diff --git a/detector/cve/cve202338408/cve202338408.go b/detector/cve/cve202338408/cve202338408.go
index d10c417d..12b633da 100644
--- a/detector/cve/cve202338408/cve202338408.go
+++ b/detector/cve/cve202338408/cve202338408.go
@@ -18,6 +18,7 @@ package cve202338408
 import (
 	"bufio"
 	"context"
+	"errors"
 	"fmt"
 	"os"
 	"os/exec"
@@ -69,6 +70,13 @@ func (Detector) Requirements() *plugin.Capabilities {
 // RequiredExtractors returns an empty list as there are no dependencies.
 func (Detector) RequiredExtractors() []string { return []string{} }
 
+func isVersionWithinRange(openSSHVersion string, lower string, upper string) (bool, error) {
+	lessEq, err1 := versionLessEqual(lower, openSSHVersion)
+	greaterEq, err2 := versionLessEqual(openSSHVersion, upper)
+
+	return lessEq && greaterEq, errors.Join(err1, err2)
+}
+
 // Scan checks for the presence of the OpenSSH CVE-2023-38408 vulnerability on the filesystem.
 func (d Detector) Scan(ctx context.Context, scanRoot *scalibrfs.ScanRoot, ix *inventoryindex.InventoryIndex) ([]*detector.Finding, error) {
 	// 1. OpenSSH between and 5.5 and 9.3p1 (inclusive)
@@ -77,7 +85,12 @@ func (d Detector) Scan(ctx context.Context, scanRoot *scalibrfs.ScanRoot, ix *in
 		log.Debugf("No OpenSSH version found")
 		return nil, nil
 	}
-	isVulnVersion := versionLessEqual("5.5", openSSHVersion) && versionLessEqual(openSSHVersion, "9.3p1")
+	isVulnVersion, err := isVersionWithinRange(openSSHVersion, "5.5", "9.3p1")
+
+	if err != nil {
+		return nil, err
+	}
+
 	if !isVulnVersion {
 		log.Debugf("Version %q not vuln", openSSHVersion)
 		return nil, nil
@@ -232,15 +245,11 @@ type fileLocations struct {
 	LineNumbers []int
 }
 
-func versionLessEqual(lower, upper string) bool {
+func versionLessEqual(lower, upper string) (bool, error) {
 	// Version format looks like this: 3.7.1p2, 3.7, 3.2.3, 2.9p2
 	r, err := semantic.MustParse(lower, "Packagist").CompareStr(upper)
 
-	if err != nil {
-		panic(err)
-	}
-
-	return r <= 0
+	return r <= 0, err
 }
 
 func findHistoryFiles() []string {