CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2017-3204

The Go SSH library (x/crypto/ssh) by default does not verify host keys, facilitating man-in-the-middle attacks. Default behavior changed in commit e4e2799 to require explicitly registering a hostkey verification mechanism.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.018

EPSS Ranking 82.4%

CVSS Severity

CVSS v3 Score 8.1

CVSS v2 Score 6.8

References

Products affected by CVE-2017-3204

Golang » Crypto » Version: N/A

cpe:2.3:a:golang:crypto:-
Golang » Crypto » Version: 0.1.0

cpe:2.3:a:golang:crypto:0.1.0
Golang » Crypto » Version: 0.10.0

cpe:2.3:a:golang:crypto:0.10.0
Golang » Crypto » Version: 0.11.0

cpe:2.3:a:golang:crypto:0.11.0
Golang » Crypto » Version: 0.12.0

cpe:2.3:a:golang:crypto:0.12.0
Golang » Crypto » Version: 0.13.0

cpe:2.3:a:golang:crypto:0.13.0
Golang » Crypto » Version: 0.14.0

cpe:2.3:a:golang:crypto:0.14.0
Golang » Crypto » Version: 0.15.0

cpe:2.3:a:golang:crypto:0.15.0
Golang » Crypto » Version: 0.16.0

cpe:2.3:a:golang:crypto:0.16.0
Golang » Crypto » Version: 0.17.0

cpe:2.3:a:golang:crypto:0.17.0
Golang » Crypto » Version: 0.18.0

cpe:2.3:a:golang:crypto:0.18.0
Golang » Crypto » Version: 0.19.0

cpe:2.3:a:golang:crypto:0.19.0
Golang » Crypto » Version: 0.2.0

cpe:2.3:a:golang:crypto:0.2.0
Golang » Crypto » Version: 0.21.0

cpe:2.3:a:golang:crypto:0.21.0
Golang » Crypto » Version: 0.22.0

cpe:2.3:a:golang:crypto:0.22.0
Golang » Crypto » Version: 0.23.0

cpe:2.3:a:golang:crypto:0.23.0
Golang » Crypto » Version: 0.24.0

cpe:2.3:a:golang:crypto:0.24.0
Golang » Crypto » Version: 0.25.0

cpe:2.3:a:golang:crypto:0.25.0
Golang » Crypto » Version: 0.26.0

cpe:2.3:a:golang:crypto:0.26.0
Golang » Crypto » Version: 0.27.0

cpe:2.3:a:golang:crypto:0.27.0
Golang » Crypto » Version: 0.28.0

cpe:2.3:a:golang:crypto:0.28.0
Golang » Crypto » Version: 0.29.0

cpe:2.3:a:golang:crypto:0.29.0
Golang » Crypto » Version: 0.3.0

cpe:2.3:a:golang:crypto:0.3.0
Golang » Crypto » Version: 0.30.0

cpe:2.3:a:golang:crypto:0.30.0
Golang » Crypto » Version: 0.31.0

cpe:2.3:a:golang:crypto:0.31.0
Golang » Crypto » Version: 0.32.0

cpe:2.3:a:golang:crypto:0.32.0
Golang » Crypto » Version: 0.33.0

cpe:2.3:a:golang:crypto:0.33.0
Golang » Crypto » Version: 0.34.0

cpe:2.3:a:golang:crypto:0.34.0
Golang » Crypto » Version: 0.35.0

cpe:2.3:a:golang:crypto:0.35.0
Golang » Crypto » Version: 0.36.0

cpe:2.3:a:golang:crypto:0.36.0
Golang » Crypto » Version: 0.37.0

cpe:2.3:a:golang:crypto:0.37.0
Golang » Crypto » Version: 0.38.0

cpe:2.3:a:golang:crypto:0.38.0
Golang » Crypto » Version: 0.39.0

cpe:2.3:a:golang:crypto:0.39.0
Golang » Crypto » Version: 0.4.0

cpe:2.3:a:golang:crypto:0.4.0
Golang » Crypto » Version: 0.40.0

cpe:2.3:a:golang:crypto:0.40.0
Golang » Crypto » Version: 0.41.0

cpe:2.3:a:golang:crypto:0.41.0
Golang » Crypto » Version: 0.42.0

cpe:2.3:a:golang:crypto:0.42.0
Golang » Crypto » Version: 0.43.0

cpe:2.3:a:golang:crypto:0.43.0
Golang » Crypto » Version: 0.44.0

cpe:2.3:a:golang:crypto:0.44.0
Golang » Crypto » Version: 0.45.0

cpe:2.3:a:golang:crypto:0.45.0
Golang » Crypto » Version: 0.46.0

cpe:2.3:a:golang:crypto:0.46.0
Golang » Crypto » Version: 0.5.0

cpe:2.3:a:golang:crypto:0.5.0
Golang » Crypto » Version: 0.6.0

cpe:2.3:a:golang:crypto:0.6.0
Golang » Crypto » Version: 0.7.0

cpe:2.3:a:golang:crypto:0.7.0
Golang » Crypto » Version: 0.8.0

cpe:2.3:a:golang:crypto:0.8.0
Golang » Crypto » Version: 0.9.0

cpe:2.3:a:golang:crypto:0.9.0
Golang » Crypto » Version: 2017-02-09

cpe:2.3:a:golang:crypto:2017-02-09
Golang » Crypto » Version: 2017-03-02

cpe:2.3:a:golang:crypto:2017-03-02
Golang » Crypto » Version: 2017-03-07

cpe:2.3:a:golang:crypto:2017-03-07
Golang » Crypto » Version: 2017-03-17

cpe:2.3:a:golang:crypto:2017-03-17

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2017-3204

Products

Pricing

Contact Us