Action not permitted
Modal body text goes here.
Modal Title
Modal Body
usn-8090-1
Vulnerability from osv_ubuntu
Jeremy Brown discovered that the OpenSSH GSSAPI Key Exchange incorrectly handled disconnecting clients. In non-default configurations where the GSSAPIKeyExchange setting is enabled, a remote attacker could use this issue to cause OpenSSH to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2026-3497)
David Leadbeater discovered that OpenSSH incorrectly handled certain control characters in usernames. When untrusted usernames and the ProxyCommand are being used, an attacker could possibly use this issue to execute arbitrary code. (CVE-2025-61984)
David Leadbeater discovered that OpenSSH incorrectly handled NULL characters in ssh:// URIs. When the ProxyCommand is being used, an attacker could possibly use this issue to execute arbitrary code. (CVE-2025-61985)
{
"affected": [
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2025-61984",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2025-61985",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-3497",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:22.04:LTS"
}
},
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "openssh-client",
"binary_version": "1:8.9p1-3ubuntu0.14"
},
{
"binary_name": "openssh-server",
"binary_version": "1:8.9p1-3ubuntu0.14"
},
{
"binary_name": "openssh-sftp-server",
"binary_version": "1:8.9p1-3ubuntu0.14"
},
{
"binary_name": "openssh-tests",
"binary_version": "1:8.9p1-3ubuntu0.14"
},
{
"binary_name": "ssh",
"binary_version": "1:8.9p1-3ubuntu0.14"
},
{
"binary_name": "ssh-askpass-gnome",
"binary_version": "1:8.9p1-3ubuntu0.14"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "openssh",
"purl": "pkg:deb/ubuntu/openssh@1:8.9p1-3ubuntu0.14?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:8.9p1-3ubuntu0.14"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:8.4p1-6ubuntu2",
"1:8.7p1-2",
"1:8.7p1-2build1",
"1:8.7p1-4",
"1:8.8p1-1",
"1:8.9p1-3",
"1:8.9p1-3ubuntu0.1",
"1:8.9p1-3ubuntu0.3",
"1:8.9p1-3ubuntu0.4",
"1:8.9p1-3ubuntu0.5",
"1:8.9p1-3ubuntu0.6",
"1:8.9p1-3ubuntu0.7",
"1:8.9p1-3ubuntu0.10",
"1:8.9p1-3ubuntu0.11",
"1:8.9p1-3ubuntu0.13"
]
},
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2025-61984",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2025-61985",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-3497",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:24.04:LTS"
}
},
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "openssh-client",
"binary_version": "1:9.6p1-3ubuntu13.15"
},
{
"binary_name": "openssh-server",
"binary_version": "1:9.6p1-3ubuntu13.15"
},
{
"binary_name": "openssh-sftp-server",
"binary_version": "1:9.6p1-3ubuntu13.15"
},
{
"binary_name": "openssh-tests",
"binary_version": "1:9.6p1-3ubuntu13.15"
},
{
"binary_name": "ssh",
"binary_version": "1:9.6p1-3ubuntu13.15"
},
{
"binary_name": "ssh-askpass-gnome",
"binary_version": "1:9.6p1-3ubuntu13.15"
}
]
},
"package": {
"ecosystem": "Ubuntu:24.04:LTS",
"name": "openssh",
"purl": "pkg:deb/ubuntu/openssh@1:9.6p1-3ubuntu13.15?arch=source\u0026distro=noble"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:9.6p1-3ubuntu13.15"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:9.3p1-1ubuntu3",
"1:9.4p1-1ubuntu1",
"1:9.6p1-3ubuntu1",
"1:9.6p1-3ubuntu2",
"1:9.6p1-3ubuntu11",
"1:9.6p1-3ubuntu12",
"1:9.6p1-3ubuntu13",
"1:9.6p1-3ubuntu13.3",
"1:9.6p1-3ubuntu13.4",
"1:9.6p1-3ubuntu13.5",
"1:9.6p1-3ubuntu13.7",
"1:9.6p1-3ubuntu13.8",
"1:9.6p1-3ubuntu13.9",
"1:9.6p1-3ubuntu13.11",
"1:9.6p1-3ubuntu13.12",
"1:9.6p1-3ubuntu13.13",
"1:9.6p1-3ubuntu13.14"
]
},
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2025-61984",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2025-61985",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-3497",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:25.10"
}
},
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "openssh-client",
"binary_version": "1:10.0p1-5ubuntu5.1"
},
{
"binary_name": "openssh-client-gssapi",
"binary_version": "1:10.0p1-5ubuntu5.1"
},
{
"binary_name": "openssh-server",
"binary_version": "1:10.0p1-5ubuntu5.1"
},
{
"binary_name": "openssh-server-gssapi",
"binary_version": "1:10.0p1-5ubuntu5.1"
},
{
"binary_name": "openssh-sftp-server",
"binary_version": "1:10.0p1-5ubuntu5.1"
},
{
"binary_name": "openssh-tests",
"binary_version": "1:10.0p1-5ubuntu5.1"
},
{
"binary_name": "ssh",
"binary_version": "1:10.0p1-5ubuntu5.1"
},
{
"binary_name": "ssh-askpass-gnome",
"binary_version": "1:10.0p1-5ubuntu5.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:25.10",
"name": "openssh",
"purl": "pkg:deb/ubuntu/openssh@1:10.0p1-5ubuntu5.1?arch=source\u0026distro=questing"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:10.0p1-5ubuntu5.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:9.9p1-3ubuntu3",
"1:9.9p1-3ubuntu3.1",
"1:10.0p1-5ubuntu2",
"1:10.0p1-5ubuntu3",
"1:10.0p1-5ubuntu4",
"1:10.0p1-5ubuntu5"
]
}
],
"aliases": [],
"details": "Jeremy Brown discovered that the OpenSSH GSSAPI Key Exchange incorrectly\nhandled disconnecting clients. In non-default configurations where the\nGSSAPIKeyExchange setting is enabled, a remote attacker could use this\nissue to cause OpenSSH to crash, resulting in a denial of service, or\npossibly execute arbitrary code. (CVE-2026-3497)\n\nDavid Leadbeater discovered that OpenSSH incorrectly handled certain\ncontrol characters in usernames. When untrusted usernames and the\nProxyCommand are being used, an attacker could possibly use this issue to\nexecute arbitrary code. (CVE-2025-61984)\n\nDavid Leadbeater discovered that OpenSSH incorrectly handled NULL\ncharacters in ssh:// URIs. When the ProxyCommand is being used, an attacker\ncould possibly use this issue to execute arbitrary code. (CVE-2025-61985)",
"id": "USN-8090-1",
"modified": "2026-06-30T15:54:51Z",
"published": "2026-03-12T18:16:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-8090-1"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2025-61984"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2025-61985"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2026-3497"
}
],
"related": [],
"schema_version": "1.7.0",
"summary": "openssh vulnerabilities",
"upstream": [
"UBUNTU-CVE-2025-61984",
"UBUNTU-CVE-2025-61985",
"UBUNTU-CVE-2026-3497"
]
}
ubuntu-cve-2025-61984
Vulnerability from osv_ubuntu
ssh in OpenSSH before 10.1 allows control characters in usernames that originate from certain possibly untrusted sources, potentially leading to code execution when a ProxyCommand is used. The untrusted sources are the command line and %-sequence expansion of a configuration file. (A configuration file that provides a complete literal username is not categorized as an untrusted source.)
{
"affected": [
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "openssh-client",
"binary_version": "1:6.6p1-2ubuntu2.13+esm2"
},
{
"binary_name": "openssh-server",
"binary_version": "1:6.6p1-2ubuntu2.13+esm2"
},
{
"binary_name": "openssh-sftp-server",
"binary_version": "1:6.6p1-2ubuntu2.13+esm2"
},
{
"binary_name": "ssh",
"binary_version": "1:6.6p1-2ubuntu2.13+esm2"
},
{
"binary_name": "ssh-askpass-gnome",
"binary_version": "1:6.6p1-2ubuntu2.13+esm2"
},
{
"binary_name": "ssh-krb5",
"binary_version": "1:6.6p1-2ubuntu2.13+esm2"
}
],
"priority_reason": "This issue is considered minor by OpenSSH developers"
},
"package": {
"ecosystem": "Ubuntu:Pro:14.04:LTS",
"name": "openssh",
"purl": "pkg:deb/ubuntu/openssh@1:6.6p1-2ubuntu2.13+esm2?arch=source\u0026distro=esm-infra-legacy/trusty"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:6.2p2-6",
"1:6.2p2-6ubuntu1",
"1:6.4p1-1",
"1:6.4p1-2",
"1:6.5p1-1",
"1:6.5p1-2",
"1:6.5p1-3",
"1:6.5p1-4",
"1:6.5p1-6",
"1:6.6p1-1",
"1:6.6p1-2",
"1:6.6p1-2ubuntu1",
"1:6.6p1-2ubuntu2",
"1:6.6p1-2ubuntu2.2",
"1:6.6p1-2ubuntu2.3",
"1:6.6p1-2ubuntu2.4",
"1:6.6p1-2ubuntu2.6",
"1:6.6p1-2ubuntu2.7",
"1:6.6p1-2ubuntu2.8",
"1:6.6p1-2ubuntu2.10",
"1:6.6p1-2ubuntu2.11",
"1:6.6p1-2ubuntu2.12",
"1:6.6p1-2ubuntu2.13",
"1:6.6p1-2ubuntu2.13+esm1",
"1:6.6p1-2ubuntu2.13+esm2"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "openssh-client",
"binary_version": "1:7.2p2-4ubuntu2.10+esm8"
},
{
"binary_name": "openssh-client-ssh1",
"binary_version": "1:7.2p2-4ubuntu2.10+esm8"
},
{
"binary_name": "openssh-server",
"binary_version": "1:7.2p2-4ubuntu2.10+esm8"
},
{
"binary_name": "openssh-sftp-server",
"binary_version": "1:7.2p2-4ubuntu2.10+esm8"
},
{
"binary_name": "ssh",
"binary_version": "1:7.2p2-4ubuntu2.10+esm8"
},
{
"binary_name": "ssh-askpass-gnome",
"binary_version": "1:7.2p2-4ubuntu2.10+esm8"
},
{
"binary_name": "ssh-krb5",
"binary_version": "1:7.2p2-4ubuntu2.10+esm8"
}
],
"priority_reason": "This issue is considered minor by OpenSSH developers"
},
"package": {
"ecosystem": "Ubuntu:Pro:16.04:LTS",
"name": "openssh",
"purl": "pkg:deb/ubuntu/openssh@1:7.2p2-4ubuntu2.10+esm8?arch=source\u0026distro=esm-infra-legacy/xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:6.9p1-2",
"1:6.9p1-3",
"1:7.1p1-1",
"1:7.1p1-3",
"1:7.1p1-4",
"1:7.1p1-6",
"1:7.1p2-1",
"1:7.1p2-2",
"1:7.2p1-1",
"1:7.2p2-1",
"1:7.2p2-2",
"1:7.2p2-3",
"1:7.2p2-4",
"1:7.2p2-4ubuntu1",
"1:7.2p2-4ubuntu2.1",
"1:7.2p2-4ubuntu2.2",
"1:7.2p2-4ubuntu2.4",
"1:7.2p2-4ubuntu2.5",
"1:7.2p2-4ubuntu2.6",
"1:7.2p2-4ubuntu2.7",
"1:7.2p2-4ubuntu2.8",
"1:7.2p2-4ubuntu2.10",
"1:7.2p2-4ubuntu2.10+esm1",
"1:7.2p2-4ubuntu2.10+esm2",
"1:7.2p2-4ubuntu2.10+esm3",
"1:7.2p2-4ubuntu2.10+esm4",
"1:7.2p2-4ubuntu2.10+esm5",
"1:7.2p2-4ubuntu2.10+esm6",
"1:7.2p2-4ubuntu2.10+esm7",
"1:7.2p2-4ubuntu2.10+esm8"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "openssh-client",
"binary_version": "1:7.2p2-4ubuntu2.fips.2.10.7"
},
{
"binary_name": "openssh-client-hmac",
"binary_version": "1:7.2p2-4ubuntu2.fips.2.10.7"
},
{
"binary_name": "openssh-client-ssh1",
"binary_version": "1:7.2p2-4ubuntu2.fips.2.10.7"
},
{
"binary_name": "openssh-server",
"binary_version": "1:7.2p2-4ubuntu2.fips.2.10.7"
},
{
"binary_name": "openssh-server-hmac",
"binary_version": "1:7.2p2-4ubuntu2.fips.2.10.7"
},
{
"binary_name": "openssh-sftp-server",
"binary_version": "1:7.2p2-4ubuntu2.fips.2.10.7"
},
{
"binary_name": "ssh",
"binary_version": "1:7.2p2-4ubuntu2.fips.2.10.7"
},
{
"binary_name": "ssh-askpass-gnome",
"binary_version": "1:7.2p2-4ubuntu2.fips.2.10.7"
},
{
"binary_name": "ssh-krb5",
"binary_version": "1:7.2p2-4ubuntu2.fips.2.10.7"
}
],
"priority_reason": "This issue is considered minor by OpenSSH developers"
},
"package": {
"ecosystem": "Ubuntu:Pro:FIPS:16.04:LTS",
"name": "openssh",
"purl": "pkg:deb/ubuntu/openssh@1:7.2p2-4ubuntu2.fips.2.10.7?arch=source\u0026distro=fips-updates/xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:7.2p2-4ubuntu2.fips.2.2.3",
"1:7.2p2-4ubuntu2.fips.2.4.1",
"1:7.2p2-4ubuntu2.fips.2.4.2",
"1:7.2p2-4ubuntu2.fips.2.8.1",
"1:7.2p2-4ubuntu2.fips.2.10.1",
"1:7.2p2-4ubuntu2.fips.2.10.2",
"1:7.2p2-4ubuntu2.fips.2.10.3",
"1:7.2p2-4ubuntu2.fips.2.10.4",
"1:7.2p2-4ubuntu2.fips.2.10.5",
"1:7.2p2-4ubuntu2.fips.2.10.6",
"1:7.2p2-4ubuntu2.fips.2.10.7"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "openssh-client",
"binary_version": "1:7.2p2-4ubuntu2.fips.2.10.1"
},
{
"binary_name": "openssh-client-hmac",
"binary_version": "1:7.2p2-4ubuntu2.fips.2.10.1"
},
{
"binary_name": "openssh-client-ssh1",
"binary_version": "1:7.2p2-4ubuntu2.fips.2.10.1"
},
{
"binary_name": "openssh-server",
"binary_version": "1:7.2p2-4ubuntu2.fips.2.10.1"
},
{
"binary_name": "openssh-server-hmac",
"binary_version": "1:7.2p2-4ubuntu2.fips.2.10.1"
},
{
"binary_name": "openssh-sftp-server",
"binary_version": "1:7.2p2-4ubuntu2.fips.2.10.1"
},
{
"binary_name": "ssh",
"binary_version": "1:7.2p2-4ubuntu2.fips.2.10.1"
},
{
"binary_name": "ssh-askpass-gnome",
"binary_version": "1:7.2p2-4ubuntu2.fips.2.10.1"
},
{
"binary_name": "ssh-krb5",
"binary_version": "1:7.2p2-4ubuntu2.fips.2.10.1"
}
],
"priority_reason": "This issue is considered minor by OpenSSH developers"
},
"package": {
"ecosystem": "Ubuntu:Pro:FIPS:16.04:LTS",
"name": "openssh",
"purl": "pkg:deb/ubuntu/openssh@1:7.2p2-4ubuntu2.fips.2.10.1?arch=source\u0026distro=fips/xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:7.2p2-4ubuntu2.fips.2.2",
"1:7.2p2-4ubuntu2.fips.2.2.1",
"1:7.2p2-4ubuntu2.fips.2.10.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "openssh-client",
"binary_version": "1:7.6p1-4ubuntu0.7+esm4"
},
{
"binary_name": "openssh-server",
"binary_version": "1:7.6p1-4ubuntu0.7+esm4"
},
{
"binary_name": "openssh-sftp-server",
"binary_version": "1:7.6p1-4ubuntu0.7+esm4"
},
{
"binary_name": "ssh",
"binary_version": "1:7.6p1-4ubuntu0.7+esm4"
},
{
"binary_name": "ssh-askpass-gnome",
"binary_version": "1:7.6p1-4ubuntu0.7+esm4"
}
],
"priority_reason": "This issue is considered minor by OpenSSH developers"
},
"package": {
"ecosystem": "Ubuntu:Pro:18.04:LTS",
"name": "openssh",
"purl": "pkg:deb/ubuntu/openssh@1:7.6p1-4ubuntu0.7+esm4?arch=source\u0026distro=esm-infra/bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:7.5p1-10",
"1:7.6p1-4",
"1:7.6p1-4ubuntu0.1",
"1:7.6p1-4ubuntu0.2",
"1:7.6p1-4ubuntu0.3",
"1:7.6p1-4ubuntu0.5",
"1:7.6p1-4ubuntu0.6",
"1:7.6p1-4ubuntu0.7",
"1:7.6p1-4ubuntu0.7+esm1",
"1:7.6p1-4ubuntu0.7+esm2",
"1:7.6p1-4ubuntu0.7+esm3",
"1:7.6p1-4ubuntu0.7+esm4"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "openssh-client-ssh1",
"binary_version": "1:7.5p1-10"
}
],
"priority_reason": "This issue is considered minor by OpenSSH developers"
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "openssh-ssh1",
"purl": "pkg:deb/ubuntu/openssh-ssh1@1:7.5p1-10?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:7.5p1-8",
"1:7.5p1-9",
"1:7.5p1-9build1",
"1:7.5p1-10"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "openssh-client",
"binary_version": "1:7.9p1-10~ubuntu18.04.fips.0.10"
},
{
"binary_name": "openssh-client-hmac",
"binary_version": "1:7.9p1-10~ubuntu18.04.fips.0.10"
},
{
"binary_name": "openssh-server",
"binary_version": "1:7.9p1-10~ubuntu18.04.fips.0.10"
},
{
"binary_name": "openssh-server-hmac",
"binary_version": "1:7.9p1-10~ubuntu18.04.fips.0.10"
},
{
"binary_name": "openssh-sftp-server",
"binary_version": "1:7.9p1-10~ubuntu18.04.fips.0.10"
},
{
"binary_name": "openssh-tests",
"binary_version": "1:7.9p1-10~ubuntu18.04.fips.0.10"
},
{
"binary_name": "ssh",
"binary_version": "1:7.9p1-10~ubuntu18.04.fips.0.10"
},
{
"binary_name": "ssh-askpass-gnome",
"binary_version": "1:7.9p1-10~ubuntu18.04.fips.0.10"
}
],
"priority_reason": "This issue is considered minor by OpenSSH developers"
},
"package": {
"ecosystem": "Ubuntu:Pro:FIPS-updates:18.04:LTS",
"name": "openssh",
"purl": "pkg:deb/ubuntu/openssh@1:7.9p1-10~ubuntu18.04.fips.0.10?arch=source\u0026distro=fips-updates/bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:7.9p1-10~ubuntu18.04.fips.0.1",
"1:7.9p1-10~ubuntu18.04.fips.0.2",
"1:7.9p1-10~ubuntu18.04.fips.0.3",
"1:7.9p1-10~ubuntu18.04.fips.0.4",
"1:7.9p1-10~ubuntu18.04.fips.0.5",
"1:7.9p1-10~ubuntu18.04.fips.0.6",
"1:7.9p1-10~ubuntu18.04.fips.0.7",
"1:7.9p1-10~ubuntu18.04.fips.0.8",
"1:7.9p1-10~ubuntu18.04.fips.0.9",
"1:7.9p1-10~ubuntu18.04.fips.0.10"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "openssh-client",
"binary_version": "1:7.9p1-10~ubuntu18.04.fips.0.2"
},
{
"binary_name": "openssh-client-hmac",
"binary_version": "1:7.9p1-10~ubuntu18.04.fips.0.2"
},
{
"binary_name": "openssh-server",
"binary_version": "1:7.9p1-10~ubuntu18.04.fips.0.2"
},
{
"binary_name": "openssh-server-hmac",
"binary_version": "1:7.9p1-10~ubuntu18.04.fips.0.2"
},
{
"binary_name": "openssh-sftp-server",
"binary_version": "1:7.9p1-10~ubuntu18.04.fips.0.2"
},
{
"binary_name": "openssh-tests",
"binary_version": "1:7.9p1-10~ubuntu18.04.fips.0.2"
},
{
"binary_name": "ssh",
"binary_version": "1:7.9p1-10~ubuntu18.04.fips.0.2"
},
{
"binary_name": "ssh-askpass-gnome",
"binary_version": "1:7.9p1-10~ubuntu18.04.fips.0.2"
}
],
"priority_reason": "This issue is considered minor by OpenSSH developers"
},
"package": {
"ecosystem": "Ubuntu:Pro:FIPS:18.04:LTS",
"name": "openssh",
"purl": "pkg:deb/ubuntu/openssh@1:7.9p1-10~ubuntu18.04.fips.0.2?arch=source\u0026distro=fips/bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:7.9p1-10~ubuntu18.04.fips.0.1",
"1:7.9p1-10~ubuntu18.04.fips.0.2"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "openssh-client",
"binary_version": "1:8.2p1-4ubuntu0.13+esm1"
},
{
"binary_name": "openssh-server",
"binary_version": "1:8.2p1-4ubuntu0.13+esm1"
},
{
"binary_name": "openssh-sftp-server",
"binary_version": "1:8.2p1-4ubuntu0.13+esm1"
},
{
"binary_name": "openssh-tests",
"binary_version": "1:8.2p1-4ubuntu0.13+esm1"
},
{
"binary_name": "ssh",
"binary_version": "1:8.2p1-4ubuntu0.13+esm1"
},
{
"binary_name": "ssh-askpass-gnome",
"binary_version": "1:8.2p1-4ubuntu0.13+esm1"
}
],
"priority_reason": "This issue is considered minor by OpenSSH developers"
},
"package": {
"ecosystem": "Ubuntu:Pro:20.04:LTS",
"name": "openssh",
"purl": "pkg:deb/ubuntu/openssh@1:8.2p1-4ubuntu0.13+esm1?arch=source\u0026distro=esm-infra/focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:8.2p1-4ubuntu0.13+esm1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:8.0p1-6build1",
