AZL-68228 CVE-2025-61985 affecting package openssh for versions less than 9.8p1-5

ssh in OpenSSH before 10.1 allows the '\0' character in an ssh:// URI, potentially leading to code execution when a ProxyCommand is used...

PT-2024-4669

Name of the Vulnerable Software and Affected Versions: OpenSSH versions 8.7 and 8.8 Description: A race condition vulnerability was discovered in how signals are handled by OpenSSH's server sshd. If a remote attacker does not authenticate within a set time period, then sshd's SIGALRM handler is...

regreSSHion: Remote Unauthenticated Code Execution Vulnerability in OpenSSH server

The Qualys Threat Research Unit TRU has discovered a Remote Unauthenticated Code Execution RCE vulnerability in OpenSSH’s server sshd in glibc-based Linux systems. CVE assigned to this vulnerability is CVE-2024-6387. The vulnerability, which is a signal handler race condition in OpenSSHs server...

PT-2023-8128

Name of the Vulnerable Software and Affected Versions OpenSSH versions 9.6 and earlier Description The issue is related to a potential row hammer attack that could allow authentication bypass. This is applicable to a certain threat model of attacker-victim co-location in which the attacker has us...

PT-2020-6184

Name of the Vulnerable Software and Affected Versions OpenSSH versions 5.7 through 8.4 Description The client side in OpenSSH has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts...

OpenSSH 'sshd' Challenge Response Authentication Buffer Overflow Vulnerability

OpenSSH sshd with ChallengeResponseAuthentication enabled is prone to a buffer overflow vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

CVE-2002-0640

Buffer overflow in sshd in OpenSSH 2.3.1 through 3.3 may allow remote attackers to execute arbitrary code via a large number of responses during challenge response authentication when OpenBSD is using PAM modules with interactive keyboard authentication PAMAuthenticationViaKbdInt...

CVE-2002-0639

Integer overflow in sshd in OpenSSH 2.9.9 through 3.3 allows remote attackers to execute arbitrary code during challenge response authentication ChallengeResponseAuthentication when OpenSSH is using SKEY or BSDAUTH authentication...

Revised OpenSSH Security Advisory (adv.iss)

This is the 2nd revision of the Advisory. 1. Versions affected: Serveral versions of OpenSSH's sshd between 2.3.1 and 3.3 contain an input validation error that can result in an integer overflow and privilege escalation. All versions between 2.3.1 and 3.3 contain a bug in the...