Thatnealpatel

**Name of the Vulnerable Software and Affected Versions** The product name cannot be determined (affected versions not specified) **Description** Certain crafted inputs allow the creation of an `ed25519.PrivateKey` by casting malformed wire bytes, which results in a panic when the key is used. A panic is an unexpected runtime error that causes a program to crash. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SSH servers (affected versions not specified) **Description** SSH servers using CertChecker as a public key callback may experience a panic when a client presents a certificate if `IsUserAuthority` or `IsHostAuthority` are not set. A panic is a critical error that causes a program to crash unexpectedly. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** The product name cannot be determined (affected versions not specified) **Description** A failure occurred where a revoked `SignatureKey` belonging to a Certificate Authority (CA) was not correctly checked for revocation. The issue involves the validation process for the `key` and `key.SignatureKey` variables regarding their `@revoked` status. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** The product name cannot be determined (affected versions not specified) **Description** An authorization bypass exists in certain SSH server configurations. The issue occurs when a callback other than a public key is used, causing the source-address validation to be skipped. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** The product name cannot be determined (affected versions not specified) **Description** A malicious SSH peer can send unsolicited global request responses to fill an internal buffer, which blocks the connection's read loop. This prevents the blocked goroutine (a lightweight thread managed by the Go runtime) from being released when Close() is called, leading to a resource leak for each connection. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** The product name cannot be determined (affected versions not specified) **Description** The `Verify()` method for FIDO/U2F security key types `sk-ecdsa-sha2-nistp256@openssh.com` and `sk-ssh-ed25519@openssh.com` failed to check the User Presence flag. This allows signatures generated without physical touch to be accepted, enabling the unattended use of a hardware security key. **Recommendations** Return a "no-touch-required" extension in `Permissions.Extensions` from `PublicKeyCallback` to restore the previous behavior.

**Name of the Vulnerable Software and Affected Versions** The product name cannot be determined (affected versions not specified) **Description** An integer overflow occurs during the internal payload size calculation when writing data exceeding 4GB in a single Write call on an SSH channel. This leads to a condition where the write loop spins indefinitely, resulting in the continuous transmission of empty packets without progressing the data transfer. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** The product name cannot be determined (affected versions not specified) **Description** The `Dial()` and `LookupPort()` functions panic on Windows when they receive an input containing a NUL (0) character. A panic is a runtime error that causes the program to crash. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** The product name cannot be determined (affected versions not specified) **Description** Pathological inputs can cause a Denial of Service (DoS) during the parsing of email addresses according to RFC 5322. This issue occurs within the `consumePhrase()` function. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** The product name cannot be determined (affected versions not specified) **Description** Well-crafted inputs reaching the functions `ParseAddress()`, `ParseAddressList()`, and `ParseDate()` can trigger excessive CPU exhaustion and memory allocations, leading to a Denial of Service (DoS), a condition where a system becomes unavailable to its intended users. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.