Primary

Context

Golang Crypto/SSH Denial-of-Service Vulnerability

Vulnerability

A denial-of-service vulnerability has been identified in the Golang SSH package, specifically in versions prior to 0.35.0. This issue affects SSH servers that implement file transfer protocols. The vulnerability arises when clients complete the key exchange slowly or not at all, causing pending content to be read into memory but never transmitted. This can lead to excessive memory usage and potential service disruption.

Impact

Exploitation of this vulnerability can cause a denial-of-service condition, leading to increased memory usage and potential service disruption.

Remediation

NetApp products affected by this vulnerability should be updated to a version that includes the patched Golang Crypto/SSH package. Instructions for updating can be found in the NetApp advisory NTAP-20250411-0010.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

6.2

impact

2.5

exploitability

6.2

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.2

impact

2.5

exploitability

6.2

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Golang Crypto/SSH Denial-of-Service Vulnerability

Vulnerability

Impact

Remediation

Affected Products

golang.org/x/crypto/ssh

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating