Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

vulnerability warning CVE-2022-27191 #183

Closed
eli-darkly opened this issue Apr 20, 2022 · 1 comment
Closed

vulnerability warning CVE-2022-27191 #183

eli-darkly opened this issue Apr 20, 2022 · 1 comment

Comments

@eli-darkly
Copy link
Contributor

LD has opened this issue to let everyone know that we're aware of this vulnerability report, and we will release a patch version of our Docker image to address it as soon as possible.

It's our policy to make any necessary dependency/platform updates for such issues no matter what, but we also look into the details to determine how much of an actual risk these represent, if any, to Relay Proxy installations that are currently running. Here is our analysis:

  • We do not think this vulnerability applies to the Relay Proxy. Based on this description, the vulnerability would allow an attacker to crash an SSH server that was configured in a specific way. The Relay Proxy does not operate an SSH server; it neither directly nor indirectly uses crypto/ssh.
Merged
@eli-darkly
Copy link
Contributor Author

Fixed in the 6.7.5 release.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@eli-darkly