CVE-2021-3634
First published: Fri Jul 02 2021(Updated: )
A flaw has been found in libssh in versions prior to 0.9.6. The SSH protocol keeps track of two shared secrets during the lifetime of the session. One of them is called secret_hash and the other session_id. Initially, both of them are the same, but after key re-exchange, previous session_id is kept and used as an input to new secret_hash. Historically, both of these buffers had shared length variable, which worked as long as these buffers were same. But the key re-exchange operation can also change the key exchange method, which can be based on hash of different size, eventually creating "secret_hash" of different size than the session_id has. This becomes an issue when the session_id memory is zeroed or when it is used again during second key re-exchange.
Credit: secalert@redhat.com secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Libssh Libssh | >=0.9.1<0.9.6 | |
| Redhat Virtualization | =4.0 | |
| Redhat Enterprise Linux | =8.0 | |
| Debian Debian Linux | =10.0 | |
| Debian Debian Linux | =11.0 | |
| Fedoraproject Fedora | =33 | |
| Fedoraproject Fedora | =34 | |
| Fedoraproject Fedora | =35 | |
| Oracle Mysql Workbench | <=8.0.27 | |
| Netapp Cloud Backup | ||
| redhat/libssh | <0.9.6 | 0.9.6 |
| debian/libssh | 0.8.7-1+deb10u1 0.8.7-1+deb10u2 0.9.7-0+deb11u1 0.9.8-0+deb11u1 0.10.5-2 0.10.6-0+deb12u1 0.10.6-2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://security-tracker.debian.org/tracker/CVE-2021-3634
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3634
- https://www.libssh.org/security/advisories/CVE-2021-3634.txt
- https://git.libssh.org/projects/libssh.git/commit/?id=d3060bc84ed4e160082e819b4d404f76df7c8063
- https://salsa.debian.org/debian/libssh/-/commits/bullseye-security
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=993046
- https://bugzilla.redhat.com/show_bug.cgi?id=1978810
- https://www.debian.org/security/2021/dsa-4965
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVWAAB2XMKEUMPMDALINKAA4U2QM4LNG/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JKYD3ZRAMDAQX3ZW6THHUF3GXN7FF6B4/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DRK67AJCWYYVAGF5SGAHNZXCX3PN3ZFP/
- https://www.oracle.com/security-alerts/cpujan2022.html
- https://security.netapp.com/advisory/ntap-20211004-0003/
- https://security.gentoo.org/glsa/202312-05
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DRK67AJCWYYVAGF5SGAHNZXCX3PN3ZFP/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JKYD3ZRAMDAQX3ZW6THHUF3GXN7FF6B4/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SVWAAB2XMKEUMPMDALINKAA4U2QM4LNG/
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1998139
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1998135
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1998140
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1998136
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1998137
- https://access.redhat.com/errata/RHSA-2022:2031
- https://www.libssh.org/2021/08/26/libssh-0-9-6-security-release/
Frequently Asked Questions
What is CVE-2021-3634?
CVE-2021-3634 is a vulnerability found in libssh in versions prior to 0.9.6.
What is the severity of CVE-2021-3634?
CVE-2021-3634 has a severity level of 6.5 (high).
Is libssh version 0.9.6 affected by CVE-2021-3634?
No, libssh version 0.9.6 is not affected by CVE-2021-3634.
How can I fix CVE-2021-3634 in libssh?
To fix CVE-2021-3634 in libssh, you should upgrade to version 0.9.6 or later.
Where can I find more information about CVE-2021-3634?
You can find more information about CVE-2021-3634 in the following references: [Link 1](https://bugzilla.redhat.com/show_bug.cgi?id=1978810), [Link 2](https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DRK67AJCWYYVAGF5SGAHNZXCX3PN3ZFP/), [Link 3](https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JKYD3ZRAMDAQX3ZW6THHUF3GXN7FF6B4/)
- collector/debian-bugs
- alias/CVE-2021-3634
- collector/nvd-index
- collector/nvd-api
- collector/security-tracker-debian
- agent/author
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/weakness
- agent/remedy
- agent/severity
- agent/references
- collector/redhat-bugzilla
- source/Red Hat
- agent/software-canonical-lookup
- agent/tags
- agent/event
- agent/description
- collector/mitre-cve
- source/MITRE
- vendor/libssh
- canonical/libssh libssh
- version/libssh libssh/0.9.1
- vendor/redhat
- canonical/redhat virtualization
- version/redhat virtualization/4.0
- canonical/redhat enterprise linux
- version/redhat enterprise linux/8.0
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/10.0
- version/debian debian linux/11.0
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/33
- version/fedoraproject fedora/34
- version/fedoraproject fedora/35
- vendor/oracle
- canonical/oracle mysql workbench
- version/oracle mysql workbench/8.0.27
- vendor/netapp
- canonical/netapp cloud backup
- package-manager/debian
- package-manager/redhat