the `gssapi-with-mic` authentication method and cause the server to panic resulting in a denial of service. The highest threat from this vulnerability is to system availability."], "name": "CVE-2020-29652", "package_state": [{"cpe": "cpe:/a:redhat:service_mesh:2.0", "fix_state": "Will not fix", "package_name": "3scale-istio-adapter-rhel8-container", "product_name": "OpenShift Service Mesh 2.0"}, {"cpe": "cpe:/a:redhat:service_mesh:2.0", "fix_state": "Will not fix", "package_name": "servicemesh", "product_name": "OpenShift Service Mesh 2.0"}, {"cpe": "cpe:/a:redhat:service_mesh:2.0", "fix_state": "Will not fix", "package_name": "servicemesh-cni", "product_name": "OpenShift Service Mesh 2.0"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Affected", "impact": "low", "package_name": "rhacm2/multicluster-operators-subscription-release-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Affected", "impact": "low", "package_name": "rhacm2/multicluster-operators-subscription-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "impact": "low", "package_name": "gomtree", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/a:redhat:jboss_fuse:7", "fix_state": "Fix deferred", "impact": "low", "package_name": "crypto/ssh", "product_name": "Red Hat Fuse 7"}, {"cpe": "cpe:/a:redhat:openshift:3.11", "fix_state": "Fix deferred", "impact": "low", "package_name": "atomic-openshift", "product_name": "Red Hat OpenShift Container Platform 3.11"}, {"cpe": "cpe:/a:redhat:openshift:3.11", "fix_state": "Fix deferred", "impact": "low", "package_name": "atomic-openshift-cluster-autoscaler", "product_name": "Red Hat OpenShift Container Platform 3.11"}, {"cpe": "cpe:/a:redhat:openshift:3.11", "fix_state": "Fix deferred", "impact": "low", "package_name": "atomic-openshift-descheduler", "product_name": "Red Hat OpenShift Container Platform 3.11"}, {"cpe": "cpe:/a:redhat:openshift:3.11", "fix_state": "Fix deferred", "impact": "low", "package_name": "atomic-openshift-dockerregistry", "product_name": "Red Hat OpenShift Container Platform 3.11"}, {"cpe": "cpe:/a:redhat:openshift:3.11", "fix_state": "Fix deferred", "impact": "low", "package_name": "atomic-openshift-service-idler", "product_name": "Red Hat OpenShift Container Platform 3.11"}, {"cpe": "cpe:/a:redhat:openshift:3.11", "fix_state": "Fix deferred", "impact": "low", "package_name": "atomic-openshift-web-console", "product_name": "Red Hat OpenShift Container Platform 3.11"}, {"cpe": "cpe:/a:redhat:openshift:3.11", "fix_state": "Fix deferred", "impact": "low", "package_name": "csi-attacher", "product_name": "Red Hat OpenShift Container Platform 3.11"}, {"cpe": "cpe:/a:redhat:openshift:3.11", "fix_state": "Fix deferred", "impact": "low", "package_name": "csi-driver-registrar", "product_name": "Red Hat OpenShift Container Platform 3.11"}, {"cpe": "cpe:/a:redhat:openshift:3.11", "fix_state": "Fix deferred", "impact": "low", "package_name": "csi-provisioner", "product_name": "Red Hat OpenShift Container Platform 3.11"}, {"cpe": "cpe:/a:redhat:openshift:3.11", "fix_state": "Not affected", "impact": "low", "package_name": "golang-github-openshift-oauth-proxy", "product_name": "Red Hat OpenShift Container Platform 3.11"}, {"cpe": "cpe:/a:redhat:openshift:3.11", "fix_state": "Fix deferred", "impact": "low", "package_name": "openshift-enterprise-cluster-capacity", "product_name": "Red Hat OpenShift Container Platform 3.11"}, {"cpe": "cpe:/a:redhat:openshift:3.11", "fix_state": "Fix deferred", "impact": "low", "package_name": "openshift-enterprise-image-registry", "product_name": "Red Hat OpenShift Container Platform 3.11"}, {"cpe": "cpe:/a:redhat:openshift:3.11", "fix_state": "Fix deferred", "impact": "low", "package_name": "openshift-eventrouter", "product_name": "Red Hat OpenShift Container Platform 3.11"}, {"cpe": "cpe:/a:redhat:openshift:3.11", "fix_state": "Fix deferred", "impact": "low", "package_name": "openshift-external-storage", "product_name": "Red Hat OpenShift Container Platform 3.11"}, {"cpe": "cpe:/a:redhat:openshift:3.11", "fix_state": "Fix deferred", "impact": "low", "package_name": "openvswitch-ovn-kubernetes", "product_name": "Red Hat OpenShift Container Platform 3.11"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "impact": "low", "package_name": "cri-o", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "impact": "low", "package_name": "csi-driver-manilla-container", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "impact": "low", "package_name": "csi-driver-nfs-container", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Fix deferred", "impact": "low", "package_name": "openshift", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "impact": "low", "package_name": "openshift4/ose-cluster-autoscaler-rhel9", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "impact": "low", "package_name": "openshift4/ose-cluster-bootstrap", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Fix deferred", "impact": "low", "package_name": "openshift4/ose-cluster-logging-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Fix deferred", "impact": "low", "package_name": "openshift4/ose-cluster-network-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Fix deferred", "impact": "low", "package_name": "openshift4/ose-hyperkube-rhel9", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Fix deferred", "impact": "low", "package_name": "openshift4/ose-metering-helm-container-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Fix deferred", "impact": "low", "package_name": "openshift4/ose-node-feature-discovery", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "impact": "low", "package_name": "openshift4/ose-sriov-dp-admission-controller", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Fix deferred", "impact": "low", "package_name": "openshift4/ose-tests", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Fix deferred", "impact": "low", "package_name": "openshift4/ose-vertical-pod-autoscaler-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Fix deferred", "impact": "low", "package_name": "openshift4/ose-vertical-pod-autoscaler-rhel8-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Fix deferred", "impact": "low", "package_name": "podman", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift_container_storage:4", "fix_state": "Affected", "impact": "low", "package_name": "ocs4/cephcsi-rhel8", "product_name": "Red Hat Openshift Container Storage 4"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:2", "fix_state": "Fix deferred", "impact": "low", "package_name": "cluster-network-addons-operator-container", "product_name": "Red Hat OpenShift Virtualization 2"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:2", "fix_state": "Affected", "impact": "low", "package_name": "hyperconverged-cluster-operator-container", "product_name": "Red Hat OpenShift Virtualization 2"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:2", "fix_state": "Fix deferred", "impact": "low", "package_name": "kubernetes-nmstate-handler-container", "product_name": "Red Hat OpenShift Virtualization 2"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:2", "fix_state": "Affected", "impact": "low", "package_name": "virt-api-container", "product_name": "Red Hat OpenShift Virtualization 2"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:2", "fix_state": "Affected", "impact": "low", "package_name": "virt-controller-container", "product_name": "Red Hat OpenShift Virtualization 2"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:2", "fix_state": "Affected", "impact": "low", "package_name": "virt-handler-container", "product_name": "Red Hat OpenShift Virtualization 2"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:2", "fix_state": "Affected", "impact": "low", "package_name": "virt-launcher-container", "product_name": "Red Hat OpenShift Virtualization 2"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:2", "fix_state": "Affected", "impact": "low", "package_name": "virt-operator-container", "product_name": "Red Hat OpenShift Virtualization 2"}, {"cpe": "cpe:/a:redhat:storage:3", "fix_state": "Affected", "impact": "low", "package_name": "heketi", "product_name": "Red Hat Storage 3"}], "public_date": "2020-12-16T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2020-29652\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-29652\nhttps://groups.google.com/g/golang-announce/c/ouZIlBimOsE?pli=1"], "statement": "A large number of products include the affected package, but do not make use of the vulnerable SSH server code. Accordingly, the flaw itself is rated as \"Important\", but these products themselves all have a \"Low\" severity rating.\nAdditionally, a number of products include golang.org/x/crypto (or even golang.org/x/crypto/ssh/terminal) but not specifically golang.org/x/crypto/ssh/server.go in the final build. As this would result in a very large number of entries of not affected products, only products which include the ssh server code (golang.org/x/crypto/ssh/server.go) have been represented here. \nRed Hat Enterprise Linux 8 container-tools:rhel8/containernetworking-plugins is not affected because although it uses some functionality from golang.org/x/crypto, it does not use or import anything from golang.org/x/crypto/ssh/*.", "threat_severity": "Important"}

{}