"1:8.1p1-1",
"1:8.1p1-5",
"1:8.2p1-4",
"1:8.2p1-4ubuntu0.1",
"1:8.2p1-4ubuntu0.2",
"1:8.2p1-4ubuntu0.3",
"1:8.2p1-4ubuntu0.4",
"1:8.2p1-4ubuntu0.5",
"1:8.2p1-4ubuntu0.7",
"1:8.2p1-4ubuntu0.8",
"1:8.2p1-4ubuntu0.9",
"1:8.2p1-4ubuntu0.10",
"1:8.2p1-4ubuntu0.11",
"1:8.2p1-4ubuntu0.12",
"1:8.2p1-4ubuntu0.13"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "openssh-client-ssh1",
"binary_version": "1:7.5p1-11build1"
}
],
"priority_reason": "This issue is considered minor by OpenSSH developers"
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "openssh-ssh1",
"purl": "pkg:deb/ubuntu/openssh-ssh1@1:7.5p1-11build1?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:7.5p1-11build1"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "openssh-client",
"binary_version": "1:8.2p1-4ubuntu0.fips.0.13.1"
},
{
"binary_name": "openssh-server",
"binary_version": "1:8.2p1-4ubuntu0.fips.0.13.1"
},
{
"binary_name": "openssh-sftp-server",
"binary_version": "1:8.2p1-4ubuntu0.fips.0.13.1"
},
{
"binary_name": "openssh-tests",
"binary_version": "1:8.2p1-4ubuntu0.fips.0.13.1"
},
{
"binary_name": "ssh",
"binary_version": "1:8.2p1-4ubuntu0.fips.0.13.1"
},
{
"binary_name": "ssh-askpass-gnome",
"binary_version": "1:8.2p1-4ubuntu0.fips.0.13.1"
}
],
"priority_reason": "This issue is considered minor by OpenSSH developers"
},
"package": {
"ecosystem": "Ubuntu:Pro:FIPS-updates:20.04:LTS",
"name": "openssh",
"purl": "pkg:deb/ubuntu/openssh@1:8.2p1-4ubuntu0.fips.0.13.1?arch=source\u0026distro=fips-updates/focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:8.2p1-4ubuntu0.fips.0.13.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:8.2p1-4ubuntu0.fips.0.2.1",
"1:8.2p1-4ubuntu0.fips.0.4.0",
"1:8.2p1-4ubuntu0.fips.0.5.0",
"1:8.2p1-4ubuntu0.fips.0.7",
"1:8.2p1-4ubuntu0.fips.0.8",
"1:8.2p1-4ubuntu0.fips.0.9",
"1:8.2p1-4ubuntu0.fips.0.10",
"1:8.2p1-4ubuntu0.fips.0.11",
"1:8.2p1-4ubuntu0.fips.0.12",
"1:8.2p1-4ubuntu0.fips.0.13"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "openssh-client",
"binary_version": "1:8.2p1-4ubuntu0.fips.0.2.1"
},
{
"binary_name": "openssh-server",
"binary_version": "1:8.2p1-4ubuntu0.fips.0.2.1"
},
{
"binary_name": "openssh-sftp-server",
"binary_version": "1:8.2p1-4ubuntu0.fips.0.2.1"
},
{
"binary_name": "openssh-tests",
"binary_version": "1:8.2p1-4ubuntu0.fips.0.2.1"
},
{
"binary_name": "ssh",
"binary_version": "1:8.2p1-4ubuntu0.fips.0.2.1"
},
{
"binary_name": "ssh-askpass-gnome",
"binary_version": "1:8.2p1-4ubuntu0.fips.0.2.1"
}
],
"priority_reason": "This issue is considered minor by OpenSSH developers"
},
"package": {
"ecosystem": "Ubuntu:Pro:FIPS:20.04:LTS",
"name": "openssh",
"purl": "pkg:deb/ubuntu/openssh@1:8.2p1-4ubuntu0.fips.0.2.1?arch=source\u0026distro=fips/focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:8.2p1-4ubuntu0.fips.0.2.1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "openssh-client",
"binary_version": "1:8.9p1-3ubuntu0.14"
},
{
"binary_name": "openssh-server",
"binary_version": "1:8.9p1-3ubuntu0.14"
},
{
"binary_name": "openssh-sftp-server",
"binary_version": "1:8.9p1-3ubuntu0.14"
},
{
"binary_name": "openssh-tests",
"binary_version": "1:8.9p1-3ubuntu0.14"
},
{
"binary_name": "ssh",
"binary_version": "1:8.9p1-3ubuntu0.14"
},
{
"binary_name": "ssh-askpass-gnome",
"binary_version": "1:8.9p1-3ubuntu0.14"
}
],
"priority_reason": "This issue is considered minor by OpenSSH developers"
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "openssh",
"purl": "pkg:deb/ubuntu/openssh@1:8.9p1-3ubuntu0.14?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:8.9p1-3ubuntu0.14"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:8.4p1-6ubuntu2",
"1:8.7p1-2",
"1:8.7p1-2build1",
"1:8.7p1-4",
"1:8.8p1-1",
"1:8.9p1-3",
"1:8.9p1-3ubuntu0.1",
"1:8.9p1-3ubuntu0.3",
"1:8.9p1-3ubuntu0.4",
"1:8.9p1-3ubuntu0.5",
"1:8.9p1-3ubuntu0.6",
"1:8.9p1-3ubuntu0.7",
"1:8.9p1-3ubuntu0.10",
"1:8.9p1-3ubuntu0.11",
"1:8.9p1-3ubuntu0.13"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "openssh-client-ssh1",
"binary_version": "1:7.5p1-13"
}
],
"priority_reason": "This issue is considered minor by OpenSSH developers"
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "openssh-ssh1",
"purl": "pkg:deb/ubuntu/openssh-ssh1@1:7.5p1-13?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:7.5p1-12",
"1:7.5p1-12build1",
"1:7.5p1-13"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "openssh-client",
"binary_version": "1:8.9p1-3ubuntu1.fips.0~ppa3"
},
{
"binary_name": "openssh-server",
"binary_version": "1:8.9p1-3ubuntu1.fips.0~ppa3"
},
{
"binary_name": "openssh-sftp-server",
"binary_version": "1:8.9p1-3ubuntu1.fips.0~ppa3"
},
{
"binary_name": "openssh-tests",
"binary_version": "1:8.9p1-3ubuntu1.fips.0~ppa3"
},
{
"binary_name": "ssh",
"binary_version": "1:8.9p1-3ubuntu1.fips.0~ppa3"
},
{
"binary_name": "ssh-askpass-gnome",
"binary_version": "1:8.9p1-3ubuntu1.fips.0~ppa3"
}
],
"priority_reason": "This issue is considered minor by OpenSSH developers"
},
"package": {
"ecosystem": "Ubuntu:Pro:FIPS-preview:22.04:LTS",
"name": "openssh",
"purl": "pkg:deb/ubuntu/openssh@1:8.9p1-3ubuntu1.fips.0~ppa3?arch=source\u0026distro=fips-preview/jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:8.9p1-3ubuntu0.4+Fips1",
"1:8.9p1-3ubuntu0.4+Fips3",
"1:8.9p1-3ubuntu1.fips.0~ppa3"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "openssh-client",
"binary_version": "1:8.9p1-3ubuntu0.14+Fips1"
},
{
"binary_name": "openssh-server",
"binary_version": "1:8.9p1-3ubuntu0.14+Fips1"
},
{
"binary_name": "openssh-sftp-server",
"binary_version": "1:8.9p1-3ubuntu0.14+Fips1"
},
{
"binary_name": "openssh-tests",
"binary_version": "1:8.9p1-3ubuntu0.14+Fips1"
},
{
"binary_name": "ssh",
"binary_version": "1:8.9p1-3ubuntu0.14+Fips1"
},
{
"binary_name": "ssh-askpass-gnome",
"binary_version": "1:8.9p1-3ubuntu0.14+Fips1"
}
],
"priority_reason": "This issue is considered minor by OpenSSH developers"
},
"package": {
"ecosystem": "Ubuntu:Pro:FIPS-updates:22.04:LTS",
"name": "openssh",
"purl": "pkg:deb/ubuntu/openssh@1:8.9p1-3ubuntu0.14+Fips1?arch=source\u0026distro=fips-updates/jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:8.9p1-3ubuntu0.14+Fips1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:8.9p1-3ubuntu0.4+Fips1",
"1:8.9p1-3ubuntu0.4+Fips3",
"1:8.9p1-3ubuntu0.6+Fips1",
"1:8.9p1-3ubuntu0.7+Fips1",
"1:8.9p1-3ubuntu0.10+Fips1",
"1:8.9p1-3ubuntu0.11+Fips1",
"1:8.9p1-3ubuntu0.13+Fips1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "openssh-client",
"binary_version": "1:9.6p1-3ubuntu13.15"
},
{
"binary_name": "openssh-server",
"binary_version": "1:9.6p1-3ubuntu13.15"
},
{
"binary_name": "openssh-sftp-server",
"binary_version": "1:9.6p1-3ubuntu13.15"
},
{
"binary_name": "openssh-tests",
"binary_version": "1:9.6p1-3ubuntu13.15"
},
{
"binary_name": "ssh",
"binary_version": "1:9.6p1-3ubuntu13.15"
},
{
"binary_name": "ssh-askpass-gnome",
"binary_version": "1:9.6p1-3ubuntu13.15"
}
],
"priority_reason": "This issue is considered minor by OpenSSH developers"
},
"package": {
"ecosystem": "Ubuntu:24.04:LTS",
"name": "openssh",
"purl": "pkg:deb/ubuntu/openssh@1:9.6p1-3ubuntu13.15?arch=source\u0026distro=noble"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:9.6p1-3ubuntu13.15"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:9.3p1-1ubuntu3",
"1:9.4p1-1ubuntu1",
"1:9.6p1-3ubuntu1",
"1:9.6p1-3ubuntu2",
"1:9.6p1-3ubuntu11",
"1:9.6p1-3ubuntu12",
"1:9.6p1-3ubuntu13",
"1:9.6p1-3ubuntu13.3",
"1:9.6p1-3ubuntu13.4",
"1:9.6p1-3ubuntu13.5",
"1:9.6p1-3ubuntu13.7",
"1:9.6p1-3ubuntu13.8",
"1:9.6p1-3ubuntu13.9",
"1:9.6p1-3ubuntu13.11",
"1:9.6p1-3ubuntu13.12",
"1:9.6p1-3ubuntu13.13",
"1:9.6p1-3ubuntu13.14"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "openssh-client-ssh1",
"binary_version": "1:7.5p1-16"
}
],
"priority_reason": "This issue is considered minor by OpenSSH developers"
},
"package": {
"ecosystem": "Ubuntu:24.04:LTS",
"name": "openssh-ssh1",
"purl": "pkg:deb/ubuntu/openssh-ssh1@1:7.5p1-16?arch=source\u0026distro=noble"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:7.5p1-14",
"1:7.5p1-15",
"1:7.5p1-15build1",
"1:7.5p1-16"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "openssh-client",
"binary_version": "1:9.6p1-3ubuntu13.15+Fips1"
},
{
"binary_name": "openssh-server",
"binary_version": "1:9.6p1-3ubuntu13.15+Fips1"
},
{
"binary_name": "openssh-sftp-server",
"binary_version": "1:9.6p1-3ubuntu13.15+Fips1"
},
{
"binary_name": "openssh-tests",
"binary_version": "1:9.6p1-3ubuntu13.15+Fips1"
},
{
"binary_name": "ssh",
"binary_version": "1:9.6p1-3ubuntu13.15+Fips1"
},
{
"binary_name": "ssh-askpass-gnome",
"binary_version": "1:9.6p1-3ubuntu13.15+Fips1"
}
],
"priority_reason": "This issue is considered minor by OpenSSH developers"
},
"package": {
"ecosystem": "Ubuntu:Pro:FIPS-updates:24.04:LTS",
"name": "openssh",
"purl": "pkg:deb/ubuntu/openssh@1:9.6p1-3ubuntu13.15+Fips1?arch=source\u0026distro=fips-updates/noble"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:9.6p1-3ubuntu13.15+Fips1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:9.6p1-3ubuntu13.7+Fips1",
"1:9.6p1-3ubuntu13.12+Fips1",
"1:9.6p1-3ubuntu13.13+Fips1",
"1:9.6p1-3ubuntu13.14+Fips1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "openssh-client",
"binary_version": "1:10.0p1-5ubuntu5.1"
},
{
"binary_name": "openssh-client-gssapi",
"binary_version": "1:10.0p1-5ubuntu5.1"
},
{
"binary_name": "openssh-server",
"binary_version": "1:10.0p1-5ubuntu5.1"
},
{
"binary_name": "openssh-server-gssapi",
"binary_version": "1:10.0p1-5ubuntu5.1"
},
{
"binary_name": "openssh-sftp-server",
"binary_version": "1:10.0p1-5ubuntu5.1"
},
{
"binary_name": "openssh-tests",
"binary_version": "1:10.0p1-5ubuntu5.1"
},
{
"binary_name": "ssh",
"binary_version": "1:10.0p1-5ubuntu5.1"
},
{
"binary_name": "ssh-askpass-gnome",
"binary_version": "1:10.0p1-5ubuntu5.1"
}
],
"priority_reason": "This issue is considered minor by OpenSSH developers"
},
"package": {
"ecosystem": "Ubuntu:25.10",
"name": "openssh",
"purl": "pkg:deb/ubuntu/openssh@1:10.0p1-5ubuntu5.1?arch=source\u0026distro=questing"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:10.0p1-5ubuntu5.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:9.9p1-3ubuntu3",
"1:9.9p1-3ubuntu3.1",
"1:10.0p1-5ubuntu2",
"1:10.0p1-5ubuntu3",
"1:10.0p1-5ubuntu4",
"1:10.0p1-5ubuntu5"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "openssh-client-ssh1",
"binary_version": "1:7.5p1-17"
}
],
"priority_reason": "This issue is considered minor by OpenSSH developers"
},
"package": {
"ecosystem": "Ubuntu:25.10",
"name": "openssh-ssh1",
"purl": "pkg:deb/ubuntu/openssh-ssh1@1:7.5p1-17?arch=source\u0026distro=questing"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:7.5p1-17"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "openssh-client",
"binary_version": "1:10.2p1-2ubuntu1"
},
{
"binary_name": "openssh-client-gssapi",
"binary_version": "1:10.2p1-2ubuntu1"
},
{
"binary_name": "openssh-server",
"binary_version": "1:10.2p1-2ubuntu1"
},
{
"binary_name": "openssh-server-gssapi",
"binary_version": "1:10.2p1-2ubuntu1"
},
{
"binary_name": "openssh-sftp-server",
"binary_version": "1:10.2p1-2ubuntu1"
},
{
"binary_name": "openssh-tests",
"binary_version": "1:10.2p1-2ubuntu1"
},
{
"binary_name": "ssh",
"binary_version": "1:10.2p1-2ubuntu1"
},
{
"binary_name": "ssh-askpass-gnome",
"binary_version": "1:10.2p1-2ubuntu1"
}
],
"priority_reason": "This issue is considered minor by OpenSSH developers"
},
"package": {
"ecosystem": "Ubuntu:26.04:LTS",
"name": "openssh",
"purl": "pkg:deb/ubuntu/openssh@1:10.2p1-2ubuntu1?arch=source\u0026distro=resolute"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:10.2p1-2ubuntu1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:10.0p1-5ubuntu5"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "openssh-client-ssh1",
"binary_version": "1:7.5p1-18"
}
],
"priority_reason": "This issue is considered minor by OpenSSH developers"
},
"package": {
"ecosystem": "Ubuntu:26.04:LTS",
"name": "openssh-ssh1",
"purl": "pkg:deb/ubuntu/openssh-ssh1@1:7.5p1-18?arch=source\u0026distro=resolute"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:7.5p1-17",
"1:7.5p1-18"
]
}
],
"aliases": [],
"details": "ssh in OpenSSH before 10.1 allows control characters in usernames that originate from certain possibly untrusted sources, potentially leading to code execution when a ProxyCommand is used. The untrusted sources are the command line and %-sequence expansion of a configuration file. (A configuration file that provides a complete literal username is not categorized as an untrusted source.)",
"id": "UBUNTU-CVE-2025-61984",
"modified": "2026-07-06T18:35:58Z",
"published": "2025-10-06T19:15:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2025-61984"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61984"
},
{
"type": "REPORT",
"url": "https://www.openwall.com/lists/oss-security/2025/10/06/1"
},
{
"type": "REPORT",
"url": "https://marc.info/?l=openssh-unix-dev\u0026m=175974522032149\u0026w=2"
},
{
"type": "REPORT",
"url": "https://www.openssh.com/releasenotes.html#10.1p1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-8090-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-8090-2"
}
],
"related": [
"USN-8090-1",
"USN-8090-2"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2025-61984"
]
}
ubuntu-cve-2025-61985
Vulnerability from osv_ubuntu
ssh in OpenSSH before 10.1 allows the '\0' character in an ssh:// URI, potentially leading to code execution when a ProxyCommand is used.
| URL | Type | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"affected": [
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "openssh-client",
"binary_version": "1:7.2p2-4ubuntu2.fips.2.10.7"
},
{
"binary_name": "openssh-client-hmac",
"binary_version": "1:7.2p2-4ubuntu2.fips.2.10.7"
},
{
"binary_name": "openssh-client-ssh1",
"binary_version": "1:7.2p2-4ubuntu2.fips.2.10.7"
},
{
"binary_name": "openssh-server",
"binary_version": "1:7.2p2-4ubuntu2.fips.2.10.7"
},
{
"binary_name": "openssh-server-hmac",
"binary_version": "1:7.2p2-4ubuntu2.fips.2.10.7"
},
{
"binary_name": "openssh-sftp-server",
"binary_version": "1:7.2p2-4ubuntu2.fips.2.10.7"
},
{
"binary_name": "ssh",
"binary_version": "1:7.2p2-4ubuntu2.fips.2.10.7"
},
{
"binary_name": "ssh-askpass-gnome",
"binary_version": "1:7.2p2-4ubuntu2.fips.2.10.7"
},
{
"binary_name": "ssh-krb5",
"binary_version": "1:7.2p2-4ubuntu2.fips.2.10.7"
}
],
"priority_reason": "This issue is considered minor by OpenSSH developers"
},
"package": {
"ecosystem": "Ubuntu:Pro:FIPS:16.04:LTS",
"name": "openssh",
"purl": "pkg:deb/ubuntu/openssh@1:7.2p2-4ubuntu2.fips.2.10.7?arch=source\u0026distro=fips-updates/xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:7.2p2-4ubuntu2.fips.2.2.3",
"1:7.2p2-4ubuntu2.fips.2.4.1",
"1:7.2p2-4ubuntu2.fips.2.4.2",
"1:7.2p2-4ubuntu2.fips.2.8.1",
"1:7.2p2-4ubuntu2.fips.2.10.1",
"1:7.2p2-4ubuntu2.fips.2.10.2",
"1:7.2p2-4ubuntu2.fips.2.10.3",
"1:7.2p2-4ubuntu2.fips.2.10.4",
"1:7.2p2-4ubuntu2.fips.2.10.5",
"1:7.2p2-4ubuntu2.fips.2.10.6",
"1:7.2p2-4ubuntu2.fips.2.10.7"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "openssh-client",
"binary_version": "1:7.2p2-4ubuntu2.fips.2.10.1"
},
{
"binary_name": "openssh-client-hmac",
"binary_version": "1:7.2p2-4ubuntu2.fips.2.10.1"
},
{
"binary_name": "openssh-client-ssh1",
"binary_version": "1:7.2p2-4ubuntu2.fips.2.10.1"
},
{
"binary_name": "openssh-server",
"binary_version": "1:7.2p2-4ubuntu2.fips.2.10.1"
},
{
"binary_name": "openssh-server-hmac",
"binary_version": "1:7.2p2-4ubuntu2.fips.2.10.1"
},
{
"binary_name": "openssh-sftp-server",
"binary_version": "1:7.2p2-4ubuntu2.fips.2.10.1"
},
{
"binary_name": "ssh",
"binary_version": "1:7.2p2-4ubuntu2.fips.2.10.1"
},
{
"binary_name": "ssh-askpass-gnome",
"binary_version": "1:7.2p2-4ubuntu2.fips.2.10.1"
},
{
"binary_name": "ssh-krb5",
"binary_version": "1:7.2p2-4ubuntu2.fips.2.10.1"
}
],
"priority_reason": "This issue is considered minor by OpenSSH developers"
},
"package": {
"ecosystem": "Ubuntu:Pro:FIPS:16.04:LTS",
"name": "openssh",
"purl": "pkg:deb/ubuntu/openssh@1:7.2p2-4ubuntu2.fips.2.10.1?arch=source\u0026distro=fips/xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:7.2p2-4ubuntu2.fips.2.2",
"1:7.2p2-4ubuntu2.fips.2.2.1",
"1:7.2p2-4ubuntu2.fips.2.10.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "openssh-client-ssh1",
"binary_version": "1:7.5p1-10"
}
],
"priority_reason": "This issue is considered minor by OpenSSH developers"
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "openssh-ssh1",
"purl": "pkg:deb/ubuntu/openssh-ssh1@1:7.5p1-10?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:7.5p1-8",
"1:7.5p1-9",
"1:7.5p1-9build1",
"1:7.5p1-10"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "openssh-client",
"binary_version": "1:7.9p1-10~ubuntu18.04.fips.0.10"
},
{
"binary_name": "openssh-client-hmac",
"binary_version": "1:7.9p1-10~ubuntu18.04.fips.0.10"
},
{
"binary_name": "openssh-server",
"binary_version": "1:7.9p1-10~ubuntu18.04.fips.0.10"
},
{
"binary_name": "openssh-server-hmac",
"binary_version": "1:7.9p1-10~ubuntu18.04.fips.0.10"
},
{
"binary_name": "openssh-sftp-server",
"binary_version": "1:7.9p1-10~ubuntu18.04.fips.0.10"
},
{
"binary_name": "openssh-tests",
"binary_version": "1:7.9p1-10~ubuntu18.04.fips.0.10"
},
{
"binary_name": "ssh",
"binary_version": "1:7.9p1-10~ubuntu18.04.fips.0.10"
},
{
"binary_name": "ssh-askpass-gnome",
"binary_version": "1:7.9p1-10~ubuntu18.04.fips.0.10"
}
],
"priority_reason": "This issue is considered minor by OpenSSH developers"
},
"package": {
"ecosystem": "Ubuntu:Pro:FIPS-updates:18.04:LTS",
"name": "openssh",
"purl": "pkg:deb/ubuntu/openssh@1:7.9p1-10~ubuntu18.04.fips.0.10?arch=source\u0026distro=fips-updates/bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:7.9p1-10~ubuntu18.04.fips.0.1",
"1:7.9p1-10~ubuntu18.04.fips.0.2",
"1:7.9p1-10~ubuntu18.04.fips.0.3",
"1:7.9p1-10~ubuntu18.04.fips.0.4",
"1:7.9p1-10~ubuntu18.04.fips.0.5",
"1:7.9p1-10~ubuntu18.04.fips.0.6",
"1:7.9p1-10~ubuntu18.04.fips.0.7",
"1:7.9p1-10~ubuntu18.04.fips.0.8",
"1:7.9p1-10~ubuntu18.04.fips.0.9",
"1:7.9p1-10~ubuntu18.04.fips.0.10"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "openssh-client",
"binary_version": "1:7.9p1-10~ubuntu18.04.fips.0.2"
},
{
"binary_name": "openssh-client-hmac",
"binary_version": "1:7.9p1-10~ubuntu18.04.fips.0.2"
},
{
"binary_name": "openssh-server",
"binary_version": "1:7.9p1-10~ubuntu18.04.fips.0.2"
},
{
"binary_name": "openssh-server-hmac",
"binary_version": "1:7.9p1-10~ubuntu18.04.fips.0.2"
},
{
"binary_name": "openssh-sftp-server",
"binary_version": "1:7.9p1-10~ubuntu18.04.fips.0.2"
},
{
"binary_name": "openssh-tests",
"binary_version": "1:7.9p1-10~ubuntu18.04.fips.0.2"
},
{
"binary_name": "ssh",
"binary_version": "1:7.9p1-10~ubuntu18.04.fips.0.2"
},
{
"binary_name": "ssh-askpass-gnome",
"binary_version": "1:7.9p1-10~ubuntu18.04.fips.0.2"
}
],
"priority_reason": "This issue is considered minor by OpenSSH developers"
},
"package": {
"ecosystem": "Ubuntu:Pro:FIPS:18.04:LTS",
"name": "openssh",
"purl": "pkg:deb/ubuntu/openssh@1:7.9p1-10~ubuntu18.04.fips.0.2?arch=source\u0026distro=fips/bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:7.9p1-10~ubuntu18.04.fips.0.1",
"1:7.9p1-10~ubuntu18.04.fips.0.2"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "openssh-client",
"binary_version": "1:8.2p1-4ubuntu0.13+esm1"
},
{
"binary_name": "openssh-server",
"binary_version": "1:8.2p1-4ubuntu0.13+esm1"
},
{
"binary_name": "openssh-sftp-server",
"binary_version": "1:8.2p1-4ubuntu0.13+esm1"
},
{
"binary_name": "openssh-tests",
"binary_version": "1:8.2p1-4ubuntu0.13+esm1"
},
{
"binary_name": "ssh",
"binary_version": "1:8.2p1-4ubuntu0.13+esm1"
},
{
"binary_name": "ssh-askpass-gnome",
"binary_version": "1:8.2p1-4ubuntu0.13+esm1"
}
],
"priority_reason": "This issue is considered minor by OpenSSH developers"
},
"package": {
"ecosystem": "Ubuntu:Pro:20.04:LTS",
"name": "openssh",
"purl": "pkg:deb/ubuntu/openssh@1:8.2p1-4ubuntu0.13+esm1?arch=source\u0026distro=esm-infra/focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:8.2p1-4ubuntu0.13+esm1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:8.0p1-6build1",
"1:8.1p1-1",
"1:8.1p1-5",
"1:8.2p1-4",
"1:8.2p1-4ubuntu0.1",
"1:8.2p1-4ubuntu0.2",
"1:8.2p1-4ubuntu0.3",
"1:8.2p1-4ubuntu0.4",
"1:8.2p1-4ubuntu0.5",
"1:8.2p1-4ubuntu0.7",
"1:8.2p1-4ubuntu0.8",
"1:8.2p1-4ubuntu0.9",
"1:8.2p1-4ubuntu0.10",
"1:8.2p1-4ubuntu0.11",
"1:8.2p1-4ubuntu0.12",
"1:8.2p1-4ubuntu0.13"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "openssh-client-ssh1",
"binary_version": "1:7.5p1-11build1"
}
],
"priority_reason": "This issue is considered minor by OpenSSH developers"
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "openssh-ssh1",
"purl": "pkg:deb/ubuntu/openssh-ssh1@1:7.5p1-11build1?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:7.5p1-11build1"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "openssh-client",
"binary_version": "1:8.2p1-4ubuntu0.fips.0.13.1"
},
{
"binary_name": "openssh-server",
"binary_version": "1:8.2p1-4ubuntu0.fips.0.13.1"
},
{
"binary_name": "openssh-sftp-server",
"binary_version": "1:8.2p1-4ubuntu0.fips.0.13.1"
},
{
"binary_name": "openssh-tests",
"binary_version": "1:8.2p1-4ubuntu0.fips.0.13.1"
},
{
"binary_name": "ssh",
"binary_version": "1:8.2p1-4ubuntu0.fips.0.13.1"
},
{
"binary_name": "ssh-askpass-gnome",
"binary_version": "1:8.2p1-4ubuntu0.fips.0.13.1"
}
],
"priority_reason": "This issue is considered minor by OpenSSH developers"
},
"package": {
"ecosystem": "Ubuntu:Pro:FIPS-updates:20.04:LTS",
"name": "openssh",
"purl": "pkg:deb/ubuntu/openssh@1:8.2p1-4ubuntu0.fips.0.13.1?arch=source\u0026distro=fips-updates/focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:8.2p1-4ubuntu0.fips.0.13.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:8.2p1-4ubuntu0.fips.0.2.1",
"1:8.2p1-4ubuntu0.fips.0.4.0",
"1:8.2p1-4ubuntu0.fips.0.5.0",
"1:8.2p1-4ubuntu0.fips.0.7",
"1:8.2p1-4ubuntu0.fips.0.8",
"1:8.2p1-4ubuntu0.fips.0.9",
"1:8.2p1-4ubuntu0.fips.0.10",
"1:8.2p1-4ubuntu0.fips.0.11",
"1:8.2p1-4ubuntu0.fips.0.12",
"1:8.2p1-4ubuntu0.fips.0.13"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "openssh-client",
"binary_version": "1:8.2p1-4ubuntu0.fips.0.2.1"
},
{
"binary_name": "openssh-server",
"binary_version": "1:8.2p1-4ubuntu0.fips.0.2.1"
},
{
"binary_name": "openssh-sftp-server",
"binary_version": "1:8.2p1-4ubuntu0.fips.0.2.1"
},
{
"binary_name": "openssh-tests",
"binary_version": "1:8.2p1-4ubuntu0.fips.0.2.1"
},
{
"binary_name": "ssh",
"binary_version": "1:8.2p1-4ubuntu0.fips.0.2.1"
},
{
"binary_name": "ssh-askpass-gnome",
"binary_version": "1:8.2p1-4ubuntu0.fips.0.2.1"
}
],
"priority_reason": "This issue is considered minor by OpenSSH developers"
},
"package": {
"ecosystem": "Ubuntu:Pro:FIPS:20.04:LTS",
"name": "openssh",
"purl": "pkg:deb/ubuntu/openssh@1:8.2p1-4ubuntu0.fips.0.2.1?arch=source\u0026distro=fips/focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:8.2p1-4ubuntu0.fips.0.2.1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "openssh-client",
"binary_version": "1:8.9p1-3ubuntu0.14"
},
{
"binary_name": "openssh-server",
"binary_version": "1:8.9p1-3ubuntu0.14"
},
{
"binary_name": "openssh-sftp-server",
"binary_version": "1:8.9p1-3ubuntu0.14"
},
{
"binary_name": "openssh-tests",
"binary_version": "1:8.9p1-3ubuntu0.14"
},
{
"binary_name": "ssh",
"binary_version": "1:8.9p1-3ubuntu0.14"
},
{
"binary_name": "ssh-askpass-gnome",
"binary_version": "1:8.9p1-3ubuntu0.14"
}
],
"priority_reason": "This issue is considered minor by OpenSSH developers"
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "openssh",
"purl": "pkg:deb/ubuntu/openssh@1:8.9p1-3ubuntu0.14?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:8.9p1-3ubuntu0.14"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:8.4p1-6ubuntu2",
"1:8.7p1-2",
"1:8.7p1-2build1",
"1:8.7p1-4",
"1:8.8p1-1",
"1:8.9p1-3",
"1:8.9p1-3ubuntu0.1",
"1:8.9p1-3ubuntu0.3",
"1:8.9p1-3ubuntu0.4",
"1:8.9p1-3ubuntu0.5",
"1:8.9p1-3ubuntu0.6",
"1:8.9p1-3ubuntu0.7",
"1:8.9p1-3ubuntu0.10",
"1:8.9p1-3ubuntu0.11",
"1:8.9p1-3ubuntu0.13"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "openssh-client-ssh1",
"binary_version": "1:7.5p1-13"
}
],
"priority_reason": "This issue is considered minor by OpenSSH developers"
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "openssh-ssh1",
"purl": "pkg:deb/ubuntu/openssh-ssh1@1:7.5p1-13?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:7.5p1-12",
"1:7.5p1-12build1",
"1:7.5p1-13"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "openssh-client",
"binary_version": "1:8.9p1-3ubuntu1.fips.0~ppa3"
},
{
"binary_name": "openssh-server",
"binary_version": "1:8.9p1-3ubuntu1.fips.0~ppa3"
},
{
"binary_name": "openssh-sftp-server",
"binary_version": "1:8.9p1-3ubuntu1.fips.0~ppa3"
},
{
"binary_name": "openssh-tests",
"binary_version": "1:8.9p1-3ubuntu1.fips.0~ppa3"
},
{
"binary_name": "ssh",
"binary_version": "1:8.9p1-3ubuntu1.fips.0~ppa3"
},
{
"binary_name": "ssh-askpass-gnome",
"binary_version": "1:8.9p1-3ubuntu1.fips.0~ppa3"
}
],
"priority_reason": "This issue is considered minor by OpenSSH developers"
},
"package": {
"ecosystem": "Ubuntu:Pro:FIPS-preview:22.04:LTS",
"name": "openssh",
"purl": "pkg:deb/ubuntu/openssh@1:8.9p1-3ubuntu1.fips.0~ppa3?arch=source\u0026distro=fips-preview/jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:8.9p1-3ubuntu0.4+Fips1",
"1:8.9p1-3ubuntu0.4+Fips3",
"1:8.9p1-3ubuntu1.fips.0~ppa3"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "openssh-client",
"binary_version": "1:8.9p1-3ubuntu0.14+Fips1"
},
{
"binary_name": "openssh-server",
"binary_version": "1:8.9p1-3ubuntu0.14+Fips1"
},
{
"binary_name": "openssh-sftp-server",
"binary_version": "1:8.9p1-3ubuntu0.14+Fips1"
},
{
"binary_name": "openssh-tests",
"binary_version": "1:8.9p1-3ubuntu0.14+Fips1"
},
{
"binary_name": "ssh",
"binary_version": "1:8.9p1-3ubuntu0.14+Fips1"
},
{
"binary_name": "ssh-askpass-gnome",
"binary_version": "1:8.9p1-3ubuntu0.14+Fips1"
}
],
"priority_reason": "This issue is considered minor by OpenSSH developers"
},
"package": {
"ecosystem": "Ubuntu:Pro:FIPS-updates:22.04:LTS",
"name": "openssh",
"purl": "pkg:deb/ubuntu/openssh@1:8.9p1-3ubuntu0.14+Fips1?arch=source\u0026distro=fips-updates/jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:8.9p1-3ubuntu0.14+Fips1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:8.9p1-3ubuntu0.4+Fips1",
"1:8.9p1-3ubuntu0.4+Fips3",
"1:8.9p1-3ubuntu0.6+Fips1",
"1:8.9p1-3ubuntu0.7+Fips1",
"1:8.9p1-3ubuntu0.10+Fips1",
"1:8.9p1-3ubuntu0.11+Fips1",
"1:8.9p1-3ubuntu0.13+Fips1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "openssh-client",
"binary_version": "1:9.6p1-3ubuntu13.15"
},
{
"binary_name": "openssh-server",
"binary_version": "1:9.6p1-3ubuntu13.15"
},
{
"binary_name": "openssh-sftp-server",
"binary_version": "1:9.6p1-3ubuntu13.15"
},
{
"binary_name": "openssh-tests",
"binary_version": "1:9.6p1-3ubuntu13.15"
},
{
"binary_name": "ssh",
"binary_version": "1:9.6p1-3ubuntu13.15"
},
{
"binary_name": "ssh-askpass-gnome",
"binary_version": "1:9.6p1-3ubuntu13.15"
}
],
"priority_reason": "This issue is considered minor by OpenSSH developers"
},
"package": {
"ecosystem": "Ubuntu:24.04:LTS",
"name": "openssh",
"purl": "pkg:deb/ubuntu/openssh@1:9.6p1-3ubuntu13.15?arch=source\u0026distro=noble"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:9.6p1-3ubuntu13.15"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:9.3p1-1ubuntu3",
"1:9.4p1-1ubuntu1",
"1:9.6p1-3ubuntu1",
"1:9.6p1-3ubuntu2",
"1:9.6p1-3ubuntu11",
"1:9.6p1-3ubuntu12",
"1:9.6p1-3ubuntu13",
"1:9.6p1-3ubuntu13.3",
"1:9.6p1-3ubuntu13.4",
"1:9.6p1-3ubuntu13.5",
"1:9.6p1-3ubuntu13.7",
"1:9.6p1-3ubuntu13.8",
"1:9.6p1-3ubuntu13.9",
"1:9.6p1-3ubuntu13.11",
"1:9.6p1-3ubuntu13.12",
"1:9.6p1-3ubuntu13.13",
"1:9.6p1-3ubuntu13.14"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "openssh-client-ssh1",
"binary_version": "1:7.5p1-16"
}
],
"priority_reason": "This issue is considered minor by OpenSSH developers"
},
"package": {
"ecosystem": "Ubuntu:24.04:LTS",
"name": "openssh-ssh1",
"purl": "pkg:deb/ubuntu/openssh-ssh1@1:7.5p1-16?arch=source\u0026distro=noble"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:7.5p1-14",
"1:7.5p1-15",
"1:7.5p1-15build1",
"1:7.5p1-16"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "openssh-client",
"binary_version": "1:9.6p1-3ubuntu13.15+Fips1"
},
{
"binary_name": "openssh-server",
"binary_version": "1:9.6p1-3ubuntu13.15+Fips1"
},
{
"binary_name": "openssh-sftp-server",
"binary_version": "1:9.6p1-3ubuntu13.15+Fips1"
},
{
"binary_name": "openssh-tests",
"binary_version": "1:9.6p1-3ubuntu13.15+Fips1"
},
{
"binary_name": "ssh",
"binary_version": "1:9.6p1-3ubuntu13.15+Fips1"
},
{
"binary_name": "ssh-askpass-gnome",
"binary_version": "1:9.6p1-3ubuntu13.15+Fips1"
}
],
"priority_reason": "This issue is considered minor by OpenSSH developers"
},
"package": {
"ecosystem": "Ubuntu:Pro:FIPS-updates:24.04:LTS",
"name": "openssh",
"purl": "pkg:deb/ubuntu/openssh@1:9.6p1-3ubuntu13.15+Fips1?arch=source\u0026distro=fips-updates/noble"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:9.6p1-3ubuntu13.15+Fips1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:9.6p1-3ubuntu13.7+Fips1",
"1:9.6p1-3ubuntu13.12+Fips1",
"1:9.6p1-3ubuntu13.13+Fips1",
"1:9.6p1-3ubuntu13.14+Fips1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "openssh-client",
"binary_version": "1:10.0p1-5ubuntu5.1"
},
{
"binary_name": "openssh-client-gssapi",
"binary_version": "1:10.0p1-5ubuntu5.1"
},
{
"binary_name": "openssh-server",
"binary_version": "1:10.0p1-5ubuntu5.1"
},
{
"binary_name": "openssh-server-gssapi",
"binary_version": "1:10.0p1-5ubuntu5.1"
},
{
"binary_name": "openssh-sftp-server",
"binary_version": "1:10.0p1-5ubuntu5.1"
},
{
"binary_name": "openssh-tests",
"binary_version": "1:10.0p1-5ubuntu5.1"
},
{
"binary_name": "ssh",
"binary_version": "1:10.0p1-5ubuntu5.1"
},
{
"binary_name": "ssh-askpass-gnome",
"binary_version": "1:10.0p1-5ubuntu5.1"
}
],
"priority_reason": "This issue is considered minor by OpenSSH developers"
},
"package": {
"ecosystem": "Ubuntu:25.10",
"name": "openssh",
"purl": "pkg:deb/ubuntu/openssh@1:10.0p1-5ubuntu5.1?arch=source\u0026distro=questing"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:10.0p1-5ubuntu5.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:9.9p1-3ubuntu3",
"1:9.9p1-3ubuntu3.1",
"1:10.0p1-5ubuntu2",
"1:10.0p1-5ubuntu3",
"1:10.0p1-5ubuntu4",
"1:10.0p1-5ubuntu5"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "openssh-client-ssh1",
"binary_version": "1:7.5p1-17"
}
],
"priority_reason": "This issue is considered minor by OpenSSH developers"
},
"package": {
"ecosystem": "Ubuntu:25.10",
"name": "openssh-ssh1",
"purl": "pkg:deb/ubuntu/openssh-ssh1@1:7.5p1-17?arch=source\u0026distro=questing"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:7.5p1-17"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "openssh-client",
"binary_version": "1:10.2p1-2ubuntu1"
},
{
"binary_name": "openssh-client-gssapi",
"binary_version": "1:10.2p1-2ubuntu1"
},
{
"binary_name": "openssh-server",
"binary_version": "1:10.2p1-2ubuntu1"
},
{
"binary_name": "openssh-server-gssapi",
"binary_version": "1:10.2p1-2ubuntu1"
},
{
"binary_name": "openssh-sftp-server",
"binary_version": "1:10.2p1-2ubuntu1"
},
{
"binary_name": "openssh-tests",
"binary_version": "1:10.2p1-2ubuntu1"
},
{
"binary_name": "ssh",
"binary_version": "1:10.2p1-2ubuntu1"
},
{
"binary_name": "ssh-askpass-gnome",
"binary_version": "1:10.2p1-2ubuntu1"
}
],
"priority_reason": "This issue is considered minor by OpenSSH developers"
},
"package": {
"ecosystem": "Ubuntu:26.04:LTS",
"name": "openssh",
"purl": "pkg:deb/ubuntu/openssh@1:10.2p1-2ubuntu1?arch=source\u0026distro=resolute"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:10.2p1-2ubuntu1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:10.0p1-5ubuntu5"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "openssh-client-ssh1",
"binary_version": "1:7.5p1-18"
}
],
"priority_reason": "This issue is considered minor by OpenSSH developers"
},
"package": {
"ecosystem": "Ubuntu:26.04:LTS",
"name": "openssh-ssh1",
"purl": "pkg:deb/ubuntu/openssh-ssh1@1:7.5p1-18?arch=source\u0026distro=resolute"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:7.5p1-17",
"1:7.5p1-18"
]
}
],
"aliases": [],
"details": "ssh in OpenSSH before 10.1 allows the \u0027\\0\u0027 character in an ssh:// URI, potentially leading to code execution when a ProxyCommand is used.",
"id": "UBUNTU-CVE-2025-61985",
"modified": "2026-05-20T15:22:57Z",
"published": "2025-10-06T19:15:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2025-61985"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61985"
},
{
"type": "REPORT",
"url": "https://www.openwall.com/lists/oss-security/2025/10/06/1"
},
{
"type": "REPORT",
"url": "https://marc.info/?l=openssh-unix-dev\u0026m=175974522032149\u0026w=2"
},
{
"type": "REPORT",
"url": "https://www.openssh.com/releasenotes.html#10.1p1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-8090-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-8090-2"
}
],
"related": [
"USN-8090-1",
"USN-8090-2"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2025-61985"
]
}
ubuntu-cve-2026-3497
Vulnerability from osv_ubuntu
Vulnerability in the OpenSSH GSSAPI delta included in various Linux distributions. This vulnerability affects the GSSAPI patches added by various Linux distributions and does not affect the OpenSSH upstream project itself. The usage of sshpkt_disconnect() on an error, which does not terminate the process, allows an attacker to send an unexpected GSSAPI message type during the GSSAPI key exchange to the server, which will call the underlying function and continue the execution of the program without setting the related connection variables. As the variables are not initialized to NULL the code later accesses those uninitialized variables, accessing random memory, which could lead to undefined behavior. The recommended workaround is to use ssh_packet_disconnect() instead, which does terminate the process. The impact of the vulnerability depends heavily on the compiler flag hardening configuration.
