Vulnerabilites related to libssh - libssh
CVE-2023-6918 (GCVE-0-2023-6918)
Vulnerability from cvelistv5
Published
2023-12-18 23:27
Modified
2025-02-15 00:10
Severity ?
EPSS score ?
Summary
A flaw was found in the libssh implements abstract layer for message digest (MD) operations implemented by different supported crypto backends. The return values from these were not properly checked, which could cause low-memory situations failures, NULL dereferences, crashes, or usage of the uninitialized memory as an input for the KDF. In this case, non-matching keys will result in decryption/integrity failures, terminating the connection.
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2024:2504 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:3233 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/security/cve/CVE-2023-6918 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2254997 | issue-tracking, x_refsource_REDHAT | |
| https://www.libssh.org/2023/12/18/libssh-0-10-6-and-libssh-0-9-8-security-releases/ | ||
| https://www.libssh.org/security/advisories/CVE-2023-6918.txt |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Red Hat | Red Hat Enterprise Linux 8 |
Unaffected: 0:0.9.6-14.el8 < * cpe:/a:redhat:enterprise_linux:8::appstream cpe:/o:redhat:enterprise_linux:8::baseos |
|||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2025-02-15T00:10:29.989Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "RHSA-2024:2504", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:2504", }, { name: "RHSA-2024:3233", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:3233", }, { tags: [ "vdb-entry", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/security/cve/CVE-2023-6918", }, { name: "RHBZ#2254997", tags: [ "issue-tracking", "x_refsource_REDHAT", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2254997", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/", }, { tags: [ "x_transferred", ], url: "https://www.libssh.org/2023/12/18/libssh-0-10-6-and-libssh-0-9-8-security-releases/", }, { tags: [ "x_transferred", ], url: "https://www.libssh.org/security/advisories/CVE-2023-6918.txt", }, { url: "https://security.netapp.com/advisory/ntap-20250214-0009/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:8::appstream", "cpe:/o:redhat:enterprise_linux:8::baseos", ], defaultStatus: "affected", packageName: "libssh", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:0.9.6-14.el8", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:8::appstream", "cpe:/o:redhat:enterprise_linux:8::baseos", ], defaultStatus: "affected", packageName: "libssh", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:0.9.6-14.el8", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:9::baseos", "cpe:/a:redhat:enterprise_linux:9::appstream", ], defaultStatus: "affected", packageName: "libssh", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:0.10.4-13.el9", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:9::baseos", "cpe:/a:redhat:enterprise_linux:9::appstream", ], defaultStatus: "affected", packageName: "libssh", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:0.10.4-13.el9", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:6", ], defaultStatus: "unknown", packageName: "libssh2", product: "Red Hat Enterprise Linux 6", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:7", ], defaultStatus: "unknown", packageName: "libssh", product: "Red Hat Enterprise Linux 7", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:7", ], defaultStatus: "unknown", packageName: "libssh2", product: "Red Hat Enterprise Linux 7", vendor: "Red Hat", }, ], credits: [ { lang: "en", value: "Red Hat would like to thank Jack Weinstein (<mike.code.bb.h@gmail.com>) for reporting this issue.", }, ], datePublic: "2023-12-18T00:00:00.000Z", descriptions: [ { lang: "en", value: "A flaw was found in the libssh implements abstract layer for message digest (MD) operations implemented by different supported crypto backends. The return values from these were not properly checked, which could cause low-memory situations failures, NULL dereferences, crashes, or usage of the uninitialized memory as an input for the KDF. In this case, non-matching keys will result in decryption/integrity failures, terminating the connection.", }, ], metrics: [ { other: { content: { namespace: "https://access.redhat.com/security/updates/classification/", value: "Low", }, type: "Red Hat severity rating", }, }, { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-252", description: "Unchecked Return Value", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-24T12:54:46.775Z", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2024:2504", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:2504", }, { name: "RHSA-2024:3233", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:3233", }, { tags: [ "vdb-entry", "x_refsource_REDHAT", ], url: "https://access.redhat.com/security/cve/CVE-2023-6918", }, { name: "RHBZ#2254997", tags: [ "issue-tracking", "x_refsource_REDHAT", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2254997", }, { url: "https://www.libssh.org/2023/12/18/libssh-0-10-6-and-libssh-0-9-8-security-releases/", }, { url: "https://www.libssh.org/security/advisories/CVE-2023-6918.txt", }, ], timeline: [ { lang: "en", time: "2023-12-18T00:00:00+00:00", value: "Reported to Red Hat.", }, { lang: "en", time: "2023-12-18T00:00:00+00:00", value: "Made public.", }, ], title: "Libssh: missing checks for return values for digests", workarounds: [ { lang: "en", value: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", }, ], x_redhatCweChain: "CWE-252: Unchecked Return Value", }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2023-6918", datePublished: "2023-12-18T23:27:48.540Z", dateReserved: "2023-12-18T11:40:15.080Z", dateUpdated: "2025-02-15T00:10:29.989Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2014-8132 (GCVE-0-2014-8132)
Vulnerability from cvelistv5
Published
2014-12-29 00:00
Modified
2024-08-06 13:10
Severity ?
EPSS score ?
Summary
Double free vulnerability in the ssh_packet_kexinit function in kex.c in libssh 0.5.x and 0.6.x before 0.6.4 allows remote attackers to cause a denial of service via a crafted kexinit packet.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T13:10:51.048Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1158089", }, { name: "USN-2478-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2478-1", }, { name: "GLSA-201606-12", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/201606-12", }, { name: "FEDORA-2014-17324", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147464.html", }, { name: "DSA-3488", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2016/dsa-3488", }, { name: "FEDORA-2014-17303", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147452.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.libssh.org/2014/12/19/libssh-0-6-4-security-and-bugfix-release/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://advisories.mageia.org/MGASA-2015-0014.html", }, { name: "60838", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/60838", }, { name: "MDVSA-2015:020", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2015:020", }, { name: "openSUSE-SU-2015:0017", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-updates/2015-01/msg00007.html", }, { name: "FEDORA-2014-17354", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147367.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2014-12-19T00:00:00", descriptions: [ { lang: "en", value: "Double free vulnerability in the ssh_packet_kexinit function in kex.c in libssh 0.5.x and 0.6.x before 0.6.4 allows remote attackers to cause a denial of service via a crafted kexinit packet.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-12-30T16:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1158089", }, { name: "USN-2478-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2478-1", }, { name: "GLSA-201606-12", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/201606-12", }, { name: "FEDORA-2014-17324", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147464.html", }, { name: "DSA-3488", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2016/dsa-3488", }, { name: "FEDORA-2014-17303", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147452.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.libssh.org/2014/12/19/libssh-0-6-4-security-and-bugfix-release/", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://advisories.mageia.org/MGASA-2015-0014.html", }, { name: "60838", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/60838", }, { name: "MDVSA-2015:020", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2015:020", }, { name: "openSUSE-SU-2015:0017", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-updates/2015-01/msg00007.html", }, { name: "FEDORA-2014-17354", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147367.html", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2014-8132", datePublished: "2014-12-29T00:00:00", dateReserved: "2014-10-10T00:00:00", dateUpdated: "2024-08-06T13:10:51.048Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2023-2283 (GCVE-0-2023-2283)
Vulnerability from cvelistv5
Published
2023-05-26 00:00
Modified
2024-08-02 06:19
Severity ?
EPSS score ?
Summary
A vulnerability was found in libssh, where the authentication check of the connecting client can be bypassed in the`pki_verify_data_signature` function in memory allocation problems. This issue may happen if there is insufficient memory or the memory usage is limited. The problem is caused by the return value `rc,` which is initialized to SSH_ERROR and later rewritten to save the return value of the function call `pki_key_check_hash_compatible.` The value of the variable is not changed between this point and the cryptographic verification. Therefore any error between them calls `goto error` returning SSH_OK.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T06:19:14.319Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://access.redhat.com/security/cve/CVE-2023-2283", }, { tags: [ "x_transferred", ], url: "https://www.libssh.org/security/advisories/CVE-2023-2283.txt", }, { tags: [ "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2189736", }, { name: "FEDORA-2023-5fa5ca2043", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/27PD44ALQTZXX7K6JAM3BXBUHYA6DFFN/", }, { tags: [ "x_transferred", ], url: "http://packetstormsecurity.com/files/172861/libssh-0.9.6-0.10.4-pki_verify_data_signature-Authorization-Bypass.html", }, { name: "GLSA-202312-05", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202312-05", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20240201-0005/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "libssh", vendor: "n/a", versions: [ { status: "affected", version: "libssh-2", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability was found in libssh, where the authentication check of the connecting client can be bypassed in the`pki_verify_data_signature` function in memory allocation problems. This issue may happen if there is insufficient memory or the memory usage is limited. The problem is caused by the return value `rc,` which is initialized to SSH_ERROR and later rewritten to save the return value of the function call `pki_key_check_hash_compatible.` The value of the variable is not changed between this point and the cryptographic verification. Therefore any error between them calls `goto error` returning SSH_OK.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-287", description: "CWE-287", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-02-01T17:06:59.699395", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { url: "https://access.redhat.com/security/cve/CVE-2023-2283", }, { url: "https://www.libssh.org/security/advisories/CVE-2023-2283.txt", }, { url: "https://bugzilla.redhat.com/show_bug.cgi?id=2189736", }, { name: "FEDORA-2023-5fa5ca2043", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/27PD44ALQTZXX7K6JAM3BXBUHYA6DFFN/", }, { url: "http://packetstormsecurity.com/files/172861/libssh-0.9.6-0.10.4-pki_verify_data_signature-Authorization-Bypass.html", }, { name: "GLSA-202312-05", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202312-05", }, { url: "https://security.netapp.com/advisory/ntap-20240201-0005/", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2023-2283", datePublished: "2023-05-26T00:00:00", dateReserved: "2023-04-25T00:00:00", dateUpdated: "2024-08-02T06:19:14.319Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2013-0176 (GCVE-0-2013-0176)
Vulnerability from cvelistv5
Published
2013-02-05 23:11
Modified
2024-08-06 14:18
Severity ?
EPSS score ?
Summary
The publickey_from_privatekey function in libssh before 0.5.4, when no algorithm is matched during negotiations, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a "Client: Diffie-Hellman Key Exchange Init" packet.
References
| ▼ | URL | Tags |
|---|---|---|
| http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098094.html | vendor-advisory, x_refsource_FEDORA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/81595 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/51982 | third-party-advisory, x_refsource_SECUNIA | |
| http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098065.html | vendor-advisory, x_refsource_FEDORA | |
| http://www.ubuntu.com/usn/USN-1707-1 | vendor-advisory, x_refsource_UBUNTU | |
| http://www.libssh.org/2013/01/22/libssh-0-5-4-security-release/ | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T14:18:09.365Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "FEDORA-2013-1407", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098094.html", }, { name: "libssh-publickeyfromprivatekey-dos(81595)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/81595", }, { name: "51982", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/51982", }, { name: "FEDORA-2013-1422", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098065.html", }, { name: "USN-1707-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-1707-1", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.libssh.org/2013/01/22/libssh-0-5-4-security-release/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2013-01-22T00:00:00", descriptions: [ { lang: "en", value: "The publickey_from_privatekey function in libssh before 0.5.4, when no algorithm is matched during negotiations, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a \"Client: Diffie-Hellman Key Exchange Init\" packet.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-28T12:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "FEDORA-2013-1407", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098094.html", }, { name: "libssh-publickeyfromprivatekey-dos(81595)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/81595", }, { name: "51982", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/51982", }, { name: "FEDORA-2013-1422", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098065.html", }, { name: "USN-1707-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-1707-1", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.libssh.org/2013/01/22/libssh-0-5-4-security-release/", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2013-0176", datePublished: "2013-02-05T23:11:00", dateReserved: "2012-12-06T00:00:00", dateUpdated: "2024-08-06T14:18:09.365Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2012-6063 (GCVE-0-2012-6063)
Vulnerability from cvelistv5
Published
2012-11-30 22:00
Modified
2024-08-06 21:21
Severity ?
EPSS score ?
Summary
Double free vulnerability in the sftp_mkdir function in sftp.c in libssh before 0.5.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors, a different vector than CVE-2012-4559.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=871612 | x_refsource_MISC | |
| http://www.debian.org/security/2012/dsa-2577 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.libssh.org/2012/11/20/libssh-0-5-3-security-release/ | x_refsource_CONFIRM | |
| http://git.libssh.org/projects/libssh.git/commit/?h=v0-5&id=4d8420f3282ed07fc99fc5e930c17df27ef1e9b2 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T21:21:28.545Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=871612", }, { name: "DSA-2577", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2012/dsa-2577", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.libssh.org/2012/11/20/libssh-0-5-3-security-release/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://git.libssh.org/projects/libssh.git/commit/?h=v0-5&id=4d8420f3282ed07fc99fc5e930c17df27ef1e9b2", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2012-11-20T00:00:00", descriptions: [ { lang: "en", value: "Double free vulnerability in the sftp_mkdir function in sftp.c in libssh before 0.5.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors, a different vector than CVE-2012-4559.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2012-12-19T10:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=871612", }, { name: "DSA-2577", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2012/dsa-2577", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.libssh.org/2012/11/20/libssh-0-5-3-security-release/", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://git.libssh.org/projects/libssh.git/commit/?h=v0-5&id=4d8420f3282ed07fc99fc5e930c17df27ef1e9b2", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2012-6063", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Double free vulnerability in the sftp_mkdir function in sftp.c in libssh before 0.5.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors, a different vector than CVE-2012-4559.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://bugzilla.redhat.com/show_bug.cgi?id=871612", refsource: "MISC", url: "https://bugzilla.redhat.com/show_bug.cgi?id=871612", }, { name: "DSA-2577", refsource: "DEBIAN", url: "http://www.debian.org/security/2012/dsa-2577", }, { name: "http://www.libssh.org/2012/11/20/libssh-0-5-3-security-release/", refsource: "CONFIRM", url: "http://www.libssh.org/2012/11/20/libssh-0-5-3-security-release/", }, { name: "http://git.libssh.org/projects/libssh.git/commit/?h=v0-5&id=4d8420f3282ed07fc99fc5e930c17df27ef1e9b2", refsource: "CONFIRM", url: "http://git.libssh.org/projects/libssh.git/commit/?h=v0-5&id=4d8420f3282ed07fc99fc5e930c17df27ef1e9b2", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2012-6063", datePublished: "2012-11-30T22:00:00", dateReserved: "2012-11-30T00:00:00", dateUpdated: "2024-08-06T21:21:28.545Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2023-6004 (GCVE-0-2023-6004)
Vulnerability from cvelistv5
Published
2024-01-03 17:01
Modified
2024-11-24 12:54
Severity ?
EPSS score ?
Summary
A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit unchecked hostname syntax on the client. This issue may allow an attacker to inject malicious code into the command of the features mentioned through the hostname parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2024:2504 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:3233 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/security/cve/CVE-2023-6004 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2251110 | issue-tracking, x_refsource_REDHAT | |
| https://www.libssh.org/security/advisories/CVE-2023-6004.txt |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Red Hat | Red Hat Enterprise Linux 8 |
Unaffected: 0:0.9.6-14.el8 < * cpe:/a:redhat:enterprise_linux:8::appstream cpe:/o:redhat:enterprise_linux:8::baseos |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T08:14:25.140Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "RHSA-2024:2504", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:2504", }, { name: "RHSA-2024:3233", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:3233", }, { tags: [ "vdb-entry", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/security/cve/CVE-2023-6004", }, { name: "RHBZ#2251110", tags: [ "issue-tracking", "x_refsource_REDHAT", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2251110", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20240223-0004/", }, { tags: [ "x_transferred", ], url: "https://www.libssh.org/security/advisories/CVE-2023-6004.txt", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:8::appstream", "cpe:/o:redhat:enterprise_linux:8::baseos", ], defaultStatus: "affected", packageName: "libssh", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:0.9.6-14.el8", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:8::appstream", "cpe:/o:redhat:enterprise_linux:8::baseos", ], defaultStatus: "affected", packageName: "libssh", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:0.9.6-14.el8", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:9::baseos", "cpe:/a:redhat:enterprise_linux:9::appstream", ], defaultStatus: "affected", packageName: "libssh", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:0.10.4-13.el9", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:9::baseos", "cpe:/a:redhat:enterprise_linux:9::appstream", ], defaultStatus: "affected", packageName: "libssh", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:0.10.4-13.el9", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:7", ], defaultStatus: "unknown", packageName: "libssh", product: "Red Hat Enterprise Linux 7", vendor: "Red Hat", }, ], credits: [ { lang: "en", value: "Red Hat would like to thank Norbert Pocs (libssh) and vinci@protonmail.ch for reporting this issue.", }, ], datePublic: "2023-12-18T00:00:00+00:00", descriptions: [ { lang: "en", value: "A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit unchecked hostname syntax on the client. This issue may allow an attacker to inject malicious code into the command of the features mentioned through the hostname parameter.", }, ], metrics: [ { other: { content: { namespace: "https://access.redhat.com/security/updates/classification/", value: "Low", }, type: "Red Hat severity rating", }, }, { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-74", description: "Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-24T12:54:16.729Z", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2024:2504", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:2504", }, { name: "RHSA-2024:3233", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:3233", }, { tags: [ "vdb-entry", "x_refsource_REDHAT", ], url: "https://access.redhat.com/security/cve/CVE-2023-6004", }, { name: "RHBZ#2251110", tags: [ "issue-tracking", "x_refsource_REDHAT", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2251110", }, { url: "https://www.libssh.org/security/advisories/CVE-2023-6004.txt", }, ], timeline: [ { lang: "en", time: "2023-11-22T00:00:00+00:00", value: "Reported to Red Hat.", }, { lang: "en", time: "2023-12-18T00:00:00+00:00", value: "Made public.", }, ], title: "Libssh: proxycommand/proxyjump features allow injection of malicious code through hostname", workarounds: [ { lang: "en", value: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", }, ], x_redhatCweChain: "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2023-6004", datePublished: "2024-01-03T17:01:38.672Z", dateReserved: "2023-11-07T23:07:50.073Z", dateUpdated: "2024-11-24T12:54:16.729Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2023-3603 (GCVE-0-2023-3603)
Vulnerability from cvelistv5
Published
2023-07-21 19:09
Modified
2024-09-26 20:04
Severity ?
EPSS score ?
Summary
A missing allocation check in sftp server processing read requests may cause a NULL dereference on low-memory conditions. The malicious client can request up to 4GB SFTP reads, causing allocation of up to 4GB buffers, which was not being checked for failure. This will likely crash the authenticated user's sftp server connection (if implemented as forking as recommended). For thread-based servers, this might also cause DoS for legitimate users.
Given this code is not in any released versions, no security releases have been issued.
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2023-3603 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2221791 | issue-tracking, x_refsource_REDHAT |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | n/a | libssh | |||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T07:01:56.718Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vdb-entry", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/security/cve/CVE-2023-3603", }, { name: "RHBZ#2221791", tags: [ "issue-tracking", "x_refsource_REDHAT", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2221791", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-3603", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-26T20:04:28.247195Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-26T20:04:43.251Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "affected", product: "libssh", vendor: "n/a", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:7", ], defaultStatus: "unaffected", packageName: "libssh", product: "Red Hat Enterprise Linux 7", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:8", ], defaultStatus: "unaffected", packageName: "libssh", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:9", ], defaultStatus: "unaffected", packageName: "libssh", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", }, { collectionURL: "https://packages.fedoraproject.org/", defaultStatus: "unaffected", packageName: "libssh", product: "Extra Packages for Enterprise Linux 7", vendor: "Fedora", }, { collectionURL: "https://packages.fedoraproject.org/", defaultStatus: "unaffected", packageName: "libssh", product: "Fedora", vendor: "Fedora", }, ], credits: [ { lang: "en", value: "Upstream acknowledges Wei Chong Tan as the original reporter.", }, ], datePublic: "2023-07-10T00:00:00+00:00", descriptions: [ { lang: "en", value: "A missing allocation check in sftp server processing read requests may cause a NULL dereference on low-memory conditions. The malicious client can request up to 4GB SFTP reads, causing allocation of up to 4GB buffers, which was not being checked for failure. This will likely crash the authenticated user's sftp server connection (if implemented as forking as recommended). For thread-based servers, this might also cause DoS for legitimate users.\r\n\r\nGiven this code is not in any released versions, no security releases have been issued.", }, ], metrics: [ { other: { content: { namespace: "https://access.redhat.com/security/updates/classification/", value: "Low", }, type: "Red Hat severity rating", }, }, { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 3.1, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-476", description: "NULL Pointer Dereference", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-01-23T00:58:36.996Z", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "vdb-entry", "x_refsource_REDHAT", ], url: "https://access.redhat.com/security/cve/CVE-2023-3603", }, { name: "RHBZ#2221791", tags: [ "issue-tracking", "x_refsource_REDHAT", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2221791", }, ], timeline: [ { lang: "en", time: "2023-07-10T00:00:00+00:00", value: "Reported to Red Hat.", }, { lang: "en", time: "2023-07-10T00:00:00+00:00", value: "Made public.", }, ], title: "Processing sftp server read may cause null dereference", workarounds: [ { lang: "en", value: "The SFTP server implementation is based on callbacks so you can rewrite the sftp_channel_default_data_callback() to provide additional checks.\n\n[1] https://gitlab.com/libssh/libssh-mirror/-/blob/master/examples/sample_sftpserver.c#L330", }, ], x_redhatCweChain: "CWE-476: NULL Pointer Dereference", }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2023-3603", datePublished: "2023-07-21T19:09:44.083Z", dateReserved: "2023-07-10T18:21:21.431Z", dateUpdated: "2024-09-26T20:04:43.251Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2015-3146 (GCVE-0-2015-3146)
Vulnerability from cvelistv5
Published
2016-04-13 17:00
Modified
2024-08-06 05:39
Severity ?
EPSS score ?
