Description

sshpk is vulnerable to ReDoS when parsing crafted invalid public keys.

Remediation

References

https://hackerone.com/reports/319593

Related Vulnerabilities

CVE-2020-25689 Vulnerability in maven package org.wildfly.core:wildfly-protocol

CVE-2022-25883 Vulnerability in npm package semver

CVE-2021-45105 Vulnerability in maven package org.apache.logging.log4j:log4j-core

CVE-2021-21633 Vulnerability in maven package org.jenkins-ci.plugins:dependency-track

CVE-2021-27516 Vulnerability in maven package org.webjars.bower:urijs

Severity

High

Classification

CWE-185 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Tags

Exploit Third Party Advisory