{
"affected": [
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "openssh-client",
"binary_version": "1:7.2p2-4ubuntu2.fips.2.10.7"
},
{
"binary_name": "openssh-client-hmac",
"binary_version": "1:7.2p2-4ubuntu2.fips.2.10.7"
},
{
"binary_name": "openssh-client-ssh1",
"binary_version": "1:7.2p2-4ubuntu2.fips.2.10.7"
},
{
"binary_name": "openssh-server",
"binary_version": "1:7.2p2-4ubuntu2.fips.2.10.7"
},
{
"binary_name": "openssh-server-hmac",
"binary_version": "1:7.2p2-4ubuntu2.fips.2.10.7"
},
{
"binary_name": "openssh-sftp-server",
"binary_version": "1:7.2p2-4ubuntu2.fips.2.10.7"
},
{
"binary_name": "ssh",
"binary_version": "1:7.2p2-4ubuntu2.fips.2.10.7"
},
{
"binary_name": "ssh-askpass-gnome",
"binary_version": "1:7.2p2-4ubuntu2.fips.2.10.7"
},
{
"binary_name": "ssh-krb5",
"binary_version": "1:7.2p2-4ubuntu2.fips.2.10.7"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:FIPS:16.04:LTS",
"name": "openssh",
"purl": "pkg:deb/ubuntu/openssh@1:7.2p2-4ubuntu2.fips.2.10.7?arch=source\u0026distro=fips-updates/xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:7.2p2-4ubuntu2.fips.2.2.3",
"1:7.2p2-4ubuntu2.fips.2.4.1",
"1:7.2p2-4ubuntu2.fips.2.4.2",
"1:7.2p2-4ubuntu2.fips.2.8.1",
"1:7.2p2-4ubuntu2.fips.2.10.1",
"1:7.2p2-4ubuntu2.fips.2.10.2",
"1:7.2p2-4ubuntu2.fips.2.10.3",
"1:7.2p2-4ubuntu2.fips.2.10.4",
"1:7.2p2-4ubuntu2.fips.2.10.5",
"1:7.2p2-4ubuntu2.fips.2.10.6",
"1:7.2p2-4ubuntu2.fips.2.10.7"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "openssh-client",
"binary_version": "1:7.2p2-4ubuntu2.fips.2.10.1"
},
{
"binary_name": "openssh-client-hmac",
"binary_version": "1:7.2p2-4ubuntu2.fips.2.10.1"
},
{
"binary_name": "openssh-client-ssh1",
"binary_version": "1:7.2p2-4ubuntu2.fips.2.10.1"
},
{
"binary_name": "openssh-server",
"binary_version": "1:7.2p2-4ubuntu2.fips.2.10.1"
},
{
"binary_name": "openssh-server-hmac",
"binary_version": "1:7.2p2-4ubuntu2.fips.2.10.1"
},
{
"binary_name": "openssh-sftp-server",
"binary_version": "1:7.2p2-4ubuntu2.fips.2.10.1"
},
{
"binary_name": "ssh",
"binary_version": "1:7.2p2-4ubuntu2.fips.2.10.1"
},
{
"binary_name": "ssh-askpass-gnome",
"binary_version": "1:7.2p2-4ubuntu2.fips.2.10.1"
},
{
"binary_name": "ssh-krb5",
"binary_version": "1:7.2p2-4ubuntu2.fips.2.10.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:FIPS:16.04:LTS",
"name": "openssh",
"purl": "pkg:deb/ubuntu/openssh@1:7.2p2-4ubuntu2.fips.2.10.1?arch=source\u0026distro=fips/xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:7.2p2-4ubuntu2.fips.2.2",
"1:7.2p2-4ubuntu2.fips.2.2.1",
"1:7.2p2-4ubuntu2.fips.2.10.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "openssh-client-ssh1",
"binary_version": "1:7.5p1-10"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "openssh-ssh1",
"purl": "pkg:deb/ubuntu/openssh-ssh1@1:7.5p1-10?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:7.5p1-8",
"1:7.5p1-9",
"1:7.5p1-9build1",
"1:7.5p1-10"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "openssh-client",
"binary_version": "1:7.9p1-10~ubuntu18.04.fips.0.10"
},
{
"binary_name": "openssh-client-hmac",
"binary_version": "1:7.9p1-10~ubuntu18.04.fips.0.10"
},
{
"binary_name": "openssh-server",
"binary_version": "1:7.9p1-10~ubuntu18.04.fips.0.10"
},
{
"binary_name": "openssh-server-hmac",
"binary_version": "1:7.9p1-10~ubuntu18.04.fips.0.10"
},
{
"binary_name": "openssh-sftp-server",
"binary_version": "1:7.9p1-10~ubuntu18.04.fips.0.10"
},
{
"binary_name": "openssh-tests",
"binary_version": "1:7.9p1-10~ubuntu18.04.fips.0.10"
},
{
"binary_name": "ssh",
"binary_version": "1:7.9p1-10~ubuntu18.04.fips.0.10"
},
{
"binary_name": "ssh-askpass-gnome",
"binary_version": "1:7.9p1-10~ubuntu18.04.fips.0.10"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:FIPS-updates:18.04:LTS",
"name": "openssh",
"purl": "pkg:deb/ubuntu/openssh@1:7.9p1-10~ubuntu18.04.fips.0.10?arch=source\u0026distro=fips-updates/bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:7.9p1-10~ubuntu18.04.fips.0.1",
"1:7.9p1-10~ubuntu18.04.fips.0.2",
"1:7.9p1-10~ubuntu18.04.fips.0.3",
"1:7.9p1-10~ubuntu18.04.fips.0.4",
"1:7.9p1-10~ubuntu18.04.fips.0.5",
"1:7.9p1-10~ubuntu18.04.fips.0.6",
"1:7.9p1-10~ubuntu18.04.fips.0.7",
"1:7.9p1-10~ubuntu18.04.fips.0.8",
"1:7.9p1-10~ubuntu18.04.fips.0.9",
"1:7.9p1-10~ubuntu18.04.fips.0.10"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "openssh-client",
"binary_version": "1:7.9p1-10~ubuntu18.04.fips.0.2"
},
{
"binary_name": "openssh-client-hmac",
"binary_version": "1:7.9p1-10~ubuntu18.04.fips.0.2"
},
{
"binary_name": "openssh-server",
"binary_version": "1:7.9p1-10~ubuntu18.04.fips.0.2"
},
{
"binary_name": "openssh-server-hmac",
"binary_version": "1:7.9p1-10~ubuntu18.04.fips.0.2"
},
{
"binary_name": "openssh-sftp-server",
"binary_version": "1:7.9p1-10~ubuntu18.04.fips.0.2"
},
{
"binary_name": "openssh-tests",
"binary_version": "1:7.9p1-10~ubuntu18.04.fips.0.2"
},
{
"binary_name": "ssh",
"binary_version": "1:7.9p1-10~ubuntu18.04.fips.0.2"
},
{
"binary_name": "ssh-askpass-gnome",
"binary_version": "1:7.9p1-10~ubuntu18.04.fips.0.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:FIPS:18.04:LTS",
"name": "openssh",
"purl": "pkg:deb/ubuntu/openssh@1:7.9p1-10~ubuntu18.04.fips.0.2?arch=source\u0026distro=fips/bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:7.9p1-10~ubuntu18.04.fips.0.1",
"1:7.9p1-10~ubuntu18.04.fips.0.2"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "openssh-client",
"binary_version": "1:8.2p1-4ubuntu0.13+esm1"
},
{
"binary_name": "openssh-server",
"binary_version": "1:8.2p1-4ubuntu0.13+esm1"
},
{
"binary_name": "openssh-sftp-server",
"binary_version": "1:8.2p1-4ubuntu0.13+esm1"
},
{
"binary_name": "openssh-tests",
"binary_version": "1:8.2p1-4ubuntu0.13+esm1"
},
{
"binary_name": "ssh",
"binary_version": "1:8.2p1-4ubuntu0.13+esm1"
},
{
"binary_name": "ssh-askpass-gnome",
"binary_version": "1:8.2p1-4ubuntu0.13+esm1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:20.04:LTS",
"name": "openssh",
"purl": "pkg:deb/ubuntu/openssh@1:8.2p1-4ubuntu0.13+esm1?arch=source\u0026distro=esm-infra/focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:8.2p1-4ubuntu0.13+esm1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:8.0p1-6build1",
"1:8.1p1-1",
"1:8.1p1-5",
"1:8.2p1-4",
"1:8.2p1-4ubuntu0.1",
"1:8.2p1-4ubuntu0.2",
"1:8.2p1-4ubuntu0.3",
"1:8.2p1-4ubuntu0.4",
"1:8.2p1-4ubuntu0.5",
"1:8.2p1-4ubuntu0.7",
"1:8.2p1-4ubuntu0.8",
"1:8.2p1-4ubuntu0.9",
"1:8.2p1-4ubuntu0.10",
"1:8.2p1-4ubuntu0.11",
"1:8.2p1-4ubuntu0.12",
"1:8.2p1-4ubuntu0.13"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "openssh-client-ssh1",
"binary_version": "1:7.5p1-11build1"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "openssh-ssh1",
"purl": "pkg:deb/ubuntu/openssh-ssh1@1:7.5p1-11build1?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:7.5p1-11build1"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "openssh-client",
"binary_version": "1:8.2p1-4ubuntu0.fips.0.13.1"
},
{
"binary_name": "openssh-server",
"binary_version": "1:8.2p1-4ubuntu0.fips.0.13.1"
},
{
"binary_name": "openssh-sftp-server",
"binary_version": "1:8.2p1-4ubuntu0.fips.0.13.1"
},
{
"binary_name": "openssh-tests",
"binary_version": "1:8.2p1-4ubuntu0.fips.0.13.1"
},
{
"binary_name": "ssh",
"binary_version": "1:8.2p1-4ubuntu0.fips.0.13.1"
},
{
"binary_name": "ssh-askpass-gnome",
"binary_version": "1:8.2p1-4ubuntu0.fips.0.13.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:FIPS-updates:20.04:LTS",
"name": "openssh",
"purl": "pkg:deb/ubuntu/openssh@1:8.2p1-4ubuntu0.fips.0.13.1?arch=source\u0026distro=fips-updates/focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:8.2p1-4ubuntu0.fips.0.13.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:8.2p1-4ubuntu0.fips.0.2.1",
"1:8.2p1-4ubuntu0.fips.0.4.0",
"1:8.2p1-4ubuntu0.fips.0.5.0",
"1:8.2p1-4ubuntu0.fips.0.7",
"1:8.2p1-4ubuntu0.fips.0.8",
"1:8.2p1-4ubuntu0.fips.0.9",
"1:8.2p1-4ubuntu0.fips.0.10",
"1:8.2p1-4ubuntu0.fips.0.11",
"1:8.2p1-4ubuntu0.fips.0.12",
"1:8.2p1-4ubuntu0.fips.0.13"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "openssh-client",
"binary_version": "1:8.2p1-4ubuntu0.fips.0.2.1"
},
{
"binary_name": "openssh-server",
"binary_version": "1:8.2p1-4ubuntu0.fips.0.2.1"
},
{
"binary_name": "openssh-sftp-server",
"binary_version": "1:8.2p1-4ubuntu0.fips.0.2.1"
},
{
"binary_name": "openssh-tests",
"binary_version": "1:8.2p1-4ubuntu0.fips.0.2.1"
},
{
"binary_name": "ssh",
"binary_version": "1:8.2p1-4ubuntu0.fips.0.2.1"
},
{
"binary_name": "ssh-askpass-gnome",
"binary_version": "1:8.2p1-4ubuntu0.fips.0.2.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:FIPS:20.04:LTS",
"name": "openssh",
"purl": "pkg:deb/ubuntu/openssh@1:8.2p1-4ubuntu0.fips.0.2.1?arch=source\u0026distro=fips/focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:8.2p1-4ubuntu0.fips.0.2.1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "openssh-client",
"binary_version": "1:8.9p1-3ubuntu0.14"
