Fix golang.org/x/crypto — CVE-2022-27191 HIGH
Fix CVE-2022-27191 (HIGH) in golang.org/x/crypto for Go. Paste your go.mod into PackageFix and get a patched version — no CLI, no signup. Ssh connection hang via crafted client handshake.
⚠ Vulnerability
CVE-2022-27191 (HIGH) — SSH connection hang via crafted client handshake in golang.org/x/crypto below v0.22.0.
Vulnerable — go.mod
golang.org/x/crypto v0.0.0-20220214200702-86341886e292
Fixed — go.mod
golang.org/x/crypto v0.22.0
✓ Fix
Update golang.org/x/crypto to v0.22.0 and run go mod tidy.
Paste your manifest — get back a fixed version with all CVEs patched in seconds.
Open PackageFix →No signup · No CLI · No GitHub connection · Runs 100% in your browser
CVE Details
| Field | Value |
|---|---|
| CVE ID | CVE-2022-27191 |
| Severity | HIGH |
| Package | golang.org/x/crypto (Go) |
| Safe version | v0.22.0 |
| CISA KEV | — |
| Description | Ssh connection hang via crafted client handshake |
Frequently Asked Questions
What is CVE-2022-27191?
CVE-2022-27191 is a HIGH severity vulnerability in golang.org/x/crypto (Go) that allows SSH connection hang via crafted client handshake. Update to v0.22.0 or later.
How do I fix CVE-2022-27191 in golang.org/x/crypto?
Update golang.org/x/crypto to version v0.22.0 in your go.mod and run go mod tidy.
Is CVE-2022-27191 being actively exploited?
Check packagefix.dev — the CISA KEV catalog updates daily.
How do I verify the fix for CVE-2022-27191?
After updating, paste your go.mod into PackageFix again. If CVE-2022-27191 no longer appears in the CVE table, the fix is applied.