Summary
The (1) SSH_MSG_NEWKEYS and (2) SSH_MSG_KEXDH_REPLY packet handlers in package_cb.c in libssh before 0.6.5 do not properly validate state, which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted SSH packet.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ubuntu.com/usn/USN-2912-1 | vendor-advisory, x_refsource_UBUNTU | |
| http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161802.html | vendor-advisory, x_refsource_FEDORA | |
| https://www.libssh.org/security/advisories/CVE-2015-3146.txt | x_refsource_CONFIRM | |
| http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158013.html | vendor-advisory, x_refsource_FEDORA | |
| https://www.libssh.org/2015/04/30/libssh-0-6-5-security-and-bugfix-release/ | x_refsource_CONFIRM | |
| http://www.debian.org/security/2016/dsa-3488 | vendor-advisory, x_refsource_DEBIAN | |
| https://git.libssh.org/projects/libssh.git/commit/?h=libssh-0.6.5&id=94f6955fbaee6fda9385a23e505497efe21f5b4f | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T05:39:32.028Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "USN-2912-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2912-1", }, { name: "FEDORA-2015-10962", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161802.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.libssh.org/security/advisories/CVE-2015-3146.txt", }, { name: "FEDORA-2015-7590", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158013.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.libssh.org/2015/04/30/libssh-0-6-5-security-and-bugfix-release/", }, { name: "DSA-3488", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2016/dsa-3488", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://git.libssh.org/projects/libssh.git/commit/?h=libssh-0.6.5&id=94f6955fbaee6fda9385a23e505497efe21f5b4f", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2015-04-30T00:00:00", descriptions: [ { lang: "en", value: "The (1) SSH_MSG_NEWKEYS and (2) SSH_MSG_KEXDH_REPLY packet handlers in package_cb.c in libssh before 0.6.5 do not properly validate state, which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted SSH packet.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-04-13T16:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "USN-2912-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2912-1", }, { name: "FEDORA-2015-10962", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161802.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.libssh.org/security/advisories/CVE-2015-3146.txt", }, { name: "FEDORA-2015-7590", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158013.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.libssh.org/2015/04/30/libssh-0-6-5-security-and-bugfix-release/", }, { name: "DSA-3488", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2016/dsa-3488", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://git.libssh.org/projects/libssh.git/commit/?h=libssh-0.6.5&id=94f6955fbaee6fda9385a23e505497efe21f5b4f", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2015-3146", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The (1) SSH_MSG_NEWKEYS and (2) SSH_MSG_KEXDH_REPLY packet handlers in package_cb.c in libssh before 0.6.5 do not properly validate state, which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted SSH packet.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "USN-2912-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-2912-1", }, { name: "FEDORA-2015-10962", refsource: "FEDORA", url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161802.html", }, { name: "https://www.libssh.org/security/advisories/CVE-2015-3146.txt", refsource: "CONFIRM", url: "https://www.libssh.org/security/advisories/CVE-2015-3146.txt", }, { name: "FEDORA-2015-7590", refsource: "FEDORA", url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158013.html", }, { name: "https://www.libssh.org/2015/04/30/libssh-0-6-5-security-and-bugfix-release/", refsource: "CONFIRM", url: "https://www.libssh.org/2015/04/30/libssh-0-6-5-security-and-bugfix-release/", }, { name: "DSA-3488", refsource: "DEBIAN", url: "http://www.debian.org/security/2016/dsa-3488", }, { name: "https://git.libssh.org/projects/libssh.git/commit/?h=libssh-0.6.5&id=94f6955fbaee6fda9385a23e505497efe21f5b4f", refsource: "CONFIRM", url: "https://git.libssh.org/projects/libssh.git/commit/?h=libssh-0.6.5&id=94f6955fbaee6fda9385a23e505497efe21f5b4f", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2015-3146", datePublished: "2016-04-13T17:00:00", dateReserved: "2015-04-10T00:00:00", dateUpdated: "2024-08-06T05:39:32.028Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2012-4561 (GCVE-0-2012-4561)
Vulnerability from cvelistv5
Published
2012-11-30 22:00
Modified
2024-08-06 20:42
Severity ?
EPSS score ?
Summary
The (1) publickey_make_dss, (2) publickey_make_rsa, (3) signature_from_string, (4) ssh_do_sign, and (5) ssh_sign_session_id functions in keys.c in libssh before 0.5.3 free "an invalid pointer on an error path," which might allow remote attackers to cause a denial of service (crash) via unspecified vectors.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T20:42:53.678Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "DSA-2577", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2012/dsa-2577", }, { name: "MDVSA-2012:175", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2012:175", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=871617", }, { name: "USN-1640-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-1640-1", }, { name: "openSUSE-SU-2013:0130", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-updates/2013-01/msg00021.html", }, { name: "openSUSE-SU-2012:1622", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-updates/2012-12/msg00016.html", }, { name: "FEDORA-2012-18610", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/093313.html", }, { name: "openSUSE-SU-2012:1620", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00002.html", }, { name: "[oss-security] 20121120 libssh 0.5.3 release fixes multiple security issues", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2012/11/20/3", }, { name: "libssh-multiple-dos(80220)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/80220", }, { name: "FEDORA-2012-18677", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/093474.html", }, { name: "56604", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/56604", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.libssh.org/2012/11/20/libssh-0-5-3-security-release/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2012-11-20T00:00:00", descriptions: [ { lang: "en", value: "The (1) publickey_make_dss, (2) publickey_make_rsa, (3) signature_from_string, (4) ssh_do_sign, and (5) ssh_sign_session_id functions in keys.c in libssh before 0.5.3 free \"an invalid pointer on an error path,\" which might allow remote attackers to cause a denial of service (crash) via unspecified vectors.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-28T12:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "DSA-2577", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2012/dsa-2577", }, { name: "MDVSA-2012:175", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2012:175", }, { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=871617", }, { name: "USN-1640-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-1640-1", }, { name: "openSUSE-SU-2013:0130", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-updates/2013-01/msg00021.html", }, { name: "openSUSE-SU-2012:1622", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-updates/2012-12/msg00016.html", }, { name: "FEDORA-2012-18610", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/093313.html", }, { name: "openSUSE-SU-2012:1620", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00002.html", }, { name: "[oss-security] 20121120 libssh 0.5.3 release fixes multiple security issues", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2012/11/20/3", }, { name: "libssh-multiple-dos(80220)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/80220", }, { name: "FEDORA-2012-18677", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/093474.html", }, { name: "56604", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/56604", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.libssh.org/2012/11/20/libssh-0-5-3-security-release/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2012-4561", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The (1) publickey_make_dss, (2) publickey_make_rsa, (3) signature_from_string, (4) ssh_do_sign, and (5) ssh_sign_session_id functions in keys.c in libssh before 0.5.3 free \"an invalid pointer on an error path,\" which might allow remote attackers to cause a denial of service (crash) via unspecified vectors.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "DSA-2577", refsource: "DEBIAN", url: "http://www.debian.org/security/2012/dsa-2577", }, { name: "MDVSA-2012:175", refsource: "MANDRIVA", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2012:175", }, { name: "https://bugzilla.redhat.com/show_bug.cgi?id=871617", refsource: "MISC", url: "https://bugzilla.redhat.com/show_bug.cgi?id=871617", }, { name: "USN-1640-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-1640-1", }, { name: "openSUSE-SU-2013:0130", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-updates/2013-01/msg00021.html", }, { name: "openSUSE-SU-2012:1622", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-updates/2012-12/msg00016.html", }, { name: "FEDORA-2012-18610", refsource: "FEDORA", url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/093313.html", }, { name: "openSUSE-SU-2012:1620", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00002.html", }, { name: "[oss-security] 20121120 libssh 0.5.3 release fixes multiple security issues", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2012/11/20/3", }, { name: "libssh-multiple-dos(80220)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/80220", }, { name: "FEDORA-2012-18677", refsource: "FEDORA", url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/093474.html", }, { name: "56604", refsource: "BID", url: "http://www.securityfocus.com/bid/56604", }, { name: "http://www.libssh.org/2012/11/20/libssh-0-5-3-security-release/", refsource: "CONFIRM", url: "http://www.libssh.org/2012/11/20/libssh-0-5-3-security-release/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2012-4561", datePublished: "2012-11-30T22:00:00", dateReserved: "2012-08-21T00:00:00", dateUpdated: "2024-08-06T20:42:53.678Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2016-0739 (GCVE-0-2016-0739)
Vulnerability from cvelistv5
Published
2016-04-13 17:00
Modified
2024-08-05 22:30
Severity ?
EPSS score ?
Summary
libssh before 0.7.3 improperly truncates ephemeral secrets generated for the (1) diffie-hellman-group1 and (2) diffie-hellman-group14 key exchange methods to 128 bits, which makes it easier for man-in-the-middle attackers to decrypt or intercept SSH sessions via unspecified vectors, aka a "bits/bytes confusion bug."
References
| ▼ | URL | Tags |
|---|---|---|
| http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178058.html | vendor-advisory, x_refsource_FEDORA | |
| http://www.ubuntu.com/usn/USN-2912-1 | vendor-advisory, x_refsource_UBUNTU | |
| https://www.libssh.org/security/advisories/CVE-2016-0739.txt | x_refsource_CONFIRM | |
| https://puppet.com/security/cve/CVE-2016-0739 | x_refsource_CONFIRM | |
| http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178822.html | vendor-advisory, x_refsource_FEDORA | |
| https://security.gentoo.org/glsa/201606-12 | vendor-advisory, x_refsource_GENTOO | |
| http://www.debian.org/security/2016/dsa-3488 | vendor-advisory, x_refsource_DEBIAN | |
| http://rhn.redhat.com/errata/RHSA-2016-0566.html | vendor-advisory, x_refsource_REDHAT | |
| https://www.libssh.org/2016/02/23/libssh-0-7-3-security-and-bugfix-release/ | x_refsource_CONFIRM | |
| http://lists.opensuse.org/opensuse-updates/2016-03/msg00111.html | vendor-advisory, x_refsource_SUSE |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T22:30:04.158Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "FEDORA-2016-d9f950c779", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178058.html", }, { name: "USN-2912-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2912-1", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.libssh.org/security/advisories/CVE-2016-0739.txt", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://puppet.com/security/cve/CVE-2016-0739", }, { name: "FEDORA-2016-dc9e8da03c", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178822.html", }, { name: "GLSA-201606-12", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/201606-12", }, { name: "DSA-3488", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2016/dsa-3488", }, { name: "RHSA-2016:0566", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2016-0566.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.libssh.org/2016/02/23/libssh-0-7-3-security-and-bugfix-release/", }, { name: "openSUSE-SU-2016:0880", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-updates/2016-03/msg00111.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-02-23T00:00:00", descriptions: [ { lang: "en", value: "libssh before 0.7.3 improperly truncates ephemeral secrets generated for the (1) diffie-hellman-group1 and (2) diffie-hellman-group14 key exchange methods to 128 bits, which makes it easier for man-in-the-middle attackers to decrypt or intercept SSH sessions via unspecified vectors, aka a \"bits/bytes confusion bug.\"", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-12-08T10:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "FEDORA-2016-d9f950c779", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178058.html", }, { name: "USN-2912-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2912-1", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.libssh.org/security/advisories/CVE-2016-0739.txt", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://puppet.com/security/cve/CVE-2016-0739", }, { name: "FEDORA-2016-dc9e8da03c", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178822.html", }, { name: "GLSA-201606-12", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/201606-12", }, { name: "DSA-3488", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2016/dsa-3488", }, { name: "RHSA-2016:0566", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2016-0566.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.libssh.org/2016/02/23/libssh-0-7-3-security-and-bugfix-release/", }, { name: "openSUSE-SU-2016:0880", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-updates/2016-03/msg00111.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2016-0739", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "libssh before 0.7.3 improperly truncates ephemeral secrets generated for the (1) diffie-hellman-group1 and (2) diffie-hellman-group14 key exchange methods to 128 bits, which makes it easier for man-in-the-middle attackers to decrypt or intercept SSH sessions via unspecified vectors, aka a \"bits/bytes confusion bug.\"", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "FEDORA-2016-d9f950c779", refsource: "FEDORA", url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178058.html", }, { name: "USN-2912-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-2912-1", }, { name: "https://www.libssh.org/security/advisories/CVE-2016-0739.txt", refsource: "CONFIRM", url: "https://www.libssh.org/security/advisories/CVE-2016-0739.txt", }, { name: "https://puppet.com/security/cve/CVE-2016-0739", refsource: "CONFIRM", url: "https://puppet.com/security/cve/CVE-2016-0739", }, { name: "FEDORA-2016-dc9e8da03c", refsource: "FEDORA", url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178822.html", }, { name: "GLSA-201606-12", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/201606-12", }, { name: "DSA-3488", refsource: "DEBIAN", url: "http://www.debian.org/security/2016/dsa-3488", }, { name: "RHSA-2016:0566", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2016-0566.html", }, { name: "https://www.libssh.org/2016/02/23/libssh-0-7-3-security-and-bugfix-release/", refsource: "CONFIRM", url: "https://www.libssh.org/2016/02/23/libssh-0-7-3-security-and-bugfix-release/", }, { name: "openSUSE-SU-2016:0880", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-updates/2016-03/msg00111.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2016-0739", datePublished: "2016-04-13T17:00:00", dateReserved: "2015-12-16T00:00:00", dateUpdated: "2024-08-05T22:30:04.158Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2021-3634 (GCVE-0-2021-3634)
Vulnerability from cvelistv5
Published
2021-08-31 00:00
Modified
2024-08-03 17:01
Severity ?
EPSS score ?
Summary
A flaw has been found in libssh in versions prior to 0.9.6. The SSH protocol keeps track of two shared secrets during the lifetime of the session. One of them is called secret_hash and the other session_id. Initially, both of them are the same, but after key re-exchange, previous session_id is kept and used as an input to new secret_hash. Historically, both of these buffers had shared length variable, which worked as long as these buffers were same. But the key re-exchange operation can also change the key exchange method, which can be based on hash of different size, eventually creating "secret_hash" of different size than the session_id has. This becomes an issue when the session_id memory is zeroed or when it is used again during second key re-exchange.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T17:01:07.562Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1978810", }, { name: "DSA-4965", tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.debian.org/security/2021/dsa-4965", }, { name: "FEDORA-2021-ec797b6a96", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVWAAB2XMKEUMPMDALINKAA4U2QM4LNG/", }, { name: "FEDORA-2021-288925ac19", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JKYD3ZRAMDAQX3ZW6THHUF3GXN7FF6B4/", }, { name: "FEDORA-2021-f2a020a065", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DRK67AJCWYYVAGF5SGAHNZXCX3PN3ZFP/", }, { tags: [ "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20211004-0003/", }, { name: "GLSA-202312-05", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202312-05", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "libssh", vendor: "n/a", versions: [ { status: "affected", version: "libssh 0.9.6", }, ], }, ], descriptions: [ { lang: "en", value: "A flaw has been found in libssh in versions prior to 0.9.6. The SSH protocol keeps track of two shared secrets during the lifetime of the session. One of them is called secret_hash and the other session_id. Initially, both of them are the same, but after key re-exchange, previous session_id is kept and used as an input to new secret_hash. Historically, both of these buffers had shared length variable, which worked as long as these buffers were same. But the key re-exchange operation can also change the key exchange method, which can be based on hash of different size, eventually creating \"secret_hash\" of different size than the session_id has. This becomes an issue when the session_id memory is zeroed or when it is used again during second key re-exchange.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-22T10:06:14.732204", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { url: "https://bugzilla.redhat.com/show_bug.cgi?id=1978810", }, { name: "DSA-4965", tags: [ "vendor-advisory", ], url: "https://www.debian.org/security/2021/dsa-4965", }, { name: "FEDORA-2021-ec797b6a96", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVWAAB2XMKEUMPMDALINKAA4U2QM4LNG/", }, { name: "FEDORA-2021-288925ac19", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JKYD3ZRAMDAQX3ZW6THHUF3GXN7FF6B4/", }, { name: "FEDORA-2021-f2a020a065", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DRK67AJCWYYVAGF5SGAHNZXCX3PN3ZFP/", }, { url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { url: "https://security.netapp.com/advisory/ntap-20211004-0003/", }, { name: "GLSA-202312-05", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202312-05", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2021-3634", datePublished: "2021-08-31T00:00:00", dateReserved: "2021-07-02T00:00:00", dateUpdated: "2024-08-03T17:01:07.562Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2012-4560 (GCVE-0-2012-4560)
Vulnerability from cvelistv5
Published
2012-11-30 22:00
Modified
2024-08-06 20:42
Severity ?
EPSS score ?
Summary
Multiple buffer overflows in libssh before 0.5.3 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T20:42:54.633Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "MDVSA-2012:175", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2012:175", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=871614", }, { name: "USN-1640-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-1640-1", }, { name: "openSUSE-SU-2013:0130", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-updates/2013-01/msg00021.html", }, { name: "openSUSE-SU-2012:1622", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-updates/2012-12/msg00016.html", }, { name: "FEDORA-2012-18610", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/093313.html", }, { name: "libssh-multiple-bo(80219)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/80219", }, { name: "openSUSE-SU-2012:1620", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00002.html", }, { name: "[oss-security] 20121120 libssh 0.5.3 release fixes multiple security issues", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2012/11/20/3", }, { name: "FEDORA-2012-18677", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/093474.html", }, { name: "56604", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/56604", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.libssh.org/2012/11/20/libssh-0-5-3-security-release/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2012-11-20T00:00:00", descriptions: [ { lang: "en", value: "Multiple buffer overflows in libssh before 0.5.3 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-28T12:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "MDVSA-2012:175", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2012:175", }, { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=871614", }, { name: "USN-1640-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-1640-1", }, { name: "openSUSE-SU-2013:0130", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-updates/2013-01/msg00021.html", }, { name: "openSUSE-SU-2012:1622", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-updates/2012-12/msg00016.html", }, { name: "FEDORA-2012-18610", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/093313.html", }, { name: "libssh-multiple-bo(80219)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/80219", }, { name: "openSUSE-SU-2012:1620", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00002.html", }, { name: "[oss-security] 20121120 libssh 0.5.3 release fixes multiple security issues", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2012/11/20/3", }, { name: "FEDORA-2012-18677", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/093474.html", }, { name: "56604", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/56604", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.libssh.org/2012/11/20/libssh-0-5-3-security-release/", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2012-4560", datePublished: "2012-11-30T22:00:00", dateReserved: "2012-08-21T00:00:00", dateUpdated: "2024-08-06T20:42:54.633Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2020-1730 (GCVE-0-2020-1730)
Vulnerability from cvelistv5
Published
2020-04-13 00:00
Modified
2024-08-04 06:46
Severity ?
EPSS score ?
Summary
A flaw was found in libssh versions before 0.8.9 and before 0.9.4 in the way it handled AES-CTR (or DES ciphers if enabled) ciphers. The server or client could crash when the connection hasn't been fully initialized and the system tries to cleanup the ciphers when closing the connection. The biggest threat from this vulnerability is system availability.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T06:46:30.844Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "FEDORA-2020-5a77f0d68f", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VLSWHBQ3EPKGTGLQNH554Z746BJ3C554/", }, { name: "USN-4327-1", tags: [ "vendor-advisory", "x_transferred", ], url: "https://usn.ubuntu.com/4327-1/", }, { name: "FEDORA-2020-6cad41abb0", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2A7BIFKUYIYKTY7FX4BEWVC2OHS5DPOU/", }, { tags: [ "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { tags: [ "x_transferred", ], url: "https://www.libssh.org/security/advisories/CVE-2020-1730.txt", }, { tags: [ "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1730", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20200424-0001/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "libssh", vendor: "Red Hat", versions: [ { status: "affected", version: "libssh versions before 0.8.9", }, { status: "affected", version: "libssh versions before 0.9.4", }, ], }, ], descriptions: [ { lang: "en", value: "A flaw was found in libssh versions before 0.8.9 and before 0.9.4 in the way it handled AES-CTR (or DES ciphers if enabled) ciphers. The server or client could crash when the connection hasn't been fully initialized and the system tries to cleanup the ciphers when closing the connection. The biggest threat from this vulnerability is system availability.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-476", description: "CWE-476", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-10-07T00:00:00", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "FEDORA-2020-5a77f0d68f", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VLSWHBQ3EPKGTGLQNH554Z746BJ3C554/", }, { name: "USN-4327-1", tags: [ "vendor-advisory", ], url: "https://usn.ubuntu.com/4327-1/", }, { name: "FEDORA-2020-6cad41abb0", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2A7BIFKUYIYKTY7FX4BEWVC2OHS5DPOU/", }, { url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { url: "https://www.libssh.org/security/advisories/CVE-2020-1730.txt", }, { url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1730", }, { url: "https://security.netapp.com/advisory/ntap-20200424-0001/", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2020-1730", datePublished: "2020-04-13T00:00:00", dateReserved: "2019-11-27T00:00:00", dateUpdated: "2024-08-04T06:46:30.844Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2019-14889 (GCVE-0-2019-14889)
Vulnerability from cvelistv5
Published
2019-12-10 00:00
Modified
2024-08-05 00:26
Severity ?
EPSS score ?
Summary
A flaw was found with the libssh API function ssh_scp_new() in versions before 0.9.3 and before 0.8.8. When the libssh SCP client connects to a server, the scp command, which includes a user-provided path, is executed on the server-side. In case the library is used in a way where users can influence the third parameter of the function, it would become possible for an attacker to inject arbitrary commands, leading to a compromise of the remote target.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T00:26:39.148Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "USN-4219-1", tags: [ "vendor-advisory", "x_transferred", ], url: "https://usn.ubuntu.com/4219-1/", }, { name: "openSUSE-SU-2019:2689", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00033.html", }, { name: "[debian-lts-announce] 20191217 [SECURITY] [DLA 2038-1] libssh security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2019/12/msg00020.html", }, { name: "FEDORA-2019-8b0ad69829", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7JJWJTXVWLLJTVHBPGWL7472S5FWXYQR/", }, { name: "FEDORA-2019-46b6bd2459", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EV2ONSPDJCTDVORCB4UGRQUZQQ46JHRN/", }, { name: "openSUSE-SU-2020:0102", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00047.html", }, { name: "GLSA-202003-27", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202003-27", }, { tags: [ "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { tags: [ "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14889", }, { tags: [ "x_transferred", ], url: "https://www.libssh.org/security/advisories/CVE-2019-14889.txt", }, { name: "[debian-lts-announce] 20230529 [SECURITY] [DLA 3437-1] libssh security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2023/05/msg00029.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "libssh", vendor: "Red Hat", versions: [ { status: "affected", version: "All libssh versions before 0.9.3", }, { status: "affected", version: "All libssh versions before 0.8.8", }, ], }, ], descriptions: [ { lang: "en", value: "A flaw was found with the libssh API function ssh_scp_new() in versions before 0.9.3 and before 0.8.8. When the libssh SCP client connects to a server, the scp command, which includes a user-provided path, is executed on the server-side. In case the library is used in a way where users can influence the third parameter of the function, it would become possible for an attacker to inject arbitrary commands, leading to a compromise of the remote target.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-78", description: "CWE-78", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-05-29T00:00:00", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "USN-4219-1", tags: [ "vendor-advisory", ], url: "https://usn.ubuntu.com/4219-1/", }, { name: "openSUSE-SU-2019:2689", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00033.html", }, { name: "[debian-lts-announce] 20191217 [SECURITY] [DLA 2038-1] libssh security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2019/12/msg00020.html", }, { name: "FEDORA-2019-8b0ad69829", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7JJWJTXVWLLJTVHBPGWL7472S5FWXYQR/", }, { name: "FEDORA-2019-46b6bd2459", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EV2ONSPDJCTDVORCB4UGRQUZQQ46JHRN/", }, { name: "openSUSE-SU-2020:0102", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00047.html", }, { name: "GLSA-202003-27", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202003-27", }, { url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14889", }, { url: "https://www.libssh.org/security/advisories/CVE-2019-14889.txt", }, { name: "[debian-lts-announce] 20230529 [SECURITY] [DLA 3437-1] libssh security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2023/05/msg00029.html", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2019-14889", datePublished: "2019-12-10T00:00:00", dateReserved: "2019-08-10T00:00:00", dateUpdated: "2024-08-05T00:26:39.148Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2014-0017 (GCVE-0-2014-0017)
Vulnerability from cvelistv5
Published
2014-03-14 15:00
Modified
2024-08-06 08:58
Severity ?