},
{
"binary_name": "openssh-server",
"binary_version": "1:8.9p1-3ubuntu0.14"
},
{
"binary_name": "openssh-sftp-server",
"binary_version": "1:8.9p1-3ubuntu0.14"
},
{
"binary_name": "openssh-tests",
"binary_version": "1:8.9p1-3ubuntu0.14"
},
{
"binary_name": "ssh",
"binary_version": "1:8.9p1-3ubuntu0.14"
},
{
"binary_name": "ssh-askpass-gnome",
"binary_version": "1:8.9p1-3ubuntu0.14"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "openssh",
"purl": "pkg:deb/ubuntu/openssh@1:8.9p1-3ubuntu0.14?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:8.9p1-3ubuntu0.14"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:8.4p1-6ubuntu2",
"1:8.7p1-2",
"1:8.7p1-2build1",
"1:8.7p1-4",
"1:8.8p1-1",
"1:8.9p1-3",
"1:8.9p1-3ubuntu0.1",
"1:8.9p1-3ubuntu0.3",
"1:8.9p1-3ubuntu0.4",
"1:8.9p1-3ubuntu0.5",
"1:8.9p1-3ubuntu0.6",
"1:8.9p1-3ubuntu0.7",
"1:8.9p1-3ubuntu0.10",
"1:8.9p1-3ubuntu0.11",
"1:8.9p1-3ubuntu0.13"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "openssh-client-ssh1",
"binary_version": "1:7.5p1-13"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "openssh-ssh1",
"purl": "pkg:deb/ubuntu/openssh-ssh1@1:7.5p1-13?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:7.5p1-12",
"1:7.5p1-12build1",
"1:7.5p1-13"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "openssh-client",
"binary_version": "1:8.9p1-3ubuntu1.fips.0~ppa3"
},
{
"binary_name": "openssh-server",
"binary_version": "1:8.9p1-3ubuntu1.fips.0~ppa3"
},
{
"binary_name": "openssh-sftp-server",
"binary_version": "1:8.9p1-3ubuntu1.fips.0~ppa3"
},
{
"binary_name": "openssh-tests",
"binary_version": "1:8.9p1-3ubuntu1.fips.0~ppa3"
},
{
"binary_name": "ssh",
"binary_version": "1:8.9p1-3ubuntu1.fips.0~ppa3"
},
{
"binary_name": "ssh-askpass-gnome",
"binary_version": "1:8.9p1-3ubuntu1.fips.0~ppa3"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:FIPS-preview:22.04:LTS",
"name": "openssh",
"purl": "pkg:deb/ubuntu/openssh@1:8.9p1-3ubuntu1.fips.0~ppa3?arch=source\u0026distro=fips-preview/jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:8.9p1-3ubuntu0.4+Fips1",
"1:8.9p1-3ubuntu0.4+Fips3",
"1:8.9p1-3ubuntu1.fips.0~ppa3"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "openssh-client",
"binary_version": "1:8.9p1-3ubuntu0.14+Fips1"
},
{
"binary_name": "openssh-server",
"binary_version": "1:8.9p1-3ubuntu0.14+Fips1"
},
{
"binary_name": "openssh-sftp-server",
"binary_version": "1:8.9p1-3ubuntu0.14+Fips1"
},
{
"binary_name": "openssh-tests",
"binary_version": "1:8.9p1-3ubuntu0.14+Fips1"
},
{
"binary_name": "ssh",
"binary_version": "1:8.9p1-3ubuntu0.14+Fips1"
},
{
"binary_name": "ssh-askpass-gnome",
"binary_version": "1:8.9p1-3ubuntu0.14+Fips1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:FIPS-updates:22.04:LTS",
"name": "openssh",
"purl": "pkg:deb/ubuntu/openssh@1:8.9p1-3ubuntu0.14+Fips1?arch=source\u0026distro=fips-updates/jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:8.9p1-3ubuntu0.14+Fips1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:8.9p1-3ubuntu0.4+Fips1",
"1:8.9p1-3ubuntu0.4+Fips3",
"1:8.9p1-3ubuntu0.6+Fips1",
"1:8.9p1-3ubuntu0.7+Fips1",
"1:8.9p1-3ubuntu0.10+Fips1",
"1:8.9p1-3ubuntu0.11+Fips1",
"1:8.9p1-3ubuntu0.13+Fips1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "openssh-client",
"binary_version": "1:9.6p1-3ubuntu13.15"
},
{
"binary_name": "openssh-server",
"binary_version": "1:9.6p1-3ubuntu13.15"
},
{
"binary_name": "openssh-sftp-server",
"binary_version": "1:9.6p1-3ubuntu13.15"
},
{
"binary_name": "openssh-tests",
"binary_version": "1:9.6p1-3ubuntu13.15"
},
{
"binary_name": "ssh",
"binary_version": "1:9.6p1-3ubuntu13.15"
},
{
"binary_name": "ssh-askpass-gnome",
"binary_version": "1:9.6p1-3ubuntu13.15"
}
]
},
"package": {
"ecosystem": "Ubuntu:24.04:LTS",
"name": "openssh",
"purl": "pkg:deb/ubuntu/openssh@1:9.6p1-3ubuntu13.15?arch=source\u0026distro=noble"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:9.6p1-3ubuntu13.15"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:9.3p1-1ubuntu3",
"1:9.4p1-1ubuntu1",
"1:9.6p1-3ubuntu1",
"1:9.6p1-3ubuntu2",
"1:9.6p1-3ubuntu11",
"1:9.6p1-3ubuntu12",
"1:9.6p1-3ubuntu13",
"1:9.6p1-3ubuntu13.3",
"1:9.6p1-3ubuntu13.4",
"1:9.6p1-3ubuntu13.5",
"1:9.6p1-3ubuntu13.7",
"1:9.6p1-3ubuntu13.8",
"1:9.6p1-3ubuntu13.9",
"1:9.6p1-3ubuntu13.11",
"1:9.6p1-3ubuntu13.12",
"1:9.6p1-3ubuntu13.13",
"1:9.6p1-3ubuntu13.14"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "openssh-client-ssh1",
"binary_version": "1:7.5p1-16"
}
]
},
"package": {
"ecosystem": "Ubuntu:24.04:LTS",
"name": "openssh-ssh1",
"purl": "pkg:deb/ubuntu/openssh-ssh1@1:7.5p1-16?arch=source\u0026distro=noble"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:7.5p1-14",
"1:7.5p1-15",
"1:7.5p1-15build1",
"1:7.5p1-16"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "openssh-client",
"binary_version": "1:9.6p1-3ubuntu13.15+Fips1"
},
{
"binary_name": "openssh-server",
"binary_version": "1:9.6p1-3ubuntu13.15+Fips1"
},
{
"binary_name": "openssh-sftp-server",
"binary_version": "1:9.6p1-3ubuntu13.15+Fips1"
},
{
"binary_name": "openssh-tests",
"binary_version": "1:9.6p1-3ubuntu13.15+Fips1"
},
{
"binary_name": "ssh",
"binary_version": "1:9.6p1-3ubuntu13.15+Fips1"
},
{
"binary_name": "ssh-askpass-gnome",
"binary_version": "1:9.6p1-3ubuntu13.15+Fips1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:FIPS-updates:24.04:LTS",
"name": "openssh",
"purl": "pkg:deb/ubuntu/openssh@1:9.6p1-3ubuntu13.15+Fips1?arch=source\u0026distro=fips-updates/noble"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:9.6p1-3ubuntu13.15+Fips1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:9.6p1-3ubuntu13.7+Fips1",
"1:9.6p1-3ubuntu13.12+Fips1",
"1:9.6p1-3ubuntu13.13+Fips1",
"1:9.6p1-3ubuntu13.14+Fips1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "openssh-client",
"binary_version": "1:10.0p1-5ubuntu5.1"
},
{
"binary_name": "openssh-client-gssapi",
"binary_version": "1:10.0p1-5ubuntu5.1"
},
{
"binary_name": "openssh-server",
"binary_version": "1:10.0p1-5ubuntu5.1"
},
{
"binary_name": "openssh-server-gssapi",
"binary_version": "1:10.0p1-5ubuntu5.1"
},
{
"binary_name": "openssh-sftp-server",
"binary_version": "1:10.0p1-5ubuntu5.1"
},
{
"binary_name": "openssh-tests",
"binary_version": "1:10.0p1-5ubuntu5.1"
},
{
"binary_name": "ssh",
"binary_version": "1:10.0p1-5ubuntu5.1"
},
{
"binary_name": "ssh-askpass-gnome",
"binary_version": "1:10.0p1-5ubuntu5.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:25.10",
"name": "openssh",
"purl": "pkg:deb/ubuntu/openssh@1:10.0p1-5ubuntu5.1?arch=source\u0026distro=questing"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:10.0p1-5ubuntu5.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:9.9p1-3ubuntu3",
"1:9.9p1-3ubuntu3.1",
"1:10.0p1-5ubuntu2",
"1:10.0p1-5ubuntu3",
"1:10.0p1-5ubuntu4",
"1:10.0p1-5ubuntu5"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "openssh-client-ssh1",
"binary_version": "1:7.5p1-17"
}
]
},
"package": {
"ecosystem": "Ubuntu:25.10",
"name": "openssh-ssh1",
"purl": "pkg:deb/ubuntu/openssh-ssh1@1:7.5p1-17?arch=source\u0026distro=questing"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:7.5p1-17"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "openssh-client-ssh1",
"binary_version": "1:7.5p1-18"
}
]
},
"package": {
"ecosystem": "Ubuntu:26.04:LTS",
"name": "openssh-ssh1",
"purl": "pkg:deb/ubuntu/openssh-ssh1@1:7.5p1-18?arch=source\u0026distro=resolute"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:7.5p1-17",
"1:7.5p1-18"
]
}
],
"aliases": [],
"details": "Vulnerability in the OpenSSH GSSAPI delta included in various Linux distributions. This vulnerability affects the GSSAPI patches added by various Linux distributions and does not affect the OpenSSH upstream project itself. The usage of sshpkt_disconnect() on an error, which does not terminate the process, allows an attacker to send an unexpected GSSAPI message type during the GSSAPI key exchange to the server, which will call the underlying function and continue the execution of the program without setting the related connection variables. As the variables are not initialized to NULL the code later accesses those uninitialized variables, accessing random memory, which could lead to undefined behavior. The recommended workaround is to use ssh_packet_disconnect() instead, which does terminate the process. The impact of the vulnerability depends heavily on the compiler flag hardening configuration.",
"id": "UBUNTU-CVE-2026-3497",
"modified": "2026-06-30T16:18:34Z",
"published": "2026-03-12T18:00:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2026-3497"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3497"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-8090-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-8090-2"
}
],
"related": [
"USN-8090-1",
"USN-8090-2"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2026-3497"
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.