CVE Vulnerabilities

CVE-2020-29652

This vulnerability is marked as RESERVED by NVD. This means that the CVE-ID is reserved for future use by the CVE Numbering Authority (CNA) or a security researcher, but the details of it are not yet publicly available yet.

This page will reflect the classification results once they are available through NVD.

Any vendor information available is shown as below.

Redhat

CVE-2020-29652 golang: crypto/ssh: crafted authentication request can lead to nil pointer dereference

Affected Software List

NameVendorVersion
Red Hat Enterprise Linux 8RedHatcontainer-tools:rhel8-8040020210407081426.59631bd5
Red Hat OpenShift Container Platform 4.7RedHatopenshift4/ose-aws-ebs-csi-driver-rhel8:v4.7.0-202102130115.p0
Red Hat OpenShift Container Platform 4.7RedHatopenshift4/ose-azure-machine-controllers:v4.7.0-202102130115.p0
Red Hat OpenShift Container Platform 4.7RedHatopenshift4/ose-baremetal-installer-rhel8:v4.7.0-202102130115.p0
Red Hat OpenShift Container Platform 4.7RedHatopenshift4/ose-cluster-autoscaler:v4.7.0-202102130115.p0
Red Hat OpenShift Container Platform 4.7RedHatopenshift4/ose-cluster-bootstrap:v4.7.0-202102130115.p0
Red Hat OpenShift Container Platform 4.7RedHatopenshift4/ose-cluster-network-operator:v4.7.0-202102130115.p0
Red Hat OpenShift Container Platform 4.7RedHatopenshift4/ose-csi-driver-nfs-rhel8:v4.7.0-202102130115.p0
Red Hat OpenShift Container Platform 4.7RedHatopenshift4/ose-hyperkube:v4.7.0-202102130115.p0
Red Hat OpenShift Container Platform 4.7RedHatopenshift4/ose-installer:v4.7.0-202102130115.p0
Red Hat OpenShift Container Platform 4.7RedHatopenshift4/ose-installer-artifacts:v4.7.0-202102130115.p0
Red Hat OpenShift Container Platform 4.7RedHatopenshift4/ose-tests:v4.7.0-202102181036.p0
Red Hat OpenShift Container Platform 4.7RedHatopenshift4/ose-metering-helm-container-rhel8:v4.7.0-202102110027.p0
Red Hat OpenShift Container Platform 4.7RedHatopenshift4/ose-node-feature-discovery:v4.7.0-202102110027.p0
Red Hat OpenShift Container Platform 4.7RedHatopenshift4/ose-sriov-dp-admission-controller:v4.7.0-202102110027.p0
Red Hat OpenShift Container Platform 4.7RedHatopenshift4/ose-vertical-pod-autoscaler-rhel8:v4.7.0-202102110027.p0
Red Hat OpenShift Container Platform 4.7RedHatopenshift4/ose-vertical-pod-autoscaler-rhel8-operator:v4.7.0-202102110027.p0
RHEL-8-CNV-2.6RedHatcontainer-native-virtualization/cluster-network-addons-operator:v2.6.0-17
RHEL-8-CNV-2.6RedHatcontainer-native-virtualization/hyperconverged-cluster-operator:v2.6.0-77
RHEL-8-CNV-2.6RedHatcontainer-native-virtualization/kubernetes-nmstate-handler-rhel8:v2.6.0-23
RHEL-8-CNV-2.6RedHatcontainer-native-virtualization/virt-api:v2.6.0-115
RHEL-8-CNV-2.6RedHatcontainer-native-virtualization/virt-controller:v2.6.0-115
RHEL-8-CNV-2.6RedHatcontainer-native-virtualization/virt-handler:v2.6.0-115
RHEL-8-CNV-2.6RedHatcontainer-native-virtualization/virt-launcher:v2.6.0-115
RHEL-8-CNV-2.6RedHatcontainer-native-virtualization/virt-operator:v2.6.0-115
RHEL-8-CNV-4.8RedHatcontainer-native-virtualization/virt-api:v4.8.0-67

Ubuntu

A nil pointer dereference in the golang.org/x/crypto/ssh component through v0.0.0-20201203163018-be400aefbc4c for Go allows remote attackers to cause a denial of service against SSH servers.

Affected Software List

NameVendorVersion
Golang-go.cryptoUbuntu/groovyreached end-of-life
Golang-go.cryptoUbuntu/hirsute1:0.0~git20201221.eec23a3-1
Golang-go.cryptoUbuntu/devel1:0.0~git20201221.eec23a3-1
Golang-go.cryptoUbuntu/focal
Golang-go.cryptoUbuntu/upstream1:0.0~git20201221.eec23a3-1
KubernetesUbuntu/upstreamTBD
KubernetesUbuntu/develTBD
KubernetesUbuntu/focalTBD
KubernetesUbuntu/groovyreached end-of-life
KubernetesUbuntu/hirsuteTBD
LxdUbuntu/upstreamTBD
SnapdUbuntu/upstreamTBD
SnapdUbuntu/trustyout of standard support