EPSS score ?
Summary
The RAND_bytes function in libssh before 0.6.3, when forking is enabled, does not properly reset the state of the OpenSSL pseudo-random number generator (PRNG), which causes the state to be shared between children processes and allows local users to obtain sensitive information by leveraging a pid collision.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ubuntu.com/usn/USN-2145-1 | vendor-advisory, x_refsource_UBUNTU | |
| http://www.debian.org/security/2014/dsa-2879 | vendor-advisory, x_refsource_DEBIAN | |
| http://lists.opensuse.org/opensuse-updates/2014-03/msg00036.html | vendor-advisory, x_refsource_SUSE | |
| http://secunia.com/advisories/57407 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.openwall.com/lists/oss-security/2014/03/05/1 | mailing-list, x_refsource_MLIST | |
| http://www.libssh.org/2014/03/04/libssh-0-6-3-security-release/ | x_refsource_CONFIRM | |
| http://lists.opensuse.org/opensuse-updates/2014-03/msg00040.html | vendor-advisory, x_refsource_SUSE | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1072191 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T08:58:26.568Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "USN-2145-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2145-1", }, { name: "DSA-2879", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2014/dsa-2879", }, { name: "openSUSE-SU-2014:0366", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-updates/2014-03/msg00036.html", }, { name: "57407", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/57407", }, { name: "[oss-security] 20140305 libssh and stunnel PRNG flaws", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2014/03/05/1", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.libssh.org/2014/03/04/libssh-0-6-3-security-release/", }, { name: "openSUSE-SU-2014:0370", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-updates/2014-03/msg00040.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1072191", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2014-03-04T00:00:00", descriptions: [ { lang: "en", value: "The RAND_bytes function in libssh before 0.6.3, when forking is enabled, does not properly reset the state of the OpenSSL pseudo-random number generator (PRNG), which causes the state to be shared between children processes and allows local users to obtain sensitive information by leveraging a pid collision.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2014-03-17T13:57:00", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "USN-2145-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2145-1", }, { name: "DSA-2879", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2014/dsa-2879", }, { name: "openSUSE-SU-2014:0366", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-updates/2014-03/msg00036.html", }, { name: "57407", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/57407", }, { name: "[oss-security] 20140305 libssh and stunnel PRNG flaws", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2014/03/05/1", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.libssh.org/2014/03/04/libssh-0-6-3-security-release/", }, { name: "openSUSE-SU-2014:0370", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-updates/2014-03/msg00040.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1072191", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2014-0017", datePublished: "2014-03-14T15:00:00", dateReserved: "2013-12-03T00:00:00", dateUpdated: "2024-08-06T08:58:26.568Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2023-48795 (GCVE-0-2023-48795)
Vulnerability from cvelistv5
Published
2023-12-18 00:00
Modified
2024-08-02 21:46
Severity ?
EPSS score ?
Summary
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T21:46:27.255Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html", }, { tags: [ "x_transferred", ], url: "https://matt.ucc.asn.au/dropbear/CHANGES", }, { tags: [ "x_transferred", ], url: "https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES", }, { tags: [ "x_transferred", ], url: "https://www.netsarang.com/en/xshell-update-history/", }, { tags: [ "x_transferred", ], url: "https://www.paramiko.org/changelog.html", }, { tags: [ "x_transferred", ], url: "https://www.openssh.com/openbsd.html", }, { tags: [ "x_transferred", ], url: "https://github.com/openssh/openssh-portable/commits/master", }, { tags: [ "x_transferred", ], url: "https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ", }, { tags: [ "x_transferred", ], url: "https://www.bitvise.com/ssh-server-version-history", }, { tags: [ "x_transferred", ], url: "https://github.com/ronf/asyncssh/tags", }, { tags: [ "x_transferred", ], url: "https://gitlab.com/libssh/libssh-mirror/-/tags", }, { tags: [ "x_transferred", ], url: "https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/", }, { tags: [ "x_transferred", ], url: "https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42", }, { tags: [ "x_transferred", ], url: "https://www.openssh.com/txt/release-9.6", }, { tags: [ "x_transferred", ], url: "https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/", }, { tags: [ "x_transferred", ], url: "https://www.terrapin-attack.com", }, { tags: [ "x_transferred", ], url: "https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25", }, { tags: [ "x_transferred", ], url: "https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst", }, { tags: [ "x_transferred", ], url: "https://thorntech.com/cve-2023-48795-and-sftp-gateway/", }, { tags: [ "x_transferred", ], url: "https://github.com/warp-tech/russh/releases/tag/v0.40.2", }, { tags: [ "x_transferred", ], url: "https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0", }, { tags: [ "x_transferred", ], url: "https://www.openwall.com/lists/oss-security/2023/12/18/2", }, { tags: [ "x_transferred", ], url: "https://twitter.com/TrueSkrillor/status/1736774389725565005", }, { tags: [ "x_transferred", ], url: "https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d", }, { tags: [ "x_transferred", ], url: "https://github.com/paramiko/paramiko/issues/2337", }, { tags: [ "x_transferred", ], url: "https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg", }, { tags: [ "x_transferred", ], url: "https://news.ycombinator.com/item?id=38684904", }, { tags: [ "x_transferred", ], url: "https://news.ycombinator.com/item?id=38685286", }, { name: "[oss-security] 20231218 CVE-2023-48795: Prefix Truncation Attacks in SSH Specification (Terrapin Attack)", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2023/12/18/3", }, { tags: [ "x_transferred", ], url: "https://github.com/mwiede/jsch/issues/457", }, { tags: [ "x_transferred", ], url: "https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6", }, { tags: [ "x_transferred", ], url: "https://github.com/erlang/otp/releases/tag/OTP-26.2.1", }, { tags: [ "x_transferred", ], url: "https://github.com/advisories/GHSA-45x7-px36-x8w8", }, { tags: [ "x_transferred", ], url: "https://security-tracker.debian.org/tracker/source-package/libssh2", }, { tags: [ "x_transferred", ], url: "https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg", }, { tags: [ "x_transferred", ], url: "https://security-tracker.debian.org/tracker/CVE-2023-48795", }, { tags: [ "x_transferred", ], url: "https://bugzilla.suse.com/show_bug.cgi?id=1217950", }, { tags: [ "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2254210", }, { tags: [ "x_transferred", ], url: "https://bugs.gentoo.org/920280", }, { tags: [ "x_transferred", ], url: "https://ubuntu.com/security/CVE-2023-48795", }, { tags: [ "x_transferred", ], url: "https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/", }, { tags: [ "x_transferred", ], url: "https://access.redhat.com/security/cve/cve-2023-48795", }, { tags: [ "x_transferred", ], url: "https://github.com/mwiede/jsch/pull/461", }, { tags: [ "x_transferred", ], url: "https://github.com/drakkan/sftpgo/releases/tag/v2.5.6", }, { tags: [ "x_transferred", ], url: "https://github.com/libssh2/libssh2/pull/1291", }, { tags: [ "x_transferred", ], url: "https://forum.netgate.com/topic/184941/terrapin-ssh-attack", }, { tags: [ "x_transferred", ], url: "https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5", }, { tags: [ "x_transferred", ], url: "https://github.com/rapier1/hpn-ssh/releases", }, { tags: [ "x_transferred", ], url: "https://github.com/proftpd/proftpd/issues/456", }, { tags: [ "x_transferred", ], url: "https://github.com/TeraTermProject/teraterm/releases/tag/v5.1", }, { tags: [ "x_transferred", ], url: "https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15", }, { tags: [ "x_transferred", ], url: "https://oryx-embedded.com/download/#changelog", }, { tags: [ "x_transferred", ], url: "https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update", }, { tags: [ "x_transferred", ], url: "https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22", }, { tags: [ "x_transferred", ], url: "https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab", }, { tags: [ "x_transferred", ], url: "https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3", }, { tags: [ "x_transferred", ], url: "https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC", }, { tags: [ "x_transferred", ], url: "https://crates.io/crates/thrussh/versions", }, { tags: [ "x_transferred", ], url: "https://github.com/NixOS/nixpkgs/pull/275249", }, { name: "[oss-security] 20231219 Re: CVE-2023-48795: Prefix Truncation Attacks in SSH Specification (Terrapin Attack)", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2023/12/19/5", }, { tags: [ "x_transferred", ], url: "https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc", }, { tags: [ "x_transferred", ], url: "https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/", }, { name: "[oss-security] 20231220 Re: CVE-2023-48795: Prefix Truncation Attacks in SSH Specification (Terrapin Attack)", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2023/12/20/3", }, { tags: [ "x_transferred", ], url: "http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html", }, { tags: [ "x_transferred", ], url: "https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES", }, { tags: [ "x_transferred", ], url: "https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES", }, { tags: [ "x_transferred", ], url: "https://github.com/apache/mina-sshd/issues/445", }, { tags: [ "x_transferred", ], url: "https://github.com/hierynomus/sshj/issues/916", }, { tags: [ "x_transferred", ], url: "https://github.com/janmojzis/tinyssh/issues/81", }, { tags: [ "x_transferred", ], url: "https://www.openwall.com/lists/oss-security/2023/12/20/3", }, { tags: [ "x_transferred", ], url: "https://security-tracker.debian.org/tracker/source-package/trilead-ssh2", }, { tags: [ "x_transferred", ], url: "https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16", }, { name: "FEDORA-2023-0733306be9", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/", }, { name: "DSA-5586", tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.debian.org/security/2023/dsa-5586", }, { tags: [ "x_transferred", ], url: "https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508", }, { tags: [ "x_transferred", ], url: "https://www.theregister.com/2023/12/20/terrapin_attack_ssh", }, { tags: [ "x_transferred", ], url: "https://filezilla-project.org/versions.php", }, { tags: [ "x_transferred", ], url: "https://nova.app/releases/#v11.8", }, { tags: [ "x_transferred", ], url: "https://roumenpetrov.info/secsh/#news20231220", }, { tags: [ "x_transferred", ], url: "https://www.vandyke.com/products/securecrt/history.txt", }, { tags: [ "x_transferred", ], url: "https://help.panic.com/releasenotes/transmit5/", }, { tags: [ "x_transferred", ], url: "https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta", }, { tags: [ "x_transferred", ], url: "https://github.com/PowerShell/Win32-OpenSSH/issues/2189", }, { tags: [ "x_transferred", ], url: "https://winscp.net/eng/docs/history#6.2.2", }, { tags: [ "x_transferred", ], url: "https://www.bitvise.com/ssh-client-version-history#933", }, { tags: [ "x_transferred", ], url: "https://github.com/cyd01/KiTTY/issues/520", }, { name: "DSA-5588", tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.debian.org/security/2023/dsa-5588", }, { tags: [ "x_transferred", ], url: "https://github.com/ssh-mitm/ssh-mitm/issues/165", }, { tags: [ "x_transferred", ], url: "https://news.ycombinator.com/item?id=38732005", }, { name: "[debian-lts-announce] 20231226 [SECURITY] [DLA 3694-1] openssh security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html", }, { name: "GLSA-202312-16", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202312-16", }, { name: "GLSA-202312-17", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202312-17", }, { name: "FEDORA-2023-20feb865d8", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/", }, { name: "FEDORA-2023-cb8c606fbb", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/", }, { name: "FEDORA-2023-e77300e4b5", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/", }, { name: "FEDORA-2023-b87ec6cf47", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/", }, { name: "FEDORA-2023-153404713b", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20240105-0004/", }, { name: "FEDORA-2024-3bb23c77f3", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/", }, { name: "FEDORA-2023-55800423a8", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/", }, { name: "FEDORA-2024-d946b9ad25", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/", }, { name: "FEDORA-2024-71c2c6526c", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/", }, { name: "FEDORA-2024-39a8c72ea9", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/", }, { tags: [ "x_transferred", ], url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002", }, { name: "FEDORA-2024-ae653fb07b", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/", }, { name: "FEDORA-2024-2705241461", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/", }, { name: "FEDORA-2024-fb32950d11", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/", }, { name: "FEDORA-2024-7b08207cdb", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/", }, { name: "FEDORA-2024-06ebb70bdd", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/", }, { name: "[debian-lts-announce] 20240125 [SECURITY] [DLA 3718-1] php-phpseclib security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html", }, { name: "[debian-lts-announce] 20240125 [SECURITY] [DLA 3719-1] phpseclib security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html", }, { name: "FEDORA-2024-a53b24023d", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/", }, { name: "FEDORA-2024-3fd1bc9276", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214084", }, { name: "20240313 APPLE-SA-03-07-2024-2 macOS Sonoma 14.4", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { name: "[debian-lts-announce] 20240425 [SECURITY] [DLA 3794-1] putty security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html", }, { name: "[oss-security] 20240417 Terrapin vulnerability in Jenkins CLI client", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2024/04/17/8", }, { name: "[oss-security] 20240306 Multiple vulnerabilities in Jenkins plugins", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2024/03/06/3", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-01T18:06:23.972272", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html", }, { url: "https://matt.ucc.asn.au/dropbear/CHANGES", }, { url: "https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES", }, { url: "https://www.netsarang.com/en/xshell-update-history/", }, { url: "https://www.paramiko.org/changelog.html", }, { url: "https://www.openssh.com/openbsd.html", }, { url: "https://github.com/openssh/openssh-portable/commits/master", }, { url: "https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ", }, { url: "https://www.bitvise.com/ssh-server-version-history", }, { url: "https://github.com/ronf/asyncssh/tags", }, { url: "https://gitlab.com/libssh/libssh-mirror/-/tags", }, { url: "https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/", }, { url: "https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42", }, { url: "https://www.openssh.com/txt/release-9.6", }, { url: "https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/", }, { url: "https://www.terrapin-attack.com", }, { url: "https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25", }, { url: "https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst", }, { url: "https://thorntech.com/cve-2023-48795-and-sftp-gateway/", }, { url: "https://github.com/warp-tech/russh/releases/tag/v0.40.2", }, { url: "https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0", }, { url: "https://www.openwall.com/lists/oss-security/2023/12/18/2", }, { url: "https://twitter.com/TrueSkrillor/status/1736774389725565005", }, { url: "https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d", }, { url: "https://github.com/paramiko/paramiko/issues/2337", }, { url: "https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg", }, { url: "https://news.ycombinator.com/item?id=38684904", }, { url: "https://news.ycombinator.com/item?id=38685286", }, { name: "[oss-security] 20231218 CVE-2023-48795: Prefix Truncation Attacks in SSH Specification (Terrapin Attack)", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2023/12/18/3", }, { url: "https://github.com/mwiede/jsch/issues/457", }, { url: "https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6", }, { url: "https://github.com/erlang/otp/releases/tag/OTP-26.2.1", }, { url: "https://github.com/advisories/GHSA-45x7-px36-x8w8", }, { url: "https://security-tracker.debian.org/tracker/source-package/libssh2", }, { url: "https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg", }, { url: "https://security-tracker.debian.org/tracker/CVE-2023-48795", }, { url: "https://bugzilla.suse.com/show_bug.cgi?id=1217950", }, { url: "https://bugzilla.redhat.com/show_bug.cgi?id=2254210", }, { url: "https://bugs.gentoo.org/920280", }, { url: "https://ubuntu.com/security/CVE-2023-48795", }, { url: "https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/", }, { url: "https://access.redhat.com/security/cve/cve-2023-48795", }, { url: "https://github.com/mwiede/jsch/pull/461", }, { url: "https://github.com/drakkan/sftpgo/releases/tag/v2.5.6", }, { url: "https://github.com/libssh2/libssh2/pull/1291", }, { url: "https://forum.netgate.com/topic/184941/terrapin-ssh-attack", }, { url: "https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5", }, { url: "https://github.com/rapier1/hpn-ssh/releases", }, { url: "https://github.com/proftpd/proftpd/issues/456", }, { url: "https://github.com/TeraTermProject/teraterm/releases/tag/v5.1", }, { url: "https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15", }, { url: "https://oryx-embedded.com/download/#changelog", }, { url: "https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update", }, { url: "https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22", }, { url: "https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab", }, { url: "https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3", }, { url: "https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC", }, { url: "https://crates.io/crates/thrussh/versions", }, { url: "https://github.com/NixOS/nixpkgs/pull/275249", }, { name: "[oss-security] 20231219 Re: CVE-2023-48795: Prefix Truncation Attacks in SSH Specification (Terrapin Attack)", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2023/12/19/5", }, { url: "https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc", }, { url: "https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/", }, { name: "[oss-security] 20231220 Re: CVE-2023-48795: Prefix Truncation Attacks in SSH Specification (Terrapin Attack)", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2023/12/20/3", }, { url: "http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html", }, { url: "https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES", }, { url: "https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES", }, { url: "https://github.com/apache/mina-sshd/issues/445", }, { url: "https://github.com/hierynomus/sshj/issues/916", }, { url: "https://github.com/janmojzis/tinyssh/issues/81", }, { url: "https://www.openwall.com/lists/oss-security/2023/12/20/3", }, { url: "https://security-tracker.debian.org/tracker/source-package/trilead-ssh2", }, { url: "https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16", }, { name: "FEDORA-2023-0733306be9", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/", }, { name: "DSA-5586", tags: [ "vendor-advisory", ], url: "https://www.debian.org/security/2023/dsa-5586", }, { url: "https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508", }, { url: "https://www.theregister.com/2023/12/20/terrapin_attack_ssh", }, { url: "https://filezilla-project.org/versions.php", }, { url: "https://nova.app/releases/#v11.8", }, { url: "https://roumenpetrov.info/secsh/#news20231220", }, { url: "https://www.vandyke.com/products/securecrt/history.txt", }, { url: "https://help.panic.com/releasenotes/transmit5/", }, { url: "https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta", }, { url: "https://github.com/PowerShell/Win32-OpenSSH/issues/2189", }, { url: "https://winscp.net/eng/docs/history#6.2.2", }, { url: "https://www.bitvise.com/ssh-client-version-history#933", }, { url: "https://github.com/cyd01/KiTTY/issues/520", }, { name: "DSA-5588", tags: [ "vendor-advisory", ], url: "https://www.debian.org/security/2023/dsa-5588", }, { url: "https://github.com/ssh-mitm/ssh-mitm/issues/165", }, { url: "https://news.ycombinator.com/item?id=38732005", }, { name: "[debian-lts-announce] 20231226 [SECURITY] [DLA 3694-1] openssh security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html", }, { name: "GLSA-202312-16", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202312-16", }, { name: "GLSA-202312-17", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202312-17", }, { name: "FEDORA-2023-20feb865d8", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/", }, { name: "FEDORA-2023-cb8c606fbb", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/", }, { name: "FEDORA-2023-e77300e4b5", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/", }, { name: "FEDORA-2023-b87ec6cf47", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/", }, { name: "FEDORA-2023-153404713b", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/", }, { url: "https://security.netapp.com/advisory/ntap-20240105-0004/", }, { name: "FEDORA-2024-3bb23c77f3", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/", }, { name: "FEDORA-2023-55800423a8", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/", }, { name: "FEDORA-2024-d946b9ad25", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/", }, { name: "FEDORA-2024-71c2c6526c", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/", }, { name: "FEDORA-2024-39a8c72ea9", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/", }, { url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002", }, { name: "FEDORA-2024-ae653fb07b", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/", }, { name: "FEDORA-2024-2705241461", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/", }, { name: "FEDORA-2024-fb32950d11", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/", }, { name: "FEDORA-2024-7b08207cdb", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/", }, { name: "FEDORA-2024-06ebb70bdd", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/", }, { name: "[debian-lts-announce] 20240125 [SECURITY] [DLA 3718-1] php-phpseclib security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html", }, { name: "[debian-lts-announce] 20240125 [SECURITY] [DLA 3719-1] phpseclib security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html", }, { name: "FEDORA-2024-a53b24023d", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/", }, { name: "FEDORA-2024-3fd1bc9276", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/", }, { url: "https://support.apple.com/kb/HT214084", }, { name: "20240313 APPLE-SA-03-07-2024-2 macOS Sonoma 14.4", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { name: "[debian-lts-announce] 20240425 [SECURITY] [DLA 3794-1] putty security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html", }, { name: "[oss-security] 20240417 Terrapin vulnerability in Jenkins CLI client", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2024/04/17/8", }, { name: "[oss-security] 20240306 Multiple vulnerabilities in Jenkins plugins", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2024/03/06/3", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2023-48795", datePublished: "2023-12-18T00:00:00", dateReserved: "2023-11-20T00:00:00", dateUpdated: "2024-08-02T21:46:27.255Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2020-16135 (GCVE-0-2020-16135)
Vulnerability from cvelistv5
Published
2020-07-29 20:20
Modified
2024-08-04 13:37
Severity ?
EPSS score ?
