Latest libssh libssh Vulnerabilities

CVE-2023-6918
Libssh: missing checks for return values for digests
Libssh Libssh>=0.9.0<0.9.8
Libssh Libssh>=0.10.0<0.10.6
Fedoraproject Fedora=38
Fedoraproject Fedora=39
Redhat Enterprise Linux=8.0
Redhat Enterprise Linux=9.0
and 10 more
CVE-2023-48795
Prefix Truncation Attacks in SSH Specification (Terrapin Attack)
pip/paramiko>=2.5.0<3.4.0
go/golang.org/x/crypto<0.17.0
rust/russh<0.40.2
Apple macOS Sonoma<14.4
Openbsd Openssh<9.6
Putty Putty<0.80
and 128 more
CVE-2023-6004
Libssh: proxycommand/proxyjump features allow injection of malicious code through hostname
Libssh Libssh>=0.8.0<0.9.8
Libssh Libssh>=0.10.0<0.10.6
Fedoraproject Fedora=38
Redhat Enterprise Linux=8.0
Redhat Enterprise Linux=9.0
redhat/libssh<0.9.8
and 9 more
CVE-2023-3603
Processing sftp server read may cause null dereference
Libssh Libssh
CVE-2023-2283
A vulnerability was found in libssh, where the authentication check of the connecting client can be bypassed in the`pki_verify_data_signature` function in memory allocation problems. This issue may ha...
redhat/libssh<0:0.9.6-10.el8_8
Libssh Libssh>=0.9.1<=0.9.6
Libssh Libssh>=0.10.0<=0.10.4
Fedoraproject Fedora=37
Redhat Enterprise Linux=8.0
Redhat Enterprise Linux=9.0
CVE-2023-1667
A NULL pointer dereference was found In libssh during re-keying with algorithm guessing. This issue may allow an authenticated client to cause a denial of service.
redhat/libssh<0:0.9.6-10.el8_8
Libssh Libssh>=0.9.1<=0.9.6
Libssh Libssh>=0.10.0<=0.10.4
Fedoraproject Fedora=37
Debian Debian Linux=10.0
Redhat Enterprise Linux=8.0
and 3 more
CVE-2021-3634
A flaw has been found in libssh in versions prior to 0.9.6. The SSH protocol keeps track of two shared secrets during the lifetime of the session. One of them is called secret_hash and the other sessi...
Libssh Libssh>=0.9.1<0.9.6
Redhat Virtualization=4.0
Redhat Enterprise Linux=8.0
Debian Debian Linux=10.0
Debian Debian Linux=11.0
Fedoraproject Fedora=33
and 6 more
CVE-2020-16135
libssh 0.9.4 has a NULL pointer dereference in tftpserver.c if ssh_buffer_new returns NULL.
Libssh Libssh=0.9.4
Debian Debian Linux=9.0
Fedoraproject Fedora=32
Fedoraproject Fedora=33
Canonical Ubuntu Linux=16.04
Canonical Ubuntu Linux=18.04
and 9 more
CVE-2020-1730
A flaw was found in libssh versions before 0.8.9 and before 0.9.4 in the way it handled AES-CTR (or DES ciphers if enabled) ciphers. The server or client could crash when the connection hasn't been fu...
Libssh Libssh>=0.8.0<0.8.9
Libssh Libssh>=0.9.0<0.9.4
Netapp Cloud Backup
Canonical Ubuntu Linux=18.04
Canonical Ubuntu Linux=19.10
Fedoraproject Fedora=31
and 7 more
CVE-2019-14889
A flaw was found with the libssh API function ssh_scp_new() in versions before 0.9.3 and before 0.8.8. When the libssh SCP client connects to a server, the scp command, which includes a user-provided ...
Libssh Libssh<0.8.8
Libssh Libssh>=0.9.0<0.9.3
Canonical Ubuntu Linux=16.04
Canonical Ubuntu Linux=18.04
Canonical Ubuntu Linux=19.04
Canonical Ubuntu Linux=19.10
and 5 more
CVE-2018-10933
A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. A malicious client could create channels without first performing authentication, resulting in unauthor...
debian/libssh<=0.6.3-4+deb8u2<=0.7.3-2<=0.7.3-1
ubuntu/libssh<0.6.3-4.3ubuntu0.1
ubuntu/libssh<0.8.0~20170825.94
ubuntu/libssh<0.8.1-1ubuntu0.1
ubuntu/libssh<0.6.1-0ubuntu3.4
debian/libssh
and 15 more

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203