Miggo Logo
Miggo Vulnerability Database
CVE-2020-29652

CVE-2020-29652: golang.org/x/crypto/ssh NULL Pointer Dereference vulnerability

7.5

CVSS Score
3.1

Basic Information

CVE ID
CVE-2020-29652
GHSA ID
GHSA-3vm4-22fp-5rfm
EPSS Score
0.0459%
CWE
CWE-476
Published
5/24/2022
Updated
10/2/2023
KEV Status
No
Technology
TechnologyGo

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
golang.org/x/cryptogo< 0.0.0-20201216223049-8b5274cf687f0.0.0-20201216223049-8b5274cf687f

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability occurs in the authentication handling path where the server processes 'gssapi-with-mic' requests. The patch adds a guard condition in the server authentication flow to exclude this method when GSSAPIWithMICConfig is nil. The function responsible for authentication (serverAuthenticate() method of serverConn) would panic when processing this method without the nil check, as it would attempt to dereference the nil config.php. The function name is derived from the SSH package structure and the location of the security check addition in the patch.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

* nil point*r **r***r*n** in t** *ol*n*.or*/x/*rypto/ss* *ompon*nt t*rou** v*.*.*-**************-************ *or *o *llows r*mot* *tt**k*rs to **us* * **ni*l o* s*rvi** ***inst SS* s*rv*rs. *n *tt**k*r **n *r**t *n *ut**nti**tion r*qu*st m*ss*** *or

Reasoning

T** vuln*r**ility o**urs in t** *ut**nti**tion **n*lin* p*t* w**r* t** s*rv*r pro**ss*s '*ss*pi-wit*-mi*' r*qu*sts. T** p*t** ***s * *u*r* *on*ition in t** s*rv*r *ut**nti**tion *low to *x*lu** t*is m*t*o* w**n `*SS*PIWit*MI**on*i*` is nil. T** `*un*