Summary
libssh 0.9.4 has a NULL pointer dereference in tftpserver.c if ssh_buffer_new returns NULL.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugs.libssh.org/T232 | x_refsource_MISC | |
| https://bugs.libssh.org/rLIBSSHe631ebb3e2247dd25e9678e6827c20dc73b73238 | x_refsource_MISC | |
| https://gitlab.com/libssh/libssh-mirror/-/merge_requests/120 | x_refsource_MISC | |
| https://lists.debian.org/debian-lts-announce/2020/07/msg00034.html | mailing-list, x_refsource_MLIST | |
| https://usn.ubuntu.com/4447-1/ | vendor-advisory, x_refsource_UBUNTU | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JNW5GBC6JFN76VEWQXMLT5F7VCZ5AJ2E/ | vendor-advisory, x_refsource_FEDORA | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FCIKQRKXAAB4HMWM62EPZJ4DVBHIIEG6/ | vendor-advisory, x_refsource_FEDORA | |
| https://security.gentoo.org/glsa/202011-05 | vendor-advisory, x_refsource_GENTOO | |
| https://www.oracle.com/security-alerts/cpuapr2022.html | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T13:37:53.390Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugs.libssh.org/T232", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugs.libssh.org/rLIBSSHe631ebb3e2247dd25e9678e6827c20dc73b73238", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://gitlab.com/libssh/libssh-mirror/-/merge_requests/120", }, { name: "[debian-lts-announce] 20200731 [SECURITY] [DLA 2303-1] libssh security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/07/msg00034.html", }, { name: "USN-4447-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4447-1/", }, { name: "FEDORA-2020-f4f5e49cb8", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JNW5GBC6JFN76VEWQXMLT5F7VCZ5AJ2E/", }, { name: "FEDORA-2020-ac3e29073f", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FCIKQRKXAAB4HMWM62EPZJ4DVBHIIEG6/", }, { name: "GLSA-202011-05", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202011-05", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "libssh 0.9.4 has a NULL pointer dereference in tftpserver.c if ssh_buffer_new returns NULL.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-04-19T23:21:47", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://bugs.libssh.org/T232", }, { tags: [ "x_refsource_MISC", ], url: "https://bugs.libssh.org/rLIBSSHe631ebb3e2247dd25e9678e6827c20dc73b73238", }, { tags: [ "x_refsource_MISC", ], url: "https://gitlab.com/libssh/libssh-mirror/-/merge_requests/120", }, { name: "[debian-lts-announce] 20200731 [SECURITY] [DLA 2303-1] libssh security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2020/07/msg00034.html", }, { name: "USN-4447-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4447-1/", }, { name: "FEDORA-2020-f4f5e49cb8", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JNW5GBC6JFN76VEWQXMLT5F7VCZ5AJ2E/", }, { name: "FEDORA-2020-ac3e29073f", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FCIKQRKXAAB4HMWM62EPZJ4DVBHIIEG6/", }, { name: "GLSA-202011-05", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202011-05", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-16135", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "libssh 0.9.4 has a NULL pointer dereference in tftpserver.c if ssh_buffer_new returns NULL.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://bugs.libssh.org/T232", refsource: "MISC", url: "https://bugs.libssh.org/T232", }, { name: "https://bugs.libssh.org/rLIBSSHe631ebb3e2247dd25e9678e6827c20dc73b73238", refsource: "MISC", url: "https://bugs.libssh.org/rLIBSSHe631ebb3e2247dd25e9678e6827c20dc73b73238", }, { name: "https://gitlab.com/libssh/libssh-mirror/-/merge_requests/120", refsource: "MISC", url: "https://gitlab.com/libssh/libssh-mirror/-/merge_requests/120", }, { name: "[debian-lts-announce] 20200731 [SECURITY] [DLA 2303-1] libssh security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2020/07/msg00034.html", }, { name: "USN-4447-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4447-1/", }, { name: "FEDORA-2020-f4f5e49cb8", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JNW5GBC6JFN76VEWQXMLT5F7VCZ5AJ2E/", }, { name: "FEDORA-2020-ac3e29073f", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FCIKQRKXAAB4HMWM62EPZJ4DVBHIIEG6/", }, { name: "GLSA-202011-05", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202011-05", }, { name: "https://www.oracle.com/security-alerts/cpuapr2022.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-16135", datePublished: "2020-07-29T20:20:29", dateReserved: "2020-07-29T00:00:00", dateUpdated: "2024-08-04T13:37:53.390Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2012-4562 (GCVE-0-2012-4562)
Vulnerability from cvelistv5
Published
2012-11-30 22:00
Modified
2024-08-06 20:42
Severity ?
EPSS score ?
Summary
Multiple integer overflows in libssh before 0.5.3 allow remote attackers to cause a denial of service (infinite loop or crash) and possibly execute arbitrary code via unspecified vectors, which triggers a buffer overflow, infinite loop, or possibly some other unspecified vulnerabilities.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T20:42:54.563Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SUSE-SU-2012:1520", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00015.html", }, { name: "DSA-2577", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2012/dsa-2577", }, { name: "MDVSA-2012:175", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2012:175", }, { name: "USN-1640-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-1640-1", }, { name: "openSUSE-SU-2013:0130", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-updates/2013-01/msg00021.html", }, { name: "openSUSE-SU-2012:1622", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-updates/2012-12/msg00016.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=871620", }, { name: "FEDORA-2012-18610", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/093313.html", }, { name: "openSUSE-SU-2012:1620", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00002.html", }, { name: "[oss-security] 20121120 libssh 0.5.3 release fixes multiple security issues", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2012/11/20/3", }, { name: "libssh-buffer-bo(80221)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/80221", }, { name: "FEDORA-2012-18677", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/093474.html", }, { name: "56604", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/56604", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.libssh.org/2012/11/20/libssh-0-5-3-security-release/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2012-11-20T00:00:00", descriptions: [ { lang: "en", value: "Multiple integer overflows in libssh before 0.5.3 allow remote attackers to cause a denial of service (infinite loop or crash) and possibly execute arbitrary code via unspecified vectors, which triggers a buffer overflow, infinite loop, or possibly some other unspecified vulnerabilities.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-28T12:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "SUSE-SU-2012:1520", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00015.html", }, { name: "DSA-2577", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2012/dsa-2577", }, { name: "MDVSA-2012:175", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2012:175", }, { name: "USN-1640-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-1640-1", }, { name: "openSUSE-SU-2013:0130", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-updates/2013-01/msg00021.html", }, { name: "openSUSE-SU-2012:1622", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-updates/2012-12/msg00016.html", }, { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=871620", }, { name: "FEDORA-2012-18610", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/093313.html", }, { name: "openSUSE-SU-2012:1620", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00002.html", }, { name: "[oss-security] 20121120 libssh 0.5.3 release fixes multiple security issues", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2012/11/20/3", }, { name: "libssh-buffer-bo(80221)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/80221", }, { name: "FEDORA-2012-18677", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/093474.html", }, { name: "56604", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/56604", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.libssh.org/2012/11/20/libssh-0-5-3-security-release/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2012-4562", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple integer overflows in libssh before 0.5.3 allow remote attackers to cause a denial of service (infinite loop or crash) and possibly execute arbitrary code via unspecified vectors, which triggers a buffer overflow, infinite loop, or possibly some other unspecified vulnerabilities.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "SUSE-SU-2012:1520", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00015.html", }, { name: "DSA-2577", refsource: "DEBIAN", url: "http://www.debian.org/security/2012/dsa-2577", }, { name: "MDVSA-2012:175", refsource: "MANDRIVA", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2012:175", }, { name: "USN-1640-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-1640-1", }, { name: "openSUSE-SU-2013:0130", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-updates/2013-01/msg00021.html", }, { name: "openSUSE-SU-2012:1622", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-updates/2012-12/msg00016.html", }, { name: "https://bugzilla.redhat.com/show_bug.cgi?id=871620", refsource: "MISC", url: "https://bugzilla.redhat.com/show_bug.cgi?id=871620", }, { name: "FEDORA-2012-18610", refsource: "FEDORA", url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/093313.html", }, { name: "openSUSE-SU-2012:1620", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00002.html", }, { name: "[oss-security] 20121120 libssh 0.5.3 release fixes multiple security issues", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2012/11/20/3", }, { name: "libssh-buffer-bo(80221)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/80221", }, { name: "FEDORA-2012-18677", refsource: "FEDORA", url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/093474.html", }, { name: "56604", refsource: "BID", url: "http://www.securityfocus.com/bid/56604", }, { name: "http://www.libssh.org/2012/11/20/libssh-0-5-3-security-release/", refsource: "CONFIRM", url: "http://www.libssh.org/2012/11/20/libssh-0-5-3-security-release/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2012-4562", datePublished: "2012-11-30T22:00:00", dateReserved: "2012-08-21T00:00:00", dateUpdated: "2024-08-06T20:42:54.563Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2023-1667 (GCVE-0-2023-1667)
Vulnerability from cvelistv5
Published
2023-05-26 00:00
Modified
2024-08-02 05:57
Severity ?
EPSS score ?
Summary
A NULL pointer dereference was found In libssh during re-keying with algorithm guessing. This issue may allow an authenticated client to cause a denial of service.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T05:57:24.326Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://access.redhat.com/security/cve/CVE-2023-1667", }, { tags: [ "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182199", }, { tags: [ "x_transferred", ], url: "http://www.libssh.org/security/advisories/CVE-2023-1667.txt", }, { name: "FEDORA-2023-5fa5ca2043", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/27PD44ALQTZXX7K6JAM3BXBUHYA6DFFN/", }, { name: "[debian-lts-announce] 20230529 [SECURITY] [DLA 3437-1] libssh security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2023/05/msg00029.html", }, { name: "GLSA-202312-05", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202312-05", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "libssh", vendor: "n/a", versions: [ { status: "affected", version: "libssh-2", }, ], }, ], descriptions: [ { lang: "en", value: "A NULL pointer dereference was found In libssh during re-keying with algorithm guessing. This issue may allow an authenticated client to cause a denial of service.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-476", description: "CWE-476", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-22T10:06:17.929046", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { url: "https://access.redhat.com/security/cve/CVE-2023-1667", }, { url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182199", }, { url: "http://www.libssh.org/security/advisories/CVE-2023-1667.txt", }, { name: "FEDORA-2023-5fa5ca2043", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/27PD44ALQTZXX7K6JAM3BXBUHYA6DFFN/", }, { name: "[debian-lts-announce] 20230529 [SECURITY] [DLA 3437-1] libssh security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2023/05/msg00029.html", }, { name: "GLSA-202312-05", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202312-05", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2023-1667", datePublished: "2023-05-26T00:00:00", dateReserved: "2023-03-27T00:00:00", dateUpdated: "2024-08-02T05:57:24.326Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2018-10933 (GCVE-0-2018-10933)
Vulnerability from cvelistv5
Published
2018-10-17 12:00
Modified
2024-08-05 07:54
Severity ?
EPSS score ?
Summary
A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. A malicious client could create channels without first performing authentication, resulting in unauthorized access.
References
| ▼ | URL | Tags |
|---|---|---|
| https://usn.ubuntu.com/3795-1/ | vendor-advisory, x_refsource_UBUNTU | |
| https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html | x_refsource_CONFIRM | |
| https://usn.ubuntu.com/3795-2/ | vendor-advisory, x_refsource_UBUNTU | |
| https://www.debian.org/security/2018/dsa-4322 | vendor-advisory, x_refsource_DEBIAN | |
| https://www.exploit-db.com/exploits/45638/ | exploit, x_refsource_EXPLOIT-DB | |
| https://www.libssh.org/security/advisories/CVE-2018-10933.txt | x_refsource_CONFIRM | |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10933 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/105677 | vdb-entry, x_refsource_BID | |
| https://lists.debian.org/debian-lts-announce/2018/10/msg00010.html | mailing-list, x_refsource_MLIST | |
| https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0016 | x_refsource_CONFIRM | |
| https://security.netapp.com/advisory/ntap-20190118-0002/ | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T07:54:35.801Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "USN-3795-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/3795-1/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", }, { name: "USN-3795-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/3795-2/", }, { name: "DSA-4322", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2018/dsa-4322", }, { name: "45638", tags: [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred", ], url: "https://www.exploit-db.com/exploits/45638/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.libssh.org/security/advisories/CVE-2018-10933.txt", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10933", }, { name: "105677", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/105677", }, { name: "[debian-lts-announce] 20181018 [SECURITY] [DLA 1548-1] libssh security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2018/10/msg00010.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0016", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20190118-0002/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "libssh", vendor: "[UNKNOWN]", versions: [ { status: "affected", version: "0.7.6", }, { status: "affected", version: "0.8.4", }, ], }, ], datePublic: "2018-10-16T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. A malicious client could create channels without first performing authentication, resulting in unauthorized access.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 9.1, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-592", description: "CWE-592", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2019-01-19T10:57:02", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "USN-3795-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/3795-1/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", }, { name: "USN-3795-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/3795-2/", }, { name: "DSA-4322", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2018/dsa-4322", }, { name: "45638", tags: [ "exploit", "x_refsource_EXPLOIT-DB", ], url: "https://www.exploit-db.com/exploits/45638/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.libssh.org/security/advisories/CVE-2018-10933.txt", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10933", }, { name: "105677", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/105677", }, { name: "[debian-lts-announce] 20181018 [SECURITY] [DLA 1548-1] libssh security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2018/10/msg00010.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0016", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20190118-0002/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2018-10933", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "libssh", version: { version_data: [ { version_value: "0.7.6", }, { version_value: "0.8.4", }, ], }, }, ], }, vendor_name: "[UNKNOWN]", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. A malicious client could create channels without first performing authentication, resulting in unauthorized access.", }, ], }, impact: { cvss: [ [ { vectorString: "9.1/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.0", }, ], ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-592", }, ], }, ], }, references: { reference_data: [ { name: "USN-3795-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/3795-1/", }, { name: "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", refsource: "CONFIRM", url: "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", }, { name: "USN-3795-2", refsource: "UBUNTU", url: "https://usn.ubuntu.com/3795-2/", }, { name: "DSA-4322", refsource: "DEBIAN", url: "https://www.debian.org/security/2018/dsa-4322", }, { name: "45638", refsource: "EXPLOIT-DB", url: "https://www.exploit-db.com/exploits/45638/", }, { name: "https://www.libssh.org/security/advisories/CVE-2018-10933.txt", refsource: "CONFIRM", url: "https://www.libssh.org/security/advisories/CVE-2018-10933.txt", }, { name: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10933", refsource: "CONFIRM", url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10933", }, { name: "105677", refsource: "BID", url: "http://www.securityfocus.com/bid/105677", }, { name: "[debian-lts-announce] 20181018 [SECURITY] [DLA 1548-1] libssh security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2018/10/msg00010.html", }, { name: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0016", refsource: "CONFIRM", url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0016", }, { name: "https://security.netapp.com/advisory/ntap-20190118-0002/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20190118-0002/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2018-10933", datePublished: "2018-10-17T12:00:00", dateReserved: "2018-05-09T00:00:00", dateUpdated: "2024-08-05T07:54:35.801Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2012-4559 (GCVE-0-2012-4559)
Vulnerability from cvelistv5
Published
2012-11-30 22:00
Modified
2024-08-06 20:42
Severity ?
EPSS score ?
Summary
Multiple double free vulnerabilities in the (1) agent_sign_data function in agent.c, (2) channel_request function in channels.c, (3) ssh_userauth_pubkey function in auth.c, (4) sftp_parse_attr_3 function in sftp.c, and (5) try_publickey_from_file function in keyfiles.c in libssh before 0.5.3 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T20:42:54.503Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=871612", }, { name: "DSA-2577", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2012/dsa-2577", }, { name: "MDVSA-2012:175", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2012:175", }, { name: "USN-1640-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-1640-1", }, { name: "openSUSE-SU-2013:0130", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-updates/2013-01/msg00021.html", }, { name: "openSUSE-SU-2012:1622", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-updates/2012-12/msg00016.html", }, { name: "libssh-code-execution(80218)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/80218", }, { name: "FEDORA-2012-18610", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/093313.html", }, { name: "openSUSE-SU-2012:1620", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00002.html", }, { name: "[oss-security] 20121120 libssh 0.5.3 release fixes multiple security issues", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2012/11/20/3", }, { name: "FEDORA-2012-18677", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/093474.html", }, { name: "56604", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/56604", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.libssh.org/2012/11/20/libssh-0-5-3-security-release/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2012-11-20T00:00:00", descriptions: [ { lang: "en", value: "Multiple double free vulnerabilities in the (1) agent_sign_data function in agent.c, (2) channel_request function in channels.c, (3) ssh_userauth_pubkey function in auth.c, (4) sftp_parse_attr_3 function in sftp.c, and (5) try_publickey_from_file function in keyfiles.c in libssh before 0.5.3 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-28T12:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=871612", }, { name: "DSA-2577", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2012/dsa-2577", }, { name: "MDVSA-2012:175", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2012:175", }, { name: "USN-1640-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-1640-1", }, { name: "openSUSE-SU-2013:0130", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-updates/2013-01/msg00021.html", }, { name: "openSUSE-SU-2012:1622", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-updates/2012-12/msg00016.html", }, { name: "libssh-code-execution(80218)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/80218", }, { name: "FEDORA-2012-18610", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/093313.html", }, { name: "openSUSE-SU-2012:1620", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00002.html", }, { name: "[oss-security] 20121120 libssh 0.5.3 release fixes multiple security issues", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2012/11/20/3", }, { name: "FEDORA-2012-18677", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/093474.html", }, { name: "56604", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/56604", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.libssh.org/2012/11/20/libssh-0-5-3-security-release/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2012-4559", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple double free vulnerabilities in the (1) agent_sign_data function in agent.c, (2) channel_request function in channels.c, (3) ssh_userauth_pubkey function in auth.c, (4) sftp_parse_attr_3 function in sftp.c, and (5) try_publickey_from_file function in keyfiles.c in libssh before 0.5.3 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://bugzilla.redhat.com/show_bug.cgi?id=871612", refsource: "MISC", url: "https://bugzilla.redhat.com/show_bug.cgi?id=871612", }, { name: "DSA-2577", refsource: "DEBIAN", url: "http://www.debian.org/security/2012/dsa-2577", }, { name: "MDVSA-2012:175", refsource: "MANDRIVA", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2012:175", }, { name: "USN-1640-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-1640-1", }, { name: "openSUSE-SU-2013:0130", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-updates/2013-01/msg00021.html", }, { name: "openSUSE-SU-2012:1622", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-updates/2012-12/msg00016.html", }, { name: "libssh-code-execution(80218)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/80218", }, { name: "FEDORA-2012-18610", refsource: "FEDORA", url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/093313.html", }, { name: "openSUSE-SU-2012:1620", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00002.html", }, { name: "[oss-security] 20121120 libssh 0.5.3 release fixes multiple security issues", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2012/11/20/3", }, { name: "FEDORA-2012-18677", refsource: "FEDORA", url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/093474.html", }, { name: "56604", refsource: "BID", url: "http://www.securityfocus.com/bid/56604", }, { name: "http://www.libssh.org/2012/11/20/libssh-0-5-3-security-release/", refsource: "CONFIRM", url: "http://www.libssh.org/2012/11/20/libssh-0-5-3-security-release/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2012-4559", datePublished: "2012-11-30T22:00:00", dateReserved: "2012-08-21T00:00:00", dateUpdated: "2024-08-06T20:42:54.503Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Vulnerability from fkie_nvd
Published
2020-04-13 19:15
Modified
2024-11-21 05:11
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Summary
A flaw was found in libssh versions before 0.8.9 and before 0.9.4 in the way it handled AES-CTR (or DES ciphers if enabled) ciphers. The server or client could crash when the connection hasn't been fully initialized and the system tries to cleanup the ciphers when closing the connection. The biggest threat from this vulnerability is system availability.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| libssh | libssh | * | |
| libssh | libssh | * | |
| netapp | cloud_backup | - | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 19.10 | |
| fedoraproject | fedora | 31 | |
| fedoraproject | fedora | 32 | |
| redhat | enterprise_linux | 8.0 | |
| oracle | mysql_workbench | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:libssh:libssh:*:*:*:*:*:*:*:*", matchCriteriaId: "258D29CC-4892-4308-8C84-9AADA1C87C31", versionEndExcluding: "0.8.9", versionStartIncluding: "0.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:libssh:libssh:*:*:*:*:*:*:*:*", matchCriteriaId: "D634C2D0-A911-4715-B665-D8F6ADFC5293", versionEndExcluding: "0.9.4", versionStartIncluding: "0.9.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", matchCriteriaId: "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*", matchCriteriaId: "A31C8344-3E02-4EB8-8BD8-4C84B7959624", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", matchCriteriaId: "80F0FA5D-8D3B-4C0E-81E2-87998286AF33", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", matchCriteriaId: "36D96259-24BD-44E2-96D9-78CE1D41F956", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "F4CFF558-3C47-480D-A2F0-BABF26042943", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:mysql_workbench:*:*:*:*:*:*:*:*", matchCriteriaId: "9E07B577-50FE-43B4-8AAD-4C267A494A36", versionEndIncluding: "8.0.21", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A flaw was found in libssh versions before 0.8.9 and before 0.9.4 in the way it handled AES-CTR (or DES ciphers if enabled) ciphers. The server or client could crash when the connection hasn't been fully initialized and the system tries to cleanup the ciphers when closing the connection. The biggest threat from this vulnerability is system availability.", }, { lang: "es", value: "Se detectó un fallo en libssh versiones anteriores a 0.8.9 y versiones anteriores a 0.9.4, en la manera en que se manejaron los cifrados AES-CTR (o DES si está habilitado). El servidor o el cliente podrían bloquearse cuando la conexión no ha sido inicializada completamente y el sistema intenta limpiar los cifrados cuando se cierra la conexión. La mayor amenaza de esta vulnerabilidad es la disponibilidad del sistema.", }, ], id: "CVE-2020-1730", lastModified: "2024-11-21T05:11:15.550", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "secalert@redhat.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-04-13T19:15:11.173", references: [ { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1730", }, { source: "secalert@redhat.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2A7BIFKUYIYKTY7FX4BEWVC2OHS5DPOU/", }, { source: "secalert@redhat.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VLSWHBQ3EPKGTGLQNH554Z746BJ3C554/", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20200424-0001/", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4327-1/", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://www.libssh.org/security/advisories/CVE-2020-1730.txt", }, { source: "secalert@redhat.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1730", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2A7BIFKUYIYKTY7FX4BEWVC2OHS5DPOU/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VLSWHBQ3EPKGTGLQNH554Z746BJ3C554/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20200424-0001/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4327-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.libssh.org/security/advisories/CVE-2020-1730.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-476", }, ], source: "secalert@redhat.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-476", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-12-19 00:15
Modified
2025-02-15 01:15
Severity ?
