GSA_kwCzR0hTQS04d3h4LTM1cWMtdnA2cs4AA9f9

Critical EPSS: 0.00124% (0.3251 Percentile) EPSS:

Permalink JSON

Missing key verification in gost

Affected Packages	Affected Versions	Fixed Versions
go:github.com/ginuerzh/gost	<= 2.11.5	No known fixed version
10 Dependent packages 6 Dependent repositories Affected Version Ranges All affected versions 2.6.1

An authentication bypass in the SSH service of gost v2.11.5 allows attackers to intercept communications via setting the HostKeyCallback function to ssh.InsecureIgnoreHostKey

References:

https://nvd.nist.gov/vuln/detail/CVE-2024-39223
https://github.com/ginuerzh/gost/issues/1034
https://gist.github.com/nyxfqq/a7242170b1118e78436a62dee4e09e8a
https://github.com/ginuerzh/gost/blob/729d0e70005607dc7c69fc1de62fd8fe21f85355/ssh.go#L229
https://github.com/advisories/GHSA-8wxx-35qc-vp6r

Identifiers

GHSA-8wxx-35qc-vp6r

CVE-2024-39223

Risk

Severity

Critical

EPSS

EPSS Percentage: 0.00124

EPSS Percentile: 0.3251

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/ginuerzh/gost

Date and time

Published

about 1 year ago

Updated

19 minutes ago

API

JSON

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Advisories