<p>Upgrade <code>RHEL:9</code> <code>kernel-zfcpdump-modules-internal</code> to version 0:5.14.0-284.16.1.el9_2 or higher.<br>This issue was patched in <code>RHSA-2023:3366</code>.</p>

Use of a Broken or Risky Cryptographic Algorithm Affecting kernel-zfcpdump-modules-internal package, versions <0:5.14.0-284.16.1.el9_2

Threat Intelligence

0.25% (66^th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk ID SNYK-RHEL9-KERNELZFCPDUMPMODULESINTERNAL-6220068
published 1 Feb 2024
disclosed 15 Mar 2022

Report a new vulnerability Found a mistake?

Introduced: 15 Mar 2022

CVE-2022-27191 Open this link in a new tab CWE-327 Open this link in a new tab

How to fix?

Upgrade RHEL:9 kernel-zfcpdump-modules-internal to version 0:5.14.0-284.16.1.el9_2 or higher.
This issue was patched in RHSA-2023:3366.

NVD Description

Note: Versions mentioned in the description apply only to the upstream kernel-zfcpdump-modules-internal package and not the kernel-zfcpdump-modules-internal package as distributed by RHEL. See How to fix? for RHEL:9 relevant fixed versions and status.

The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to crash a server in certain circumstances involving AddHostKey.

References

CVSS Scores

version 3.1

Use of a Broken or Risky Cryptographic Algorithm Affecting kernel-zfcpdump-modules-internal package, versions <0:5.14.0-284.16.1.el9_2

Severity

Based on Red Hat Enterprise Linux security rating