3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Summary
A flaw was found in the libssh implements abstract layer for message digest (MD) operations implemented by different supported crypto backends. The return values from these were not properly checked, which could cause low-memory situations failures, NULL dereferences, crashes, or usage of the uninitialized memory as an input for the KDF. In this case, non-matching keys will result in decryption/integrity failures, terminating the connection.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| libssh | libssh | * | |
| libssh | libssh | * | |
| fedoraproject | fedora | 38 | |
| fedoraproject | fedora | 39 | |
| redhat | enterprise_linux | 8.0 | |
| redhat | enterprise_linux | 9.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:libssh:libssh:*:*:*:*:*:*:*:*", matchCriteriaId: "4836788D-9936-404F-B0A8-DDDAC3969F20", versionEndExcluding: "0.9.8", versionStartIncluding: "0.9.0", vulnerable: true, }, { criteria: "cpe:2.3:a:libssh:libssh:*:*:*:*:*:*:*:*", matchCriteriaId: "BCB546AC-788C-422E-B6BD-756BF39BD0F5", versionEndExcluding: "0.10.6", versionStartIncluding: "0.10.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", matchCriteriaId: "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*", matchCriteriaId: "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "F4CFF558-3C47-480D-A2F0-BABF26042943", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "7F6FB57C-2BC7-487C-96DD-132683AEB35D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A flaw was found in the libssh implements abstract layer for message digest (MD) operations implemented by different supported crypto backends. The return values from these were not properly checked, which could cause low-memory situations failures, NULL dereferences, crashes, or usage of the uninitialized memory as an input for the KDF. In this case, non-matching keys will result in decryption/integrity failures, terminating the connection.", }, { lang: "es", value: "Se encontró un fallo en la capa abstracta de implementación de libssh para operaciones de resumen de mensajes (MD) implementadas por diferentes backends criptográficos compatibles. Los valores de retorno de estos no se verificaron correctamente, lo que podría causar fallas en situaciones de poca memoria, desreferencias NULL, fallas o uso de la memoria no inicializada como entrada para el KDF. En este caso, las claves que no coinciden resultarán en fallas de descifrado/integridad, lo que terminará la conexión.", }, ], id: "CVE-2023-6918", lastModified: "2025-02-15T01:15:09.880", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 1.4, source: "secalert@redhat.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-12-19T00:15:08.460", references: [ { source: "secalert@redhat.com", url: "https://access.redhat.com/errata/RHSA-2024:2504", }, { source: "secalert@redhat.com", url: "https://access.redhat.com/errata/RHSA-2024:3233", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://access.redhat.com/security/cve/CVE-2023-6918", }, { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2254997", }, { source: "secalert@redhat.com", tags: [ "Release Notes", ], url: "https://www.libssh.org/2023/12/18/libssh-0-10-6-and-libssh-0-9-8-security-releases/", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://www.libssh.org/security/advisories/CVE-2023-6918.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2024:2504", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2024:3233", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://access.redhat.com/security/cve/CVE-2023-6918", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2254997", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.netapp.com/advisory/ntap-20250214-0009/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", ], url: "https://www.libssh.org/2023/12/18/libssh-0-10-6-and-libssh-0-9-8-security-releases/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.libssh.org/security/advisories/CVE-2023-6918.txt", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-252", }, ], source: "secalert@redhat.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-252", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2013-02-05 23:55
Modified
2025-04-11 00:51
Severity ?
Summary
The publickey_from_privatekey function in libssh before 0.5.4, when no algorithm is matched during negotiations, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a "Client: Diffie-Hellman Key Exchange Init" packet.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:libssh:libssh:*:*:*:*:*:*:*:*", matchCriteriaId: "F3619856-CA8F-455D-BC33-E6BA533C4165", versionEndIncluding: "0.5.3", vulnerable: true, }, { criteria: "cpe:2.3:a:libssh:libssh:0.4.7:*:*:*:*:*:*:*", matchCriteriaId: "EA0F1552-63D8-4E97-A44A-EF55E8A330B7", vulnerable: true, }, { criteria: "cpe:2.3:a:libssh:libssh:0.4.8:*:*:*:*:*:*:*", matchCriteriaId: "6514D889-F87F-44D1-9C7B-5BE75676DCFF", vulnerable: true, }, { criteria: "cpe:2.3:a:libssh:libssh:0.5.0:*:*:*:*:*:*:*", matchCriteriaId: "A80094C5-1273-43AB-9E1E-096D8B0A60BB", vulnerable: true, }, { criteria: "cpe:2.3:a:libssh:libssh:0.5.0:rc1:*:*:*:*:*:*", matchCriteriaId: "CF67514C-3240-42A4-9996-21E855104C59", vulnerable: true, }, { criteria: "cpe:2.3:a:libssh:libssh:0.5.1:*:*:*:*:*:*:*", matchCriteriaId: "7BBD0BC3-2467-414E-BD82-2A5778B810F9", vulnerable: true, }, { criteria: "cpe:2.3:a:libssh:libssh:0.5.2:*:*:*:*:*:*:*", matchCriteriaId: "3D611A20-8A47-43DE-A6EC-90977C227C64", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The publickey_from_privatekey function in libssh before 0.5.4, when no algorithm is matched during negotiations, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a \"Client: Diffie-Hellman Key Exchange Init\" packet.", }, { lang: "es", value: "La función publickey_from_privatekey en libssh anterior a v0.5.4, cuando ningun algoritmo coincide durante la negociacion, permite a atacantes remotos causar una denegación de servicio (referencia NULL y caída de la aplicación) mediante un paquete \"Client: Diffie-Hellman Key Exchange Init\"", }, ], id: "CVE-2013-0176", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2013-02-05T23:55:01.850", references: [ { source: "secalert@redhat.com", url: "http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098065.html", }, { source: "secalert@redhat.com", url: "http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098094.html", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/51982", }, { source: "secalert@redhat.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.libssh.org/2013/01/22/libssh-0-5-4-security-release/", }, { source: "secalert@redhat.com", url: "http://www.ubuntu.com/usn/USN-1707-1", }, { source: "secalert@redhat.com", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/81595", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098065.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098094.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/51982", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.libssh.org/2013/01/22/libssh-0-5-4-security-release/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-1707-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/81595", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-399", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2014-03-14 15:55
Modified
2025-04-12 10:46
Severity ?
Summary
The RAND_bytes function in libssh before 0.6.3, when forking is enabled, does not properly reset the state of the OpenSSL pseudo-random number generator (PRNG), which causes the state to be shared between children processes and allows local users to obtain sensitive information by leveraging a pid collision.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:libssh:libssh:*:*:*:*:*:*:*:*", matchCriteriaId: "F92F6AA4-B893-4A3C-8D00-AE4A607CFF76", versionEndIncluding: "0.6.2", vulnerable: true, }, { criteria: "cpe:2.3:a:libssh:libssh:0.4.7:*:*:*:*:*:*:*", matchCriteriaId: "EA0F1552-63D8-4E97-A44A-EF55E8A330B7", vulnerable: true, }, { criteria: "cpe:2.3:a:libssh:libssh:0.4.8:*:*:*:*:*:*:*", matchCriteriaId: "6514D889-F87F-44D1-9C7B-5BE75676DCFF", vulnerable: true, }, { criteria: "cpe:2.3:a:libssh:libssh:0.5.0:*:*:*:*:*:*:*", matchCriteriaId: "A80094C5-1273-43AB-9E1E-096D8B0A60BB", vulnerable: true, }, { criteria: "cpe:2.3:a:libssh:libssh:0.5.0:rc1:*:*:*:*:*:*", matchCriteriaId: "CF67514C-3240-42A4-9996-21E855104C59", vulnerable: true, }, { criteria: "cpe:2.3:a:libssh:libssh:0.5.1:*:*:*:*:*:*:*", matchCriteriaId: "7BBD0BC3-2467-414E-BD82-2A5778B810F9", vulnerable: true, }, { criteria: "cpe:2.3:a:libssh:libssh:0.5.2:*:*:*:*:*:*:*", matchCriteriaId: "3D611A20-8A47-43DE-A6EC-90977C227C64", vulnerable: true, }, { criteria: "cpe:2.3:a:libssh:libssh:0.5.3:*:*:*:*:*:*:*", matchCriteriaId: "28074A59-84B3-417F-B18A-5979F940A027", vulnerable: true, }, { criteria: "cpe:2.3:a:libssh:libssh:0.5.4:*:*:*:*:*:*:*", matchCriteriaId: "4FDA1F32-B3D1-416B-BE64-8B80C99B9DB4", vulnerable: true, }, { criteria: "cpe:2.3:a:libssh:libssh:0.5.5:*:*:*:*:*:*:*", matchCriteriaId: "D4721CE8-E74D-42CF-AB75-E6F73A6F75BB", vulnerable: true, }, { criteria: "cpe:2.3:a:libssh:libssh:0.6.0:*:*:*:*:*:*:*", matchCriteriaId: "26F92DD2-760B-4C4A-9AA8-384327B8699A", vulnerable: true, }, { criteria: "cpe:2.3:a:libssh:libssh:0.6.1:*:*:*:*:*:*:*", matchCriteriaId: "388BE929-54F4-4058-B869-9E1663825AD6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The RAND_bytes function in libssh before 0.6.3, when forking is enabled, does not properly reset the state of the OpenSSL pseudo-random number generator (PRNG), which causes the state to be shared between children processes and allows local users to obtain sensitive information by leveraging a pid collision.", }, { lang: "es", value: "La función RAND_bytes en libssh anterior a 0.6.3, cuando la creación de procesos (“forking”) está habilitada, no restablece debidamente el estado del generador de números pseudo-aleatorios OpenSSL (PRNG), lo que causa que el estado se comparte entre procesos de niños y permite a usuarios locales obtener información sensible mediante el aprovechamiento de una colisión pid.", }, ], id: "CVE-2014-0017", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "NONE", baseScore: 1.9, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:L/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 3.4, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2014-03-14T15:55:05.603", references: [ { source: "secalert@redhat.com", url: "http://lists.opensuse.org/opensuse-updates/2014-03/msg00036.html", }, { source: "secalert@redhat.com", url: "http://lists.opensuse.org/opensuse-updates/2014-03/msg00040.html", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/57407", }, { source: "secalert@redhat.com", url: "http://www.debian.org/security/2014/dsa-2879", }, { source: "secalert@redhat.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.libssh.org/2014/03/04/libssh-0-6-3-security-release/", }, { source: "secalert@redhat.com", url: "http://www.openwall.com/lists/oss-security/2014/03/05/1", }, { source: "secalert@redhat.com", url: "http://www.ubuntu.com/usn/USN-2145-1", }, { source: "secalert@redhat.com", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1072191", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-updates/2014-03/msg00036.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-updates/2014-03/msg00040.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/57407", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.debian.org/security/2014/dsa-2879", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.libssh.org/2014/03/04/libssh-0-6-3-security-release/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2014/03/05/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-2145-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1072191", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-310", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-01-03 17:15
Modified
2024-11-21 08:42
Severity ?
4.8 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
4.8 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
4.8 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
Summary
A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit unchecked hostname syntax on the client. This issue may allow an attacker to inject malicious code into the command of the features mentioned through the hostname parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| libssh | libssh | * | |
| libssh | libssh | * | |
| fedoraproject | fedora | 38 | |
| redhat | enterprise_linux | 8.0 | |
| redhat | enterprise_linux | 9.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:libssh:libssh:*:*:*:*:*:*:*:*", matchCriteriaId: "CCC06989-1635-446A-B017-0D938580165B", versionEndExcluding: "0.9.8", versionStartIncluding: "0.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:libssh:libssh:*:*:*:*:*:*:*:*", matchCriteriaId: "BCB546AC-788C-422E-B6BD-756BF39BD0F5", versionEndExcluding: "0.10.6", versionStartIncluding: "0.10.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", matchCriteriaId: "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "F4CFF558-3C47-480D-A2F0-BABF26042943", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "7F6FB57C-2BC7-487C-96DD-132683AEB35D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit unchecked hostname syntax on the client. This issue may allow an attacker to inject malicious code into the command of the features mentioned through the hostname parameter.", }, { lang: "es", value: "Se encontró una falla en libssh. Al utilizar la función ProxyCommand o ProxyJump, los usuarios pueden explotar la sintaxis del hostname no verificada en el cliente. Este problema puede permitir que un atacante inyecte código malicioso en el comando de las funciones mencionadas a través del parámetro de hostname.", }, ], id: "CVE-2023-6004", lastModified: "2024-11-21T08:42:57.693", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", version: "3.1", }, exploitabilityScore: 1.3, impactScore: 3.4, source: "secalert@redhat.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", version: "3.1", }, exploitabilityScore: 1.3, impactScore: 3.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-01-03T17:15:11.623", references: [ { source: "secalert@redhat.com", url: "https://access.redhat.com/errata/RHSA-2024:2504", }, { source: "secalert@redhat.com", url: "https://access.redhat.com/errata/RHSA-2024:3233", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://access.redhat.com/security/cve/CVE-2023-6004", }, { source: "secalert@redhat.com", tags: [ "Issue Tracking", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2251110", }, { source: "secalert@redhat.com", tags: [ "Mailing List", ], url: "https://www.libssh.org/security/advisories/CVE-2023-6004.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2024:2504", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2024:3233", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://access.redhat.com/security/cve/CVE-2023-6004", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2251110", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.netapp.com/advisory/ntap-20240223-0004/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "https://www.libssh.org/security/advisories/CVE-2023-6004.txt", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-74", }, ], source: "secalert@redhat.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-74", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2012-11-30 22:55
Modified
2025-04-11 00:51
Severity ?
Summary
Multiple integer overflows in libssh before 0.5.3 allow remote attackers to cause a denial of service (infinite loop or crash) and possibly execute arbitrary code via unspecified vectors, which triggers a buffer overflow, infinite loop, or possibly some other unspecified vulnerabilities.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:libssh:libssh:*:*:*:*:*:*:*:*", matchCriteriaId: "5C70E449-A62A-4670-8786-093A915EF07C", versionEndIncluding: "0.5.2", vulnerable: true, }, { criteria: "cpe:2.3:a:libssh:libssh:0.4.7:*:*:*:*:*:*:*", matchCriteriaId: "EA0F1552-63D8-4E97-A44A-EF55E8A330B7", vulnerable: true, }, { criteria: "cpe:2.3:a:libssh:libssh:0.4.8:*:*:*:*:*:*:*", matchCriteriaId: "6514D889-F87F-44D1-9C7B-5BE75676DCFF", vulnerable: true, }, { criteria: "cpe:2.3:a:libssh:libssh:0.5.0:*:*:*:*:*:*:*", matchCriteriaId: "A80094C5-1273-43AB-9E1E-096D8B0A60BB", vulnerable: true, }, { criteria: "cpe:2.3:a:libssh:libssh:0.5.0:rc1:*:*:*:*:*:*", matchCriteriaId: "CF67514C-3240-42A4-9996-21E855104C59", vulnerable: true, }, { criteria: "cpe:2.3:a:libssh:libssh:0.5.1:*:*:*:*:*:*:*", matchCriteriaId: "7BBD0BC3-2467-414E-BD82-2A5778B810F9", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple integer overflows in libssh before 0.5.3 allow remote attackers to cause a denial of service (infinite loop or crash) and possibly execute arbitrary code via unspecified vectors, which triggers a buffer overflow, infinite loop, or possibly some other unspecified vulnerabilities.", }, { lang: "es", value: "Múltiples desbordamientos de enteros en libssh antes de v0.5.3 permiten a atacantes remotos provocar una denegación de servicio (bucle infinito o caída) y posiblemente ejecutar código de su elección a través de vectores no especificados, lo que provoca un desbordamiento de búfer, bucle infinito, o posiblemente algunas vulnerabilidades no especificadas.\r\n", }, ], id: "CVE-2012-4562", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2012-11-30T22:55:01.783", references: [ { source: "secalert@redhat.com", url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/093313.html", }, { source: "secalert@redhat.com", url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/093474.html", }, { source: "secalert@redhat.com", url: "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00015.html", }, { source: "secalert@redhat.com", url: "http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00002.html", }, { source: "secalert@redhat.com", url: "http://lists.opensuse.org/opensuse-updates/2012-12/msg00016.html", }, { source: "secalert@redhat.com", url: "http://lists.opensuse.org/opensuse-updates/2013-01/msg00021.html", }, { source: "secalert@redhat.com", url: "http://www.debian.org/security/2012/dsa-2577", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://www.libssh.org/2012/11/20/libssh-0-5-3-security-release/", }, { source: "secalert@redhat.com", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2012:175", }, { source: "secalert@redhat.com", url: "http://www.openwall.com/lists/oss-security/2012/11/20/3", }, { source: "secalert@redhat.com", url: "http://www.securityfocus.com/bid/56604", }, { source: "secalert@redhat.com", url: "http://www.ubuntu.com/usn/USN-1640-1", }, { source: "secalert@redhat.com", url: "https://bugzilla.redhat.com/show_bug.cgi?id=871620", }, { source: "secalert@redhat.com", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/80221", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/093313.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/093474.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00015.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00002.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-updates/2012-12/msg00016.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-updates/2013-01/msg00021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.debian.org/security/2012/dsa-2577", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.libssh.org/2012/11/20/libssh-0-5-3-security-release/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2012:175", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2012/11/20/3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/56604", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-1640-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://bugzilla.redhat.com/show_bug.cgi?id=871620", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/80221", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-189", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-04-13 17:59
Modified
2025-04-12 10:46
Severity ?
Summary
The (1) SSH_MSG_NEWKEYS and (2) SSH_MSG_KEXDH_REPLY packet handlers in package_cb.c in libssh before 0.6.5 do not properly validate state, which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted SSH packet.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| libssh | libssh | * | |
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 15.10 | |
| debian | debian_linux | 7.0 | |
| debian | debian_linux | 8.0 | |
| fedoraproject | fedora | 21 | |
| fedoraproject | fedora | 22 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:libssh:libssh:*:*:*:*:*:*:*:*", matchCriteriaId: "749CD4EF-4CED-4189-B70A-EFB675E5D8B4", versionEndIncluding: "0.6.4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", matchCriteriaId: "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", matchCriteriaId: "B5A6F2F3-4894-4392-8296-3B8DD2679084", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*", matchCriteriaId: "E88A537F-F4D0-46B9-9E37-965233C2A355", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", matchCriteriaId: "16F59A04-14CF-49E2-9973-645477EA09DA", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*", matchCriteriaId: "56BDB5A0-0839-4A20-A003-B8CD56F48171", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*", matchCriteriaId: "253C303A-E577-4488-93E6-68A8DD942C38", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The (1) SSH_MSG_NEWKEYS and (2) SSH_MSG_KEXDH_REPLY packet handlers in package_cb.c in libssh before 0.6.5 do not properly validate state, which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted SSH packet.", }, { lang: "es", value: "Los manejadores de paquete (1) SSH_MSG_NEWKEYS y (2) SSH_MSG_KEXDH_REPLY en package_cb.c en libssh en versiones anteriores a 0.6.5 no valida correctamente el estado, lo que permite a atacantes remotos provocar una denegación de servicio (referencia a puntero NULL y caída) a través de un paquete SSH manipulado.", }, ], evaluatorComment: "<a href=\"http://cwe.mitre.org/data/definitions/476.html\">CWE-476: NULL Pointer Dereference</a>", id: "CVE-2015-3146", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-04-13T17:59:03.100", references: [ { source: "secalert@redhat.com", url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161802.html", }, { source: "secalert@redhat.com", url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158013.html", }, { source: "secalert@redhat.com", url: "http://www.debian.org/security/2016/dsa-3488", }, { source: "secalert@redhat.com", url: "http://www.ubuntu.com/usn/USN-2912-1", }, { source: "secalert@redhat.com", url: "https://git.libssh.org/projects/libssh.git/commit/?h=libssh-0.6.5&id=94f6955fbaee6fda9385a23e505497efe21f5b4f", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://www.libssh.org/2015/04/30/libssh-0-6-5-security-and-bugfix-release/", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://www.libssh.org/security/advisories/CVE-2015-3146.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161802.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158013.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.debian.org/security/2016/dsa-3488", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-2912-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://git.libssh.org/projects/libssh.git/commit/?h=libssh-0.6.5&id=94f6955fbaee6fda9385a23e505497efe21f5b4f", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.libssh.org/2015/04/30/libssh-0-6-5-security-and-bugfix-release/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.libssh.org/security/advisories/CVE-2015-3146.txt", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2012-11-30 22:55
Modified
2025-04-11 00:51
Severity ?
Summary
Multiple double free vulnerabilities in the (1) agent_sign_data function in agent.c, (2) channel_request function in channels.c, (3) ssh_userauth_pubkey function in auth.c, (4) sftp_parse_attr_3 function in sftp.c, and (5) try_publickey_from_file function in keyfiles.c in libssh before 0.5.3 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:libssh:libssh:*:*:*:*:*:*:*:*", matchCriteriaId: "5C70E449-A62A-4670-8786-093A915EF07C", versionEndIncluding: "0.5.2", vulnerable: true, }, { criteria: "cpe:2.3:a:libssh:libssh:0.4.7:*:*:*:*:*:*:*", matchCriteriaId: "EA0F1552-63D8-4E97-A44A-EF55E8A330B7", vulnerable: true, }, { criteria: "cpe:2.3:a:libssh:libssh:0.4.8:*:*:*:*:*:*:*", matchCriteriaId: "6514D889-F87F-44D1-9C7B-5BE75676DCFF", vulnerable: true, }, { criteria: "cpe:2.3:a:libssh:libssh:0.5.0:*:*:*:*:*:*:*", matchCriteriaId: "A80094C5-1273-43AB-9E1E-096D8B0A60BB", vulnerable: true, }, { criteria: "cpe:2.3:a:libssh:libssh:0.5.0:rc1:*:*:*:*:*:*", matchCriteriaId: "CF67514C-3240-42A4-9996-21E855104C59", vulnerable: true, }, { criteria: "cpe:2.3:a:libssh:libssh:0.5.1:*:*:*:*:*:*:*", matchCriteriaId: "7BBD0BC3-2467-414E-BD82-2A5778B810F9", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple double free vulnerabilities in the (1) agent_sign_data function in agent.c, (2) channel_request function in channels.c, (3) ssh_userauth_pubkey function in auth.c, (4) sftp_parse_attr_3 function in sftp.c, and (5) try_publickey_from_file function in keyfiles.c in libssh before 0.5.3 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.", }, { lang: "es", value: "Múltiples vulnerabilidades de doble liberación en las funciones (1) agent_sign_data en agent.c, (2) channel_request en channels.c, (3) ssh_userauth_pubkey en auth.c, (4) sftp_parse_attr_3 en sftp.c, y (5) try_publickey_from_file en keyfiles.c en libssh antes de v0.5.3 permiten a atacantes remotos provocar una denegación de servicio (caída de la aplicación) y posiblemente ejecutar código de su elección a través de vectores no especificados.\r\n", }, ], id: "CVE-2012-4559", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2012-11-30T22:55:01.643", references: [ { source: "secalert@redhat.com", url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/093313.html", }, { source: "secalert@redhat.com", url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/093474.html", }, { source: "secalert@redhat.com", url: "http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00002.html", }, { source: "secalert@redhat.com", url: "http://lists.opensuse.org/opensuse-updates/2012-12/msg00016.html", }, { source: "secalert@redhat.com", url: "http://lists.opensuse.org/opensuse-updates/2013-01/msg00021.html", }, { source: "secalert@redhat.com", url: "http://www.debian.org/security/2012/dsa-2577", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://www.libssh.org/2012/11/20/libssh-0-5-3-security-release/", }, { source: "secalert@redhat.com", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2012:175", }, { source: "secalert@redhat.com", url: "http://www.openwall.com/lists/oss-security/2012/11/20/3", }, { source: "secalert@redhat.com", url: "http://www.securityfocus.com/bid/56604", }, { source: "secalert@redhat.com", url: "http://www.ubuntu.com/usn/USN-1640-1", }, { source: "secalert@redhat.com", url: "https://bugzilla.redhat.com/show_bug.cgi?id=871612", }, { source: "secalert@redhat.com", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/80218", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/093313.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/093474.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00002.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-updates/2012-12/msg00016.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-updates/2013-01/msg00021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.debian.org/security/2012/dsa-2577", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.libssh.org/2012/11/20/libssh-0-5-3-security-release/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2012:175", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2012/11/20/3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/56604", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-1640-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://bugzilla.redhat.com/show_bug.cgi?id=871612", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/80218", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-399", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2012-11-30 22:55
Modified
2025-04-11 00:51
Severity ?
Summary
The (1) publickey_make_dss, (2) publickey_make_rsa, (3) signature_from_string, (4) ssh_do_sign, and (5) ssh_sign_session_id functions in keys.c in libssh before 0.5.3 free "an invalid pointer on an error path," which might allow remote attackers to cause a denial of service (crash) via unspecified vectors.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:libssh:libssh:*:*:*:*:*:*:*:*", matchCriteriaId: "5C70E449-A62A-4670-8786-093A915EF07C", versionEndIncluding: "0.5.2", vulnerable: true, }, { criteria: "cpe:2.3:a:libssh:libssh:0.4.7:*:*:*:*:*:*:*", matchCriteriaId: "EA0F1552-63D8-4E97-A44A-EF55E8A330B7", vulnerable: true, }, { criteria: "cpe:2.3:a:libssh:libssh:0.4.8:*:*:*:*:*:*:*", matchCriteriaId: "6514D889-F87F-44D1-9C7B-5BE75676DCFF", vulnerable: true, }, { criteria: "cpe:2.3:a:libssh:libssh:0.5.0:*:*:*:*:*:*:*", matchCriteriaId: "A80094C5-1273-43AB-9E1E-096D8B0A60BB", vulnerable: true, }, { criteria: "cpe:2.3:a:libssh:libssh:0.5.0:rc1:*:*:*:*:*:*", matchCriteriaId: "CF67514C-3240-42A4-9996-21E855104C59", vulnerable: true, }, { criteria: "cpe:2.3:a:libssh:libssh:0.5.1:*:*:*:*:*:*:*", matchCriteriaId: "7BBD0BC3-2467-414E-BD82-2A5778B810F9", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The (1) publickey_make_dss, (2) publickey_make_rsa, (3) signature_from_string, (4) ssh_do_sign, and (5) ssh_sign_session_id functions in keys.c in libssh before 0.5.3 free \"an invalid pointer on an error path,\" which might allow remote attackers to cause a denial of service (crash) via unspecified vectors.", }, { lang: "es", value: "Las funciones (1) publickey_make_dss, (2) publickey_make_rsa, (3) signature_from_string, (4) ssh_do_sign y (5) ssh_sign_session_id en keys.c en libssh en versiones anteriores a la 0.5.3 liberan \"un puntero no válido en una ruta errónea\", lo que podría permitir a atacantes remotos provocar una denegación de servicio (caída) a través de vectores no especificados.", }, ], id: "CVE-2012-4561", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: true, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2012-11-30T22:55:01.720", references: [ { source: "secalert@redhat.com", url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/093313.html", }, { source: "secalert@redhat.com", url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/093474.html", }, { source: "secalert@redhat.com", url: "http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00002.html", }, { source: "secalert@redhat.com", url: "http://lists.opensuse.org/opensuse-updates/2012-12/msg00016.html", }, { source: "secalert@redhat.com", url: "http://lists.opensuse.org/opensuse-updates/2013-01/msg00021.html", }, { source: "secalert@redhat.com", url: "http://www.debian.org/security/2012/dsa-2577", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://www.libssh.org/2012/11/20/libssh-0-5-3-security-release/", }, { source: "secalert@redhat.com", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2012:175", }, { source: "secalert@redhat.com", url: "http://www.openwall.com/lists/oss-security/2012/11/20/3", }, { source: "secalert@redhat.com", url: "http://www.securityfocus.com/bid/56604", }, { source: "secalert@redhat.com", url: "http://www.ubuntu.com/usn/USN-1640-1", }, { source: "secalert@redhat.com", url: "https://bugzilla.redhat.com/show_bug.cgi?id=871617", }, { source: "secalert@redhat.com", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/80220", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/093313.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/093474.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00002.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-updates/2012-12/msg00016.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-updates/2013-01/msg00021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.debian.org/security/2012/dsa-2577", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.libssh.org/2012/11/20/libssh-0-5-3-security-release/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2012:175", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2012/11/20/3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/56604", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-1640-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://bugzilla.redhat.com/show_bug.cgi?id=871617", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/80220", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2012-11-30 22:55
Modified
2025-04-11 00:51
Severity ?
Summary
Double free vulnerability in the sftp_mkdir function in sftp.c in libssh before 0.5.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors, a different vector than CVE-2012-4559.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:libssh:libssh:*:*:*:*:*:*:*:*", matchCriteriaId: "5C70E449-A62A-4670-8786-093A915EF07C", versionEndIncluding: "0.5.2", vulnerable: true, }, { criteria: "cpe:2.3:a:libssh:libssh:0.4.7:*:*:*:*:*:*:*", matchCriteriaId: "EA0F1552-63D8-4E97-A44A-EF55E8A330B7", vulnerable: true, }, { criteria: "cpe:2.3:a:libssh:libssh:0.4.8:*:*:*:*:*:*:*", matchCriteriaId: "6514D889-F87F-44D1-9C7B-5BE75676DCFF", vulnerable: true, }, { criteria: "cpe:2.3:a:libssh:libssh:0.5.0:*:*:*:*:*:*:*", matchCriteriaId: "A80094C5-1273-43AB-9E1E-096D8B0A60BB", vulnerable: true, }, { criteria: "cpe:2.3:a:libssh:libssh:0.5.0:rc1:*:*:*:*:*:*", matchCriteriaId: "CF67514C-3240-42A4-9996-21E855104C59", vulnerable: true, }, { criteria: "cpe:2.3:a:libssh:libssh:0.5.1:*:*:*:*:*:*:*", matchCriteriaId: "7BBD0BC3-2467-414E-BD82-2A5778B810F9", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Double free vulnerability in the sftp_mkdir function in sftp.c in libssh before 0.5.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors, a different vector than CVE-2012-4559.", }, { lang: "es", value: "Vulnerabilidad de doble liberación en la función sftp_mkdir en sftp.c en libssh antes de v0.5.3 permite a atacantes remotos provocar una denegación de servicio (caída) y posiblemente ejecutar código arbitrario a través de vectores no especificados, un vector diferente de CVE-2012-4559.", }, ], id: "CVE-2012-6063", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: true, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2012-11-30T22:55:01.893", references: [ { source: "cve@mitre.org", url: "http://git.libssh.org/projects/libssh.git/commit/?h=v0-5&id=4d8420f3282ed07fc99fc5e930c17df27ef1e9b2", }, { source: "cve@mitre.org", url: "http://www.debian.org/security/2012/dsa-2577", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://www.libssh.org/2012/11/20/libssh-0-5-3-security-release/", }, { source: "cve@mitre.org", url: "https://bugzilla.redhat.com/show_bug.cgi?id=871612", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://git.libssh.org/projects/libssh.git/commit/?h=v0-5&id=4d8420f3282ed07fc99fc5e930c17df27ef1e9b2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.debian.org/security/2012/dsa-2577", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.libssh.org/2012/11/20/libssh-0-5-3-security-release/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://bugzilla.redhat.com/show_bug.cgi?id=871612", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-399", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-12-10 23:15
Modified
2024-11-21 04:27
Severity ?
Summary
A flaw was found with the libssh API function ssh_scp_new() in versions before 0.9.3 and before 0.8.8. When the libssh SCP client connects to a server, the scp command, which includes a user-provided path, is executed on the server-side. In case the library is used in a way where users can influence the third parameter of the function, it would become possible for an attacker to inject arbitrary commands, leading to a compromise of the remote target.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| libssh | libssh | * | |
| libssh | libssh | * | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 19.04 | |
| canonical | ubuntu_linux | 19.10 | |
| opensuse | leap | 15.1 | |
| fedoraproject | fedora | 30 | |
| fedoraproject | fedora | 31 | |
| debian | debian_linux | 8.0 | |
| oracle | mysql_workbench | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:libssh:libssh:*:*:*:*:*:*:*:*", matchCriteriaId: "087E8B29-3C05-4B51-BF55-0917BB6F3CCA", versionEndExcluding: "0.8.8", vulnerable: true, }, { criteria: "cpe:2.3:a:libssh:libssh:*:*:*:*:*:*:*:*", matchCriteriaId: "889AAD5C-582E-468C-AD3F-E171E007EEAB", versionEndExcluding: "0.9.3", versionStartIncluding: "0.9.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", matchCriteriaId: "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*", matchCriteriaId: "CD783B0C-9246-47D9-A937-6144FE8BFF0F", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*", matchCriteriaId: "A31C8344-3E02-4EB8-8BD8-4C84B7959624", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", matchCriteriaId: "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", matchCriteriaId: "80F0FA5D-8D3B-4C0E-81E2-87998286AF33", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:mysql_workbench:*:*:*:*:*:*:*:*", matchCriteriaId: "7B4DA1DD-9BC1-4D76-BB41-6E6D69838571", versionEndIncluding: "8.0.19", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A flaw was found with the libssh API function ssh_scp_new() in versions before 0.9.3 and before 0.8.8. When the libssh SCP client connects to a server, the scp command, which includes a user-provided path, is executed on the server-side. In case the library is used in a way where users can influence the third parameter of the function, it would become possible for an attacker to inject arbitrary commands, leading to a compromise of the remote target.", }, { lang: "es", value: "Se detectó un fallo con la función ssh_scp_new() de la API libssh en versiones anteriores a 0.9.3 y anteriores a 0.8.8. Cuando el cliente libssh SCP se conecta a un servidor, el comando scp, que incluye una ruta provista por el usuario, es ejecutado en el lado del servidor. En caso de que la biblioteca sea usada de manera que los usuarios puedan influir en el tercer parámetro de la función, sería posible para un atacante inyectar comandos arbitrarios, lo que comprometería el objetivo remoto.", }, ], id: "CVE-2019-14889", lastModified: "2024-11-21T04:27:37.110", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 9.3, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "secalert@redhat.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-12-10T23:15:10.580", references: [ { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00033.html", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00047.html", }, { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14889", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2019/12/msg00020.html", }, { source: "secalert@redhat.com", url: "https://lists.debian.org/debian-lts-announce/2023/05/msg00029.html", }, { source: "secalert@redhat.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7JJWJTXVWLLJTVHBPGWL7472S5FWXYQR/", }, { source: "secalert@redhat.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EV2ONSPDJCTDVORCB4UGRQUZQQ46JHRN/", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202003-27", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4219-1/", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://www.libssh.org/security/advisories/CVE-2019-14889.txt", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00033.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00047.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14889", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2019/12/msg00020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.debian.org/debian-lts-announce/2023/05/msg00029.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7JJWJTXVWLLJTVHBPGWL7472S5FWXYQR/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EV2ONSPDJCTDVORCB4UGRQUZQQ46JHRN/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202003-27", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4219-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.libssh.org/security/advisories/CVE-2019-14889.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-78", }, ], source: "secalert@redhat.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-78", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-08-31 17:15
Modified
2024-11-21 06:22
Severity ?
Summary
A flaw has been found in libssh in versions prior to 0.9.6. The SSH protocol keeps track of two shared secrets during the lifetime of the session. One of them is called secret_hash and the other session_id. Initially, both of them are the same, but after key re-exchange, previous session_id is kept and used as an input to new secret_hash. Historically, both of these buffers had shared length variable, which worked as long as these buffers were same. But the key re-exchange operation can also change the key exchange method, which can be based on hash of different size, eventually creating "secret_hash" of different size than the session_id has. This becomes an issue when the session_id memory is zeroed or when it is used again during second key re-exchange.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| libssh | libssh | * | |
| redhat | virtualization | 4.0 | |
| redhat | enterprise_linux | 8.0 | |
| debian | debian_linux | 10.0 | |
| debian | debian_linux | 11.0 | |
| fedoraproject | fedora | 33 | |
| fedoraproject | fedora | 34 | |
| fedoraproject | fedora | 35 | |
| oracle | mysql_workbench | * | |
| netapp | cloud_backup | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:libssh:libssh:*:*:*:*:*:*:*:*", matchCriteriaId: "45D76734-EC25-46B5-BA69-C3A6809CB194", versionEndExcluding: "0.9.6", versionStartIncluding: "0.9.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*", matchCriteriaId: "6BBD7A51-0590-4DDF-8249-5AFA8D645CB6", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:-:*:*:*", matchCriteriaId: "053C1B35-3869-41C2-9551-044182DE0A64", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", matchCriteriaId: "FA6FEEC2-9F11-4643-8827-749718254FED", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", matchCriteriaId: "E460AA51-FCDA-46B9-AE97-E6676AA5E194", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", matchCriteriaId: "A930E247-0B43-43CB-98FF-6CE7B8189835", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", matchCriteriaId: "80E516C0-98A4-4ADE-B69F-66A772E2BAAA", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:mysql_workbench:*:*:*:*:*:*:*:*", matchCriteriaId: "6B9C558D-B200-45F2-9575-0816A10C58FA", versionEndIncluding: "8.0.27", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", matchCriteriaId: "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A flaw has been found in libssh in versions prior to 0.9.6. The SSH protocol keeps track of two shared secrets during the lifetime of the session. One of them is called secret_hash and the other session_id. Initially, both of them are the same, but after key re-exchange, previous session_id is kept and used as an input to new secret_hash. Historically, both of these buffers had shared length variable, which worked as long as these buffers were same. But the key re-exchange operation can also change the key exchange method, which can be based on hash of different size, eventually creating \"secret_hash\" of different size than the session_id has. This becomes an issue when the session_id memory is zeroed or when it is used again during second key re-exchange.", }, { lang: "es", value: "Se ha encontrado un fallo en libssh en versiones anteriores a 0.9.6. El protocolo SSH mantiene un registro de dos secretos compartidos durante el tiempo de la sesión. Uno de ellos se llama secret_hash y el otro session_id. Inicialmente, ambos son el mismo, pero después del recambio de claves, el session_id anterior es mantenida y usada como entrada para el nuevo secret_hash. Históricamente, ambos búferes tenían una variable de longitud compartida, que funcionaba mientras estos búferes eran iguales. Pero la operación de recambio de claves también puede cambiar el método de intercambio de claves, que puede ser basado en un hash de diferente tamaño, creando eventualmente \"secret_hash\" de diferente tamaño que el session_id presenta. Esto se convierte en un problema cuando la memoria de session_id se pone a cero o cuando es usada de nuevo durante el segundo intercambio de claves", }, ], id: "CVE-2021-3634", lastModified: "2024-11-21T06:22:02.090", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 4, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-08-31T17:15:08.323", references: [ { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1978810", }, { source: "secalert@redhat.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DRK67AJCWYYVAGF5SGAHNZXCX3PN3ZFP/", }, { source: "secalert@redhat.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JKYD3ZRAMDAQX3ZW6THHUF3GXN7FF6B4/", }, { source: "secalert@redhat.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVWAAB2XMKEUMPMDALINKAA4U2QM4LNG/", }, { source: "secalert@redhat.com", url: "https://security.gentoo.org/glsa/202312-05", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20211004-0003/", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2021/dsa-4965", }, { source: "secalert@redhat.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1978810", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DRK67AJCWYYVAGF5SGAHNZXCX3PN3ZFP/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JKYD3ZRAMDAQX3ZW6THHUF3GXN7FF6B4/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVWAAB2XMKEUMPMDALINKAA4U2QM4LNG/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.gentoo.org/glsa/202312-05", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20211004-0003/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2021/dsa-4965", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "secalert@redhat.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2014-12-29 00:59
Modified
2025-04-12 10:46
Severity ?
Summary
Double free vulnerability in the ssh_packet_kexinit function in kex.c in libssh 0.5.x and 0.6.x before 0.6.4 allows remote attackers to cause a denial of service via a crafted kexinit packet.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| libssh | libssh | 0.5.0 | |
| libssh | libssh | 0.5.2 | |
| libssh | libssh | 0.5.3 | |
| libssh | libssh | 0.5.4 | |
| libssh | libssh | 0.5.5 | |
| libssh | libssh | 0.6.0 | |
| libssh | libssh | 0.6.1 | |
| libssh | libssh | 0.6.2 | |
| libssh | libssh | 0.6.3 | |
| debian | debian_linux | 7.0 | |
| debian | debian_linux | 8.0 | |
| opensuse | opensuse | 12.3 | |
| opensuse | opensuse | 13.1 | |
| opensuse | opensuse | 13.2 | |
| fedoraproject | fedora | 19 | |
| fedoraproject | fedora | 20 | |
| fedoraproject | fedora | 21 | |
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 14.10 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:libssh:libssh:0.5.0:*:*:*:*:*:*:*", matchCriteriaId: "A80094C5-1273-43AB-9E1E-096D8B0A60BB", vulnerable: true, }, { criteria: "cpe:2.3:a:libssh:libssh:0.5.2:*:*:*:*:*:*:*", matchCriteriaId: "3D611A20-8A47-43DE-A6EC-90977C227C64", vulnerable: true, }, { criteria: "cpe:2.3:a:libssh:libssh:0.5.3:*:*:*:*:*:*:*", matchCriteriaId: "28074A59-84B3-417F-B18A-5979F940A027", vulnerable: true, }, { criteria: "cpe:2.3:a:libssh:libssh:0.5.4:*:*:*:*:*:*:*", matchCriteriaId: "4FDA1F32-B3D1-416B-BE64-8B80C99B9DB4", vulnerable: true, }, { criteria: "cpe:2.3:a:libssh:libssh:0.5.5:*:*:*:*:*:*:*", matchCriteriaId: "D4721CE8-E74D-42CF-AB75-E6F73A6F75BB", vulnerable: true, }, { criteria: "cpe:2.3:a:libssh:libssh:0.6.0:*:*:*:*:*:*:*", matchCriteriaId: "26F92DD2-760B-4C4A-9AA8-384327B8699A", vulnerable: true, }, { criteria: "cpe:2.3:a:libssh:libssh:0.6.1:*:*:*:*:*:*:*", matchCriteriaId: "388BE929-54F4-4058-B869-9E1663825AD6", vulnerable: true, }, { criteria: "cpe:2.3:a:libssh:libssh:0.6.2:*:*:*:*:*:*:*", matchCriteriaId: "90396763-DE20-43FE-B251-F3B3C15B7ADB", vulnerable: true, }, { criteria: "cpe:2.3:a:libssh:libssh:0.6.3:*:*:*:*:*:*:*", matchCriteriaId: "AA818EB5-6504-46F0-9848-57392B63C079", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", matchCriteriaId: "16F59A04-14CF-49E2-9973-645477EA09DA", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*", matchCriteriaId: "DFBF430B-0832-44B0-AA0E-BA9E467F7668", vulnerable: true, }, { criteria: "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", matchCriteriaId: "A10BC294-9196-425F-9FB0-B1625465B47F", vulnerable: true, }, { criteria: "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*", matchCriteriaId: "03117DF1-3BEC-4B8D-AD63-DBBDB2126081", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*", matchCriteriaId: "5991814D-CA77-4C25-90D2-DB542B17E0AD", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*", matchCriteriaId: "FF47C9F0-D8DA-4B55-89EB-9B2C9383ADB9", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*", matchCriteriaId: "56BDB5A0-0839-4A20-A003-B8CD56F48171", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", matchCriteriaId: "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", matchCriteriaId: "B5A6F2F3-4894-4392-8296-3B8DD2679084", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*", matchCriteriaId: "49A63F39-30BE-443F-AF10-6245587D3359", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Double free vulnerability in the ssh_packet_kexinit function in kex.c in libssh 0.5.x and 0.6.x before 0.6.4 allows remote attackers to cause a denial of service via a crafted kexinit packet.", }, { lang: "es", value: "Vulnerabilidad de doble liberación en la función ssh_packet_kexinit en kex.c en libssh 0.5.x y 0.6.x anterior a 0.6.4 permite a atacantes remotos causar una denegación de servicio a través del paquete modificado kexinit.", }, ], evaluatorComment: "<a href=\"http://cwe.mitre.org/data/definitions/415.html\">CWE-415: Double Free</a>", id: "CVE-2014-8132", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2014-12-29T00:59:00.060", references: [ { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://advisories.mageia.org/MGASA-2015-0014.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147367.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147452.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147464.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-updates/2015-01/msg00007.html", }, { source: "secalert@redhat.com", url: "http://secunia.com/advisories/60838", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://www.debian.org/security/2016/dsa-3488", }, { source: "secalert@redhat.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.libssh.org/2014/12/19/libssh-0-6-4-security-and-bugfix-release/", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2015:020", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-2478-1", }, { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Third Party Advisory", "VDB Entry", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1158089", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/201606-12", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://advisories.mageia.org/MGASA-2015-0014.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147367.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147452.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147464.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-updates/2015-01/msg00007.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/60838", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.debian.org/security/2016/dsa-3488", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.libssh.org/2014/12/19/libssh-0-6-4-security-and-bugfix-release/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2015:020", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-2478-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", "VDB Entry", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1158089", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/201606-12", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-10-17 12:29
Modified
2024-11-21 03:42
Severity ?
9.1 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
9.1 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
9.1 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Summary
A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. A malicious client could create channels without first performing authentication, resulting in unauthorized access.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| libssh | libssh | * | |
| libssh | libssh | * | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 18.10 | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| redhat | enterprise_linux | 7.0 | |
| netapp | oncommand_unified_manager | * | |
| netapp | oncommand_unified_manager | * | |
| netapp | oncommand_workflow_automation | - | |
| netapp | snapcenter | - | |
| netapp | storage_automation_store | - | |
| oracle | mysql_workbench | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:libssh:libssh:*:*:*:*:*:*:*:*", matchCriteriaId: "850C5633-D6DD-4C96-8010-67B53F70E43B", versionEndExcluding: "0.7.6", versionStartIncluding: "0.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:libssh:libssh:*:*:*:*:*:*:*:*", matchCriteriaId: "24880ACB-F06F-4A56-AD91-CA37E2E78994", versionEndExcluding: "0.8.4", versionStartIncluding: "0.8.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", matchCriteriaId: "B5A6F2F3-4894-4392-8296-3B8DD2679084", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", matchCriteriaId: "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", matchCriteriaId: "07C312A0-CD2C-4B9C-B064-6409B25C278F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", matchCriteriaId: "142AD0DD-4CF3-4D74-9442-459CE3347E3A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:windows:*:*", matchCriteriaId: "6AADE2A6-B78C-4B9C-8FAB-58DB50F69D84", versionStartIncluding: "7.3", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere:*:*", matchCriteriaId: "7E49ACFC-FD48-4ED7-86E8-68B5B753852C", versionStartIncluding: "9.4", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*", matchCriteriaId: "5735E553-9731-4AAC-BCFF-989377F817B3", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*", matchCriteriaId: "BDFB1169-41A0-4A86-8E4F-FDA9730B1E94", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*", matchCriteriaId: "7B7A6697-98CC-4E36-93DB-B7160F8399F9", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:mysql_workbench:*:*:*:*:*:*:*:*", matchCriteriaId: "8EE7FAC3-D61F-42E8-8E3A-172CE9AD9A12", versionEndIncluding: "8.0.13", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. A malicious client could create channels without first performing authentication, resulting in unauthorized access.", }, { lang: "es", value: "Se ha detectado una vulnerabilidad en la máquina de estado del lado del servidor de libssh en versiones anteriores a la 0.7.6 y 0.8.4. Un cliente malicioso podría crear canales sin realizar antes la autenticación, lo que resulta en un acceso no autorizado.", }, ], id: "CVE-2018-10933", lastModified: "2024-11-21T03:42:20.323", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 6.4, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 9.1, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 5.2, source: "secalert@redhat.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 9.1, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 5.2, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-10-17T12:29:00.650", references: [ { source: "secalert@redhat.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/105677", }, { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10933", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2018/10/msg00010.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0016", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20190118-0002/", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3795-1/", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3795-2/", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2018/dsa-4322", }, { source: "secalert@redhat.com", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/45638/", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://www.libssh.org/security/advisories/CVE-2018-10933.txt", }, { source: "secalert@redhat.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/105677", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10933", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2018/10/msg00010.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0016", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20190118-0002/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3795-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3795-2/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2018/dsa-4322", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/45638/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.libssh.org/security/advisories/CVE-2018-10933.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-592", }, ], source: "secalert@redhat.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-287", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-07-29 21:15
Modified
2024-11-21 05:06
Severity ?
Summary
libssh 0.9.4 has a NULL pointer dereference in tftpserver.c if ssh_buffer_new returns NULL.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| libssh | libssh | 0.9.4 | |
| debian | debian_linux | 9.0 | |
| fedoraproject | fedora | 32 | |
| fedoraproject | fedora | 33 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 20.04 | |
| oracle | communications_cloud_native_core_policy | 1.15.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:libssh:libssh:0.9.4:*:*:*:*:*:*:*", matchCriteriaId: "07EAEA9E-0BFD-4EB0-A128-B42338006D63", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", matchCriteriaId: "36D96259-24BD-44E2-96D9-78CE1D41F956", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", matchCriteriaId: "E460AA51-FCDA-46B9-AE97-E6676AA5E194", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", matchCriteriaId: "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*", matchCriteriaId: "902B8056-9E37-443B-8905-8AA93E2447FB", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.15.0:*:*:*:*:*:*:*", matchCriteriaId: "B4367D9B-BF81-47AD-A840-AC46317C774D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "libssh 0.9.4 has a NULL pointer dereference in tftpserver.c if ssh_buffer_new returns NULL.", }, { lang: "es", value: "libssh versión 0.9.4, presenta una desreferencia del puntero NULL en el archivo tftpserver.c si la función ssh_buffer_new devuelve NULL", }, ], id: "CVE-2020-16135", lastModified: "2024-11-21T05:06:49.527", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-07-29T21:15:13.507", references: [ { source: "cve@mitre.org", tags: [ "Issue Tracking", "Vendor Advisory", ], url: "https://bugs.libssh.org/T232", }, { source: "cve@mitre.org", tags: [ "Exploit", "Issue Tracking", "Vendor Advisory", ], url: "https://bugs.libssh.org/rLIBSSHe631ebb3e2247dd25e9678e6827c20dc73b73238", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://gitlab.com/libssh/libssh-mirror/-/merge_requests/120", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/07/msg00034.html", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FCIKQRKXAAB4HMWM62EPZJ4DVBHIIEG6/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JNW5GBC6JFN76VEWQXMLT5F7VCZ5AJ2E/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202011-05", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4447-1/", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Vendor Advisory", ], url: "https://bugs.libssh.org/T232", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Vendor Advisory", ], url: "https://bugs.libssh.org/rLIBSSHe631ebb3e2247dd25e9678e6827c20dc73b73238", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://gitlab.com/libssh/libssh-mirror/-/merge_requests/120", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/07/msg00034.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FCIKQRKXAAB4HMWM62EPZJ4DVBHIIEG6/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JNW5GBC6JFN76VEWQXMLT5F7VCZ5AJ2E/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202011-05", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4447-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-476", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-05-26 18:15
Modified
2024-11-21 07:58
Severity ?
Summary
A vulnerability was found in libssh, where the authentication check of the connecting client can be bypassed in the`pki_verify_data_signature` function in memory allocation problems. This issue may happen if there is insufficient memory or the memory usage is limited. The problem is caused by the return value `rc,` which is initialized to SSH_ERROR and later rewritten to save the return value of the function call `pki_key_check_hash_compatible.` The value of the variable is not changed between this point and the cryptographic verification. Therefore any error between them calls `goto error` returning SSH_OK.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| libssh | libssh | * | |
| libssh | libssh | * | |
| fedoraproject | fedora | 37 | |
| redhat | enterprise_linux | 8.0 | |
| redhat | enterprise_linux | 9.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:libssh:libssh:*:*:*:*:*:*:*:*", matchCriteriaId: "4ABFA49F-EB6C-45E4-8347-1E0A0FD65908", versionEndIncluding: "0.9.6", versionStartIncluding: "0.9.1", vulnerable: true, }, { criteria: "cpe:2.3:a:libssh:libssh:*:*:*:*:*:*:*:*", matchCriteriaId: "B02C8B4E-0AD2-44B9-B32A-21986D00F9F5", versionEndIncluding: "0.10.4", versionStartIncluding: "0.10.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*", matchCriteriaId: "E30D0E6F-4AE8-4284-8716-991DFA48CC5D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "F4CFF558-3C47-480D-A2F0-BABF26042943", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "7F6FB57C-2BC7-487C-96DD-132683AEB35D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability was found in libssh, where the authentication check of the connecting client can be bypassed in the`pki_verify_data_signature` function in memory allocation problems. This issue may happen if there is insufficient memory or the memory usage is limited. The problem is caused by the return value `rc,` which is initialized to SSH_ERROR and later rewritten to save the return value of the function call `pki_key_check_hash_compatible.` The value of the variable is not changed between this point and the cryptographic verification. Therefore any error between them calls `goto error` returning SSH_OK.", }, ], id: "CVE-2023-2283", lastModified: "2024-11-21T07:58:18.360", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 2.5, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-05-26T18:15:13.770", references: [ { source: "secalert@redhat.com", url: "http://packetstormsecurity.com/files/172861/libssh-0.9.6-0.10.4-pki_verify_data_signature-Authorization-Bypass.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/security/cve/CVE-2023-2283", }, { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2189736", }, { source: "secalert@redhat.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/27PD44ALQTZXX7K6JAM3BXBUHYA6DFFN/", }, { source: "secalert@redhat.com", url: "https://security.gentoo.org/glsa/202312-05", }, { source: "secalert@redhat.com", url: "https://security.netapp.com/advisory/ntap-20240201-0005/", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://www.libssh.org/security/advisories/CVE-2023-2283.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://packetstormsecurity.com/files/172861/libssh-0.9.6-0.10.4-pki_verify_data_signature-Authorization-Bypass.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/security/cve/CVE-2023-2283", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2189736", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/27PD44ALQTZXX7K6JAM3BXBUHYA6DFFN/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.gentoo.org/glsa/202312-05", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.netapp.com/advisory/ntap-20240201-0005/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.libssh.org/security/advisories/CVE-2023-2283.txt", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-287", }, ], source: "secalert@redhat.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-287", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-12-18 16:15
Modified
2024-12-02 14:54
Severity ?
Summary
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*", matchCriteriaId: "5308FBBB-F738-41C5-97A4-E40118E957CD", versionEndExcluding: "9.6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:putty:putty:*:*:*:*:*:*:*:*", matchCriteriaId: "A9D807DB-9E20-4792-8A9F-4BFFC841BAB7", versionEndExcluding: "0.80", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:filezilla-project:filezilla_client:*:*:*:*:*:*:*:*", matchCriteriaId: "42915485-A4DA-48DD-9C15-415D2D39DC52", versionEndExcluding: "3.66.4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:powershell:*:*:*:*:*:*:*:*", matchCriteriaId: "9F37C9AC-185F-403A-A79B-2D5C8E11AFC4", versionEndIncluding: "11.1.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", matchCriteriaId: "387021A0-AF36-463C-A605-32EA7DAC172E", vulnerable: false, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:a:panic:transmit_5:*:*:*:*:*:*:*:*", matchCriteriaId: "31FFE0AA-FC25-40DE-8EE9-7F4C80ABDE4F", versionEndExcluding: "5.10.4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", matchCriteriaId: "387021A0-AF36-463C-A605-32EA7DAC172E", vulnerable: false, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:a:panic:nova:*:*:*:*:*:*:*:*", matchCriteriaId: "F2FCF7EF-97D7-44CF-AC74-72D856901755", versionEndExcluding: "11.8", vulnerable: true, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:roumenpetrov:pkixssh:*:*:*:*:*:*:*:*", matchCriteriaId: "53CAD263-1C60-43BD-86A2-C8DB15FFB4C6", versionEndExcluding: "14.4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:winscp:winscp:*:*:*:*:*:*:*:*", matchCriteriaId: "8FA57F20-C9C1-40A7-B2CD-F3440CCF1D66", versionEndExcluding: "6.2.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:bitvise:ssh_client:*:*:*:*:*:*:*:*", matchCriteriaId: "6209E375-10C7-4E65-A2E7-455A686717AC", versionEndExcluding: "9.33", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:bitvise:ssh_server:*:*:*:*:*:*:*:*", matchCriteriaId: "1A05CC3C-19C5-4BAA-ABA2-EE1795E0BE81", versionEndExcluding: "9.32", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:lancom-systems:lcos:*:*:*:*:*:*:*:*", matchCriteriaId: "3A71B523-0778-46C6-A38B-64452E0BB6E7", versionEndIncluding: "3.66.4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:lancom-systems:lcos_fx:-:*:*:*:*:*:*:*", matchCriteriaId: "F1C91308-15E5-40AF-B4D5-3CAD7BC65DDF", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:lancom-systems:lcos_lx:-:*:*:*:*:*:*:*", matchCriteriaId: "418940E3-6DD1-4AA6-846A-03E059D0C681", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:lancom-systems:lcos_sx:4.20:*:*:*:*:*:*:*", matchCriteriaId: "411BA58A-33B6-44CA-B9D6-7F9042D46961", vulnerable: true, }, { criteria: "cpe:2.3:o:lancom-systems:lcos_sx:5.20:*:*:*:*:*:*:*", matchCriteriaId: "FA17A153-30E4-4731-8706-8F74FCA50993", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:lancom-systems:lanconfig:-:*:*:*:*:*:*:*", matchCriteriaId: "FB736F57-9BE3-4457-A10E-FA88D0932154", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:vandyke:securecrt:*:*:*:*:*:*:*:*", matchCriteriaId: "6EB8D02D-87F3-414D-A3EA-43F594DAAC1B", versionEndExcluding: "9.4.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:libssh:libssh:*:*:*:*:*:*:*:*", matchCriteriaId: "AAB481DA-FBFE-4CC2-9AE7-22025FA07494", versionEndExcluding: "0.10.6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:net-ssh:net-ssh:7.2.0:*:*:*:*:ruby:*:*", matchCriteriaId: "3D6FD459-F8E8-4126-8097-D30B4639404A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ssh2_project:ssh2:*:*:*:*:*:node.js:*:*", matchCriteriaId: "69510F52-C699-4E7D-87EF-7000682888F0", versionEndIncluding: "1.11.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:proftpd:proftpd:*:*:*:*:*:*:*:*", matchCriteriaId: "9461430B-3709-45B6-8858-2101F5AE4481", versionEndIncluding: "1.3.8b", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*", matchCriteriaId: "B9A01DF3-E20E-4F29-B5CF-DDF717D01E74", versionEndIncluding: "12.4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:crates:thrussh:*:*:*:*:*:*:*:*", matchCriteriaId: "D25EB73D-6145-4B7D-8F14-80FD0B458E99", versionEndExcluding: "0.35.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:tera_term_project:tera_term:*:*:*:*:*:*:*:*", matchCriteriaId: "77594DEC-B5F7-4911-A13D-FFE91C74BAFA", versionEndIncluding: "5.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oryx-embedded:cyclone_ssh:*:*:*:*:*:*:*:*", matchCriteriaId: "F8FF7E74-2351-4CD9-B717-FA28893293A1", versionEndExcluding: "2.3.4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:crushftp:crushftp:*:*:*:*:*:*:*:*", matchCriteriaId: "82A93C12-FEB6-4E82-B283-0ED7820D807E", versionEndIncluding: "10.6.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netsarang:xshell_7:*:*:*:*:*:*:*:*", matchCriteriaId: "B480AE79-2FA1-4281-9F0D-0DE812B9354D", versionEndExcluding: "build__0144", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:paramiko:paramiko:*:*:*:*:*:*:*:*", matchCriteriaId: "826B6323-06F8-4B96-8771-3FA15A727B08", versionEndExcluding: "3.4.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*", matchCriteriaId: "932D137F-528B-4526-9A89-CD59FA1AB0FE", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openstack_platform:16.1:*:*:*:*:*:*:*", matchCriteriaId: "DCC81071-B46D-4F5D-AC25-B4A4CCC20C73", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openstack_platform:16.2:*:*:*:*:*:*:*", matchCriteriaId: "4B3000D2-35DF-4A93-9FC0-1AD3AB8349B8", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openstack_platform:17.1:*:*:*:*:*:*:*", matchCriteriaId: "E315FC5C-FF19-43C9-A58A-CF2A5FF13824", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:ceph_storage:6.0:*:*:*:*:*:*:*", matchCriteriaId: "FA7EAD12-E398-44AF-9859-F3CA6C63BA6B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "F4CFF558-3C47-480D-A2F0-BABF26042943", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "7F6FB57C-2BC7-487C-96DD-132683AEB35D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift_serverless:-:*:*:*:*:*:*:*", matchCriteriaId: "77675CB7-67D7-44E9-B7FF-D224B3341AA5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift_gitops:-:*:*:*:*:*:*:*", matchCriteriaId: "C0AAA300-691A-4957-8B69-F6888CC971B1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift_pipelines:-:*:*:*:*:*:*:*", matchCriteriaId: "45937289-2D64-47CB-A750-5B4F0D4664A0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift_developer_tools_and_services:-:*:*:*:*:*:*:*", matchCriteriaId: "97321212-0E07-4CC2-A917-7B5F61AB9A5A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift_data_foundation:4.0:*:*:*:*:*:*:*", matchCriteriaId: "0E2C021C-A9F0-4EB4-ADED-81D8B57B4563", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift_api_for_data_protection:-:*:*:*:*:*:*:*", matchCriteriaId: "7BF8EFFB-5686-4F28-A68F-1A8854E098CE", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift_virtualization:4:*:*:*:*:*:*:*", matchCriteriaId: "9C877879-B84B-471C-80CF-0656521CA8AB", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:storage:3.0:*:*:*:*:*:*:*", matchCriteriaId: "379A5883-F6DF-41F5-9403-8D17F6605737", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:discovery:-:*:*:*:*:*:*:*", matchCriteriaId: "B5B1D946-5978-4818-BF21-A43D9C1365E1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift_dev_spaces:-:*:*:*:*:*:*:*", matchCriteriaId: "99B8A88B-0B31-4CFF-AFD7-C9D3DDD5790D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:cert-manager_operator_for_red_hat_openshift:-:*:*:*:*:*:*:*", matchCriteriaId: "6D5A7736-A403-4617-8790-18E46CB74DA6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:keycloak:-:*:*:*:*:*:*:*", matchCriteriaId: "6E0DE4E1-5D8D-40F3-8AC8-C7F736966158", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0:*:*:*:*:*:*:*", matchCriteriaId: "88BF3B2C-B121-483A-AEF2-8082F6DA5310", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:single_sign-on:7.0:*:*:*:*:*:*:*", matchCriteriaId: "9EFEC7CA-8DDA-48A6-A7B6-1F1D14792890", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:advanced_cluster_security:3.0:*:*:*:*:*:*:*", matchCriteriaId: "F0FD736A-8730-446A-BA3A-7B608DB62B0E", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:advanced_cluster_security:4.0:*:*:*:*:*:*:*", matchCriteriaId: "F4C504B6-3902-46E2-82B7-48AEC9CDD48D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:golang:crypto:*:*:*:*:*:*:*:*", matchCriteriaId: "F92E56DF-98DF-4328-B37E-4D5744E4103D", versionEndExcluding: "0.17.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:russh_project:russh:*:*:*:*:*:rust:*:*", matchCriteriaId: "AC12508E-3C31-44EA-B4F3-29316BE9B189", versionEndExcluding: "0.40.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:sftpgo_project:sftpgo:*:*:*:*:*:*:*:*", matchCriteriaId: "1750028C-698D-4E84-B727-8A155A46ADEB", versionEndExcluding: "2.5.6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*", matchCriteriaId: "3A9A8E99-7F4A-4B74-B86B-8B3E8B2A8776", versionEndExcluding: "26.2.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:matez:jsch:*:*:*:*:*:*:*:*", matchCriteriaId: "61119DB3-4336-4D3B-863A-0CCF4146E5C1", versionEndExcluding: "0.2.15", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:libssh2:libssh2:*:*:*:*:*:*:*:*", matchCriteriaId: "7BFDD272-3DF0-4E3F-B69A-E7ABF4B18B24", versionEndExcluding: "1.11.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:asyncssh_project:asyncssh:*:*:*:*:*:*:*:*", matchCriteriaId: "FAE46983-0ABC-49F7-AC18-A78FAC7E73AA", versionEndExcluding: "2.14.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:*:*:*:*:*:*:*:*", matchCriteriaId: "06BF3368-F232-4E6B-883E-A591EED5C827", versionEndExcluding: "2022.83", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:jadaptive:maverick_synergy_java_ssh_api:*:*:*:*:*:*:*:*", matchCriteriaId: "36531FB6-5682-4BF1-9785-E9D6D1C4207B", versionEndExcluding: "3.1.0-snapshot", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ssh:ssh:*:*:*:*:*:*:*:*", matchCriteriaId: "514ED687-0D7B-479B-82C5-7EB1A5EEC94C", versionEndExcluding: "5.11", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:thorntech:sftp_gateway_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "83B1AF39-C0B9-4031-B19A-BDDD4F337273", versionEndExcluding: "3.4.6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netgate:pfsense_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "2B71B0EF-888E-45E2-A055-F59CDCC1AFC7", versionEndIncluding: "23.09.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netgate:pfsense_ce:*:*:*:*:*:*:*:*", matchCriteriaId: "8F23CDF7-2881-4B4E-B84F-4E04F4ED8CCF", versionEndIncluding: "2.7.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:crushftp:crushftp:*:*:*:*:*:*:*:*", matchCriteriaId: "C1795F7A-203F-400E-B09C-0FAF16D01CFC", versionEndExcluding: "10.6.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:connectbot:sshlib:*:*:*:*:*:*:*:*", matchCriteriaId: "0D79DDDD-02F0-4C12-BE7F-1B9DF1722C7A", versionEndExcluding: "2.2.22", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:sshd:*:*:*:*:*:*:*:*", matchCriteriaId: "E2D7B0CA-C01F-4296-9425-48299E3889C5", versionEndIncluding: "2.11.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:sshj:*:*:*:*:*:*:*:*", matchCriteriaId: "1C3EB0B8-9E76-4146-AB02-02E20B91D55C", versionEndIncluding: "0.37.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:tinyssh:tinyssh:*:*:*:*:*:*:*:*", matchCriteriaId: "0582468A-149B-429F-978A-2AEDF4BE2606", versionEndIncluding: "20230101", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:trilead:ssh2:6401:*:*:*:*:*:*:*", matchCriteriaId: "7E4BAF06-5A79-46D7-8C4F-E670BD6B7C2D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:9bis:kitty:*:*:*:*:*:*:*:*", matchCriteriaId: "98321BF9-5E8F-4836-842C-47713B1C2775", versionEndIncluding: "0.76.1.13", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:gentoo:security:-:*:*:*:*:*:*:*", matchCriteriaId: "76BDAFDE-4515-42E6-820F-38AF4A786CF2", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:-:*:*:*:*:*:*:*", matchCriteriaId: "5920923E-0D52-44E5-801D-10B82846ED58", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", matchCriteriaId: "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*", matchCriteriaId: "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "73160D1F-755B-46D2-969F-DF8E43BB1099", versionEndExcluding: "14.4", versionStartIncluding: "14.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.", }, { lang: "es", value: "El protocolo de transporte SSH con ciertas extensiones OpenSSH, que se encuentra en OpenSSH anterior a 9.6 y otros productos, permite a atacantes remotos eludir las comprobaciones de integridad de modo que algunos paquetes se omiten (del mensaje de negociación de extensión) y, en consecuencia, un cliente y un servidor pueden terminar con una conexión para la cual algunas características de seguridad han sido degradadas o deshabilitadas, también conocido como un ataque Terrapin. Esto ocurre porque SSH Binary Packet Protocol (BPP), implementado por estas extensiones, maneja mal la fase de protocolo de enlace y el uso de números de secuencia. Por ejemplo, existe un ataque eficaz contra ChaCha20-Poly1305 (y CBC con Encrypt-then-MAC). La omisión se produce en chacha20-poly1305@openssh.com y (si se utiliza CBC) en los algoritmos MAC -etm@openssh.com. Esto también afecta a Maverick Synergy Java SSH API anterior a 3.1.0-SNAPSHOT, Dropbear hasta 2022.83, Ssh anterior a 5.1.1 en Erlang/OTP, PuTTY anterior a 0.80 y AsyncSSH anterior a 2.14.2; y podría haber efectos en Bitvise SSH hasta la versión 9.31, libssh hasta la 0.10.5 y golang.org/x/crypto hasta el 17 de diciembre de 2023.", }, ], id: "CVE-2023-48795", lastModified: "2024-12-02T14:54:27.177", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-12-18T16:15:10.897", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "http://www.openwall.com/lists/oss-security/2023/12/18/3", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "http://www.openwall.com/lists/oss-security/2023/12/19/5", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Mitigation", ], url: "http://www.openwall.com/lists/oss-security/2023/12/20/3", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "http://www.openwall.com/lists/oss-security/2024/03/06/3", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "http://www.openwall.com/lists/oss-security/2024/04/17/8", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/security/cve/cve-2023-48795", }, { source: "cve@mitre.org", tags: [ "Press/Media Coverage", ], url: "https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", ], url: "https://bugs.gentoo.org/920280", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2254210", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", ], url: "https://bugzilla.suse.com/show_bug.cgi?id=1217950", }, { source: "cve@mitre.org", tags: [ "Release Notes", ], url: "https://crates.io/crates/thrussh/versions", }, { source: "cve@mitre.org", tags: [ "Release Notes", ], url: "https://filezilla-project.org/versions.php", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", ], url: "https://forum.netgate.com/topic/184941/terrapin-ssh-attack", }, { source: "cve@mitre.org", tags: [ "Patch", ], url: "https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6", }, { source: "cve@mitre.org", tags: [ "Release Notes", ], url: "https://github.com/NixOS/nixpkgs/pull/275249", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", ], url: "https://github.com/PowerShell/Win32-OpenSSH/issues/2189", }, { source: "cve@mitre.org", tags: [ "Release Notes", ], url: "https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta", }, { source: "cve@mitre.org", tags: [ "Patch", ], url: "https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0", }, { source: "cve@mitre.org", tags: [ "Release Notes", ], url: "https://github.com/TeraTermProject/teraterm/releases/tag/v5.1", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://github.com/advisories/GHSA-45x7-px36-x8w8", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", ], url: "https://github.com/apache/mina-sshd/issues/445", }, { source: "cve@mitre.org", tags: [ "Patch", ], url: "https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", ], url: "https://github.com/cyd01/KiTTY/issues/520", }, { source: "cve@mitre.org", tags: [ "Release Notes", ], url: "https://github.com/drakkan/sftpgo/releases/tag/v2.5.6", }, { source: "cve@mitre.org", tags: [ "Patch", ], url: "https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42", }, { source: "cve@mitre.org", tags: [ "Release Notes", ], url: "https://github.com/erlang/otp/releases/tag/OTP-26.2.1", }, { source: "cve@mitre.org", tags: [ "Patch", ], url: "https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", ], url: "https://github.com/hierynomus/sshj/issues/916", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", ], url: "https://github.com/janmojzis/tinyssh/issues/81", }, { source: "cve@mitre.org", tags: [ "Patch", ], url: "https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5", }, { source: "cve@mitre.org", tags: [ "Mitigation", ], url: "https://github.com/libssh2/libssh2/pull/1291", }, { source: "cve@mitre.org", tags: [ "Patch", ], url: "https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25", }, { source: "cve@mitre.org", tags: [ "Patch", ], url: "https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3", }, { source: "cve@mitre.org", tags: [ "Product", ], url: "https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", ], url: "https://github.com/mwiede/jsch/issues/457", }, { source: "cve@mitre.org", tags: [ "Release Notes", ], url: "https://github.com/mwiede/jsch/pull/461", }, { source: "cve@mitre.org", tags: [ "Patch", ], url: "https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16", }, { source: "cve@mitre.org", tags: [ "Patch", ], url: "https://github.com/openssh/openssh-portable/commits/master", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", ], url: "https://github.com/paramiko/paramiko/issues/2337", }, { source: "cve@mitre.org", tags: [ "Release Notes", ], url: "https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES", }, { source: "cve@mitre.org", tags: [ "Release Notes", ], url: "https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES", }, { source: "cve@mitre.org", tags: [ "Release Notes", ], url: "https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", ], url: "https://github.com/proftpd/proftpd/issues/456", }, { source: "cve@mitre.org", tags: [ "Release Notes", ], url: "https://github.com/rapier1/hpn-ssh/releases", }, { source: "cve@mitre.org", tags: [ "Release Notes", ], url: "https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst", }, { source: "cve@mitre.org", tags: [ "Release Notes", ], url: "https://github.com/ronf/asyncssh/tags", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", ], url: "https://github.com/ssh-mitm/ssh-mitm/issues/165", }, { source: "cve@mitre.org", tags: [ "Release Notes", ], url: "https://github.com/warp-tech/russh/releases/tag/v0.40.2", }, { source: "cve@mitre.org", tags: [ "Release Notes", ], url: "https://gitlab.com/libssh/libssh-mirror/-/tags", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg", }, { source: "cve@mitre.org", tags: [ "Release Notes", ], url: "https://help.panic.com/releasenotes/transmit5/", }, { source: "cve@mitre.org", tags: [ "Press/Media Coverage", ], url: "https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/", }, { source: "cve@mitre.org", tags: [ "Release Notes", ], url: "https://matt.ucc.asn.au/dropbear/CHANGES", }, { source: "cve@mitre.org", tags: [ "Patch", ], url: "https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", ], url: "https://news.ycombinator.com/item?id=38684904", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", ], url: "https://news.ycombinator.com/item?id=38685286", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", ], url: "https://news.ycombinator.com/item?id=38732005", }, { source: "cve@mitre.org", tags: [ "Release Notes", ], url: "https://nova.app/releases/#v11.8", }, { source: "cve@mitre.org", tags: [ "Release Notes", ], url: "https://oryx-embedded.com/download/#changelog", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002", }, { source: "cve@mitre.org", tags: [ "Release Notes", ], url: "https://roumenpetrov.info/secsh/#news20231220", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://security-tracker.debian.org/tracker/CVE-2023-48795", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://security-tracker.debian.org/tracker/source-package/libssh2", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", ], url: "https://security-tracker.debian.org/tracker/source-package/trilead-ssh2", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202312-16", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202312-17", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20240105-0004/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT214084", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://thorntech.com/cve-2023-48795-and-sftp-gateway/", }, { source: "cve@mitre.org", tags: [ "Press/Media Coverage", ], url: "https://twitter.com/TrueSkrillor/status/1736774389725565005", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://ubuntu.com/security/CVE-2023-48795", }, { source: "cve@mitre.org", tags: [ "Release Notes", ], url: "https://winscp.net/eng/docs/history#6.2.2", }, { source: "cve@mitre.org", tags: [ "Release Notes", ], url: "https://www.bitvise.com/ssh-client-version-history#933", }, { source: "cve@mitre.org", tags: [ "Release Notes", ], url: "https://www.bitvise.com/ssh-server-version-history", }, { source: "cve@mitre.org", tags: [ "Release Notes", ], url: "https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html", }, { source: "cve@mitre.org", tags: [ "Release Notes", ], url: "https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", ], url: "https://www.debian.org/security/2023/dsa-5586", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", ], url: "https://www.debian.org/security/2023/dsa-5588", }, { source: "cve@mitre.org", tags: [ "Release Notes", ], url: "https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508", }, { source: "cve@mitre.org", tags: [ "Release Notes", ], url: "https://www.netsarang.com/en/xshell-update-history/", }, { source: "cve@mitre.org", tags: [ "Release Notes", ], url: "https://www.openssh.com/openbsd.html", }, { source: "cve@mitre.org", tags: [ "Release Notes", ], url: "https://www.openssh.com/txt/release-9.6", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "https://www.openwall.com/lists/oss-security/2023/12/18/2", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Mitigation", ], url: "https://www.openwall.com/lists/oss-security/2023/12/20/3", }, { source: "cve@mitre.org", tags: [ "Release Notes", ], url: "https://www.paramiko.org/changelog.html", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", ], url: "https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/", }, { source: "cve@mitre.org", tags: [ "Press/Media Coverage", ], url: "https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/", }, { source: "cve@mitre.org", tags: [ "Exploit", ], url: "https://www.terrapin-attack.com", }, { source: "cve@mitre.org", tags: [ "Press/Media Coverage", ], url: "https://www.theregister.com/2023/12/20/terrapin_attack_ssh", }, { source: "cve@mitre.org", tags: [ "Release Notes", ], url: "https://www.vandyke.com/products/securecrt/history.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://www.openwall.com/lists/oss-security/2023/12/18/3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://www.openwall.com/lists/oss-security/2023/12/19/5", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Mitigation", ], url: "http://www.openwall.com/lists/oss-security/2023/12/20/3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://www.openwall.com/lists/oss-security/2024/03/06/3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://www.openwall.com/lists/oss-security/2024/04/17/8", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/security/cve/cve-2023-48795", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Press/Media Coverage", ], url: "https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://bugs.gentoo.org/920280", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2254210", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://bugzilla.suse.com/show_bug.cgi?id=1217950", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", ], url: "https://crates.io/crates/thrussh/versions", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", ], url: "https://filezilla-project.org/versions.php", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://forum.netgate.com/topic/184941/terrapin-ssh-attack", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", ], url: "https://github.com/NixOS/nixpkgs/pull/275249", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://github.com/PowerShell/Win32-OpenSSH/issues/2189", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", ], url: "https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", ], url: "https://github.com/TeraTermProject/teraterm/releases/tag/v5.1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://github.com/advisories/GHSA-45x7-px36-x8w8", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://github.com/apache/mina-sshd/issues/445", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://github.com/cyd01/KiTTY/issues/520", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", ], url: "https://github.com/drakkan/sftpgo/releases/tag/v2.5.6", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", ], url: "https://github.com/erlang/otp/releases/tag/OTP-26.2.1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://github.com/hierynomus/sshj/issues/916", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://github.com/janmojzis/tinyssh/issues/81", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mitigation", ], url: "https://github.com/libssh2/libssh2/pull/1291", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Product", ], url: "https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://github.com/mwiede/jsch/issues/457", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", ], url: "https://github.com/mwiede/jsch/pull/461", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/openssh/openssh-portable/commits/master", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://github.com/paramiko/paramiko/issues/2337", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", ], url: "https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", ], url: "https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", ], url: "https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://github.com/proftpd/proftpd/issues/456", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", ], url: "https://github.com/rapier1/hpn-ssh/releases", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", ], url: "https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", ], url: "https://github.com/ronf/asyncssh/tags", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://github.com/ssh-mitm/ssh-mitm/issues/165", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", ], url: "https://github.com/warp-tech/russh/releases/tag/v0.40.2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", ], url: "https://gitlab.com/libssh/libssh-mirror/-/tags", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", ], url: "https://help.panic.com/releasenotes/transmit5/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Press/Media Coverage", ], url: "https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", ], url: "https://matt.ucc.asn.au/dropbear/CHANGES", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://news.ycombinator.com/item?id=38684904", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://news.ycombinator.com/item?id=38685286", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://news.ycombinator.com/item?id=38732005", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", ], url: "https://nova.app/releases/#v11.8", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", ], url: "https://oryx-embedded.com/download/#changelog", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", ], url: "https://roumenpetrov.info/secsh/#news20231220", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://security-tracker.debian.org/tracker/CVE-2023-48795", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://security-tracker.debian.org/tracker/source-package/libssh2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://security-tracker.debian.org/tracker/source-package/trilead-ssh2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202312-16", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202312-17", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20240105-0004/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT214084", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://thorntech.com/cve-2023-48795-and-sftp-gateway/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Press/Media Coverage", ], url: "https://twitter.com/TrueSkrillor/status/1736774389725565005", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://ubuntu.com/security/CVE-2023-48795", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", ], url: "https://winscp.net/eng/docs/history#6.2.2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", ], url: "https://www.bitvise.com/ssh-client-version-history#933", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", ], url: "https://www.bitvise.com/ssh-server-version-history", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", ], url: "https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", ], url: "https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://www.debian.org/security/2023/dsa-5586", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://www.debian.org/security/2023/dsa-5588", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", ], url: "https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", ], url: "https://www.netsarang.com/en/xshell-update-history/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", ], url: "https://www.openssh.com/openbsd.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", ], url: "https://www.openssh.com/txt/release-9.6", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "https://www.openwall.com/lists/oss-security/2023/12/18/2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Mitigation", ], url: "https://www.openwall.com/lists/oss-security/2023/12/20/3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", ], url: "https://www.paramiko.org/changelog.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Press/Media Coverage", ], url: "https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "https://www.terrapin-attack.com", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Press/Media Coverage", ], url: "https://www.theregister.com/2023/12/20/terrapin_attack_ssh", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", ], url: "https://www.vandyke.com/products/securecrt/history.txt", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-354", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-07-21 20:15
Modified
2024-11-21 08:17
Severity ?
3.1 (Low) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
A missing allocation check in sftp server processing read requests may cause a NULL dereference on low-memory conditions. The malicious client can request up to 4GB SFTP reads, causing allocation of up to 4GB buffers, which was not being checked for failure. This will likely crash the authenticated user's sftp server connection (if implemented as forking as recommended). For thread-based servers, this might also cause DoS for legitimate users.
Given this code is not in any released versions, no security releases have been issued.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://access.redhat.com/security/cve/CVE-2023-3603 | Third Party Advisory | |
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=2221791 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/security/cve/CVE-2023-3603 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=2221791 | Issue Tracking, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:libssh:libssh:*:*:*:*:*:*:*:*", matchCriteriaId: "B89C71A1-D8CB-4097-9CA4-9FC43574939B", versionEndExcluding: "0.8.9", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A missing allocation check in sftp server processing read requests may cause a NULL dereference on low-memory conditions. The malicious client can request up to 4GB SFTP reads, causing allocation of up to 4GB buffers, which was not being checked for failure. This will likely crash the authenticated user's sftp server connection (if implemented as forking as recommended). For thread-based servers, this might also cause DoS for legitimate users.\r\n\r\nGiven this code is not in any released versions, no security releases have been issued.", }, ], id: "CVE-2023-3603", lastModified: "2024-11-21T08:17:38.737", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 3.1, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, exploitabilityScore: 1.6, impactScore: 1.4, source: "secalert@redhat.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-07-21T20:15:16.587", references: [ { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/security/cve/CVE-2023-3603", }, { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2221791", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/security/cve/CVE-2023-3603", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2221791", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-476", }, ], source: "secalert@redhat.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-476", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-04-13 17:59
Modified
2025-04-12 10:46
Severity ?
Summary
libssh before 0.7.3 improperly truncates ephemeral secrets generated for the (1) diffie-hellman-group1 and (2) diffie-hellman-group14 key exchange methods to 128 bits, which makes it easier for man-in-the-middle attackers to decrypt or intercept SSH sessions via unspecified vectors, aka a "bits/bytes confusion bug."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | enterprise_linux | 7.0 | |
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 15.10 | |
| libssh | libssh | * | |
| fedoraproject | fedora | 22 | |
| fedoraproject | fedora | 23 | |
| debian | debian_linux | 7.0 | |
| debian | debian_linux | 8.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", matchCriteriaId: "142AD0DD-4CF3-4D74-9442-459CE3347E3A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", matchCriteriaId: "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", matchCriteriaId: "B5A6F2F3-4894-4392-8296-3B8DD2679084", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*", matchCriteriaId: "E88A537F-F4D0-46B9-9E37-965233C2A355", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:libssh:libssh:*:*:*:*:*:*:*:*", matchCriteriaId: "7478A2F8-96FC-4542-9130-3DDA890386BC", versionEndIncluding: "0.7.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*", matchCriteriaId: "253C303A-E577-4488-93E6-68A8DD942C38", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*", matchCriteriaId: "E79AB8DD-C907-4038-A931-1A5A4CFB6A5B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", matchCriteriaId: "16F59A04-14CF-49E2-9973-645477EA09DA", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "libssh before 0.7.3 improperly truncates ephemeral secrets generated for the (1) diffie-hellman-group1 and (2) diffie-hellman-group14 key exchange methods to 128 bits, which makes it easier for man-in-the-middle attackers to decrypt or intercept SSH sessions via unspecified vectors, aka a \"bits/bytes confusion bug.\"", }, { lang: "es", value: "libssh en versiones anteriores a 0.7.3 trunca de manera incorrecta secretos efímeros generados para los métodos de intercambio de clave (1) diffie-hellman-group1 y (2) diffie-hellman-group14 a 128 bits, lo que hace más fácil a atacantes man-in-the-middle descifrar o interceptar sesiones SSH a través de vectores no especificados, también conocido como \"bits/bytes confusion bug\".", }, ], id: "CVE-2016-0739", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 2.2, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-04-13T17:59:08.413", references: [ { source: "secalert@redhat.com", url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178058.html", }, { source: "secalert@redhat.com", url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178822.html", }, { source: "secalert@redhat.com", url: "http://lists.opensuse.org/opensuse-updates/2016-03/msg00111.html", }, { source: "secalert@redhat.com", url: "http://rhn.redhat.com/errata/RHSA-2016-0566.html", }, { source: "secalert@redhat.com", url: "http://www.debian.org/security/2016/dsa-3488", }, { source: "secalert@redhat.com", url: "http://www.ubuntu.com/usn/USN-2912-1", }, { source: "secalert@redhat.com", url: "https://puppet.com/security/cve/CVE-2016-0739", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/201606-12", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://www.libssh.org/2016/02/23/libssh-0-7-3-security-and-bugfix-release/", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://www.libssh.org/security/advisories/CVE-2016-0739.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178058.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178822.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-updates/2016-03/msg00111.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2016-0566.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.debian.org/security/2016/dsa-3488", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-2912-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://puppet.com/security/cve/CVE-2016-0739", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/201606-12", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.libssh.org/2016/02/23/libssh-0-7-3-security-and-bugfix-release/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.libssh.org/security/advisories/CVE-2016-0739.txt", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2012-11-30 22:55
Modified
2025-04-11 00:51
Severity ?
Summary
Multiple buffer overflows in libssh before 0.5.3 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:libssh:libssh:*:*:*:*:*:*:*:*", matchCriteriaId: "5C70E449-A62A-4670-8786-093A915EF07C", versionEndIncluding: "0.5.2", vulnerable: true, }, { criteria: "cpe:2.3:a:libssh:libssh:0.4.7:*:*:*:*:*:*:*", matchCriteriaId: "EA0F1552-63D8-4E97-A44A-EF55E8A330B7", vulnerable: true, }, { criteria: "cpe:2.3:a:libssh:libssh:0.4.8:*:*:*:*:*:*:*", matchCriteriaId: "6514D889-F87F-44D1-9C7B-5BE75676DCFF", vulnerable: true, }, { criteria: "cpe:2.3:a:libssh:libssh:0.5.0:*:*:*:*:*:*:*", matchCriteriaId: "A80094C5-1273-43AB-9E1E-096D8B0A60BB", vulnerable: true, }, { criteria: "cpe:2.3:a:libssh:libssh:0.5.0:rc1:*:*:*:*:*:*", matchCriteriaId: "CF67514C-3240-42A4-9996-21E855104C59", vulnerable: true, }, { criteria: "cpe:2.3:a:libssh:libssh:0.5.1:*:*:*:*:*:*:*", matchCriteriaId: "7BBD0BC3-2467-414E-BD82-2A5778B810F9", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple buffer overflows in libssh before 0.5.3 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors.", }, { lang: "es", value: "Múltiples desbordamientos de búfer en libssh antes de v0.5.3 permiten a atacantes remotos provocar una denegación de servicio (caída) o posiblemente ejecutar código arbitrario a través de vectores no especificados.", }, ], id: "CVE-2012-4560", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: true, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2012-11-30T22:55:01.673", references: [ { source: "secalert@redhat.com", url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/093313.html", }, { source: "secalert@redhat.com", url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/093474.html", }, { source: "secalert@redhat.com", url: "http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00002.html", }, { source: "secalert@redhat.com", url: "http://lists.opensuse.org/opensuse-updates/2012-12/msg00016.html", }, { source: "secalert@redhat.com", url: "http://lists.opensuse.org/opensuse-updates/2013-01/msg00021.html", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://www.libssh.org/2012/11/20/libssh-0-5-3-security-release/", }, { source: "secalert@redhat.com", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2012:175", }, { source: "secalert@redhat.com", url: "http://www.openwall.com/lists/oss-security/2012/11/20/3", }, { source: "secalert@redhat.com", url: "http://www.securityfocus.com/bid/56604", }, { source: "secalert@redhat.com", url: "http://www.ubuntu.com/usn/USN-1640-1", }, { source: "secalert@redhat.com", url: "https://bugzilla.redhat.com/show_bug.cgi?id=871614", }, { source: "secalert@redhat.com", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/80219", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/093313.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/093474.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00002.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-updates/2012-12/msg00016.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-updates/2013-01/msg00021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.libssh.org/2012/11/20/libssh-0-5-3-security-release/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2012:175", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2012/11/20/3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/56604", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-1640-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://bugzilla.redhat.com/show_bug.cgi?id=871614", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/80219", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-05-26 18:15
Modified
2024-11-21 07:39
Severity ?
Summary
A NULL pointer dereference was found In libssh during re-keying with algorithm guessing. This issue may allow an authenticated client to cause a denial of service.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| libssh | libssh | * | |
| libssh | libssh | * | |
| fedoraproject | fedora | 37 | |
| debian | debian_linux | 10.0 | |
| redhat | enterprise_linux | 8.0 | |
| redhat | enterprise_linux | 9.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:libssh:libssh:*:*:*:*:*:*:*:*", matchCriteriaId: "4ABFA49F-EB6C-45E4-8347-1E0A0FD65908", versionEndIncluding: "0.9.6", versionStartIncluding: "0.9.1", vulnerable: true, }, { criteria: "cpe:2.3:a:libssh:libssh:*:*:*:*:*:*:*:*", matchCriteriaId: "B02C8B4E-0AD2-44B9-B32A-21986D00F9F5", versionEndIncluding: "0.10.4", versionStartIncluding: "0.10.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*", matchCriteriaId: "E30D0E6F-4AE8-4284-8716-991DFA48CC5D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "F4CFF558-3C47-480D-A2F0-BABF26042943", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "7F6FB57C-2BC7-487C-96DD-132683AEB35D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A NULL pointer dereference was found In libssh during re-keying with algorithm guessing. This issue may allow an authenticated client to cause a denial of service.", }, ], id: "CVE-2023-1667", lastModified: "2024-11-21T07:39:39.170", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-05-26T18:15:10.740", references: [ { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://www.libssh.org/security/advisories/CVE-2023-1667.txt", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/security/cve/CVE-2023-1667", }, { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182199", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2023/05/msg00029.html", }, { source: "secalert@redhat.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/27PD44ALQTZXX7K6JAM3BXBUHYA6DFFN/", }, { source: "secalert@redhat.com", url: "https://security.gentoo.org/glsa/202312-05", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.libssh.org/security/advisories/CVE-2023-1667.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/security/cve/CVE-2023-1667", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182199", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2023/05/msg00029.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/27PD44ALQTZXX7K6JAM3BXBUHYA6DFFN/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.gentoo.org/glsa/202312-05", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-476", }, ], source: "secalert@redhat.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-476", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }