Lucene search

K
gentooGentoo FoundationGLSA-202312-16
HistoryDec 28, 2023 - 12:00 a.m.

libssh: Multiple Vulnerabilities

2023-12-2800:00:00
Gentoo Foundation
security.gentoo.org
17
libssh
sshv2
protocol
vulnerabilities
cve
upgrade

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

7.6 High

AI Score

Confidence

Low

0.962 High

EPSS

Percentile

99.5%

Background

libssh is a multiplatform C library implementing the SSHv2 protocol on client and server side.

Description

Multiple vulnerabilities have been discovered in libssh. Please review the CVE identifiers referenced below for details.

Impact

Please review the referenced CVE identifiers for details.

Workaround

There is no known workaround at this time.

Resolution

All libssh users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=net-libs/libssh-0.10.6"
OSVersionArchitecturePackageVersionFilename
Gentooanyallnet-libs/libssh< 0.10.6UNKNOWN

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

7.6 High

AI Score

Confidence

Low

0.962 High

EPSS

Percentile

99.5%