Vulnerabilities
Misconfiguration
Runtime Security
Compliance
CVE Vulnerabilities

CVE-2017-3204

Published: Apr 04, 2017 | Modified: Nov 21, 2024
CVSS 3.x
8.1
HIGH
Source:
NVD
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
6.8 MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
4.8 MODERATE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
Ubuntu
LOW
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2017-3204
CWEhttps://cwe.mitre.org/data/definitions/310.html

The Go SSH library (x/crypto/ssh) by default does not verify host keys, facilitating man-in-the-middle attacks. Default behavior changed in commit e4e2799 to require explicitly registering a hostkey verification mechanism.

Affected Software

Name Vendor Start Version End Version
Crypto Golang * 2017-03-17 (including)
Golang-go.crypto Ubuntu artful *
Golang-go.crypto Ubuntu esm-infra/xenial *
Golang-go.crypto Ubuntu upstream *
Golang-go.crypto Ubuntu xenial *
Golang-go.crypto Ubuntu yakkety *
Golang-go.crypto Ubuntu zesty *
Snapd Ubuntu artful *
Snapd Ubuntu bionic *
Snapd Ubuntu cosmic *
Snapd Ubuntu devel *
Snapd Ubuntu disco *
Snapd Ubuntu eoan *
Snapd Ubuntu esm-infra/bionic *
Snapd Ubuntu esm-infra/xenial *
Snapd Ubuntu focal *
Snapd Ubuntu groovy *
Snapd Ubuntu hirsute *
Snapd Ubuntu impish *
Snapd Ubuntu jammy *
Snapd Ubuntu kinetic *
Snapd Ubuntu lunar *
Snapd Ubuntu mantic *
Snapd Ubuntu noble *
Snapd Ubuntu oracular *
Snapd Ubuntu trusty *
Snapd Ubuntu xenial *
Snapd Ubuntu yakkety *
Snapd Ubuntu zesty *
Ubuntu-snappy Ubuntu vivid/ubuntu-core *

References

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2025 Aqua Security Software Ltd.   Privacy Policy | Terms of Use