Improper Signature Verification Affecting package, versions <0.0.0-20200220183623-bac4c82f6975

  • Exploit Maturity


  • Attack Complexity


  • Confidentiality


Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • snyk-id


  • published

    21 Feb 2020

  • disclosed

    21 Feb 2020

  • credit

    Alex Gaynor

How to fix?

Upgrade to version 0.0.0-20200220183623-bac4c82f6975 or higher.

Overview is a SSH client and server

Affected versions of this package are vulnerable to Improper Signature Verification. An attacker can craft an ssh-ed25519 or public key, such that the library will panic when trying to verify a signature with it. Clients can deliver such a public key and signature to any server with a PublicKeyCallback, and servers can deliver them to any client.