GHSA-24FP-5V3P-RVPW Chisel has an ACL Bypass via Post-Handshake SSH Channel ExtraData Injection

Summary Authenticated chisel clients can bypass --authfile ACL restrictions and tunnel traffic to arbitrary destinations reachable from the server. The ACL is enforced only during the initial handshake against declared remotes, but never on subsequent SSH channels that carry actual traffic. A...

CVE-2026-39834

When writing data larger than 4GB in a single Write call on an SSH channel, an integer overflow in the internal payload size calculation caused the write loop to spin indefinitely, sending empty packets without making progress. The size comparison now uses int64 to prevent truncation...

SUSE CVE-2026-39834

When writing data larger than 4GB in a single Write call on an SSH channel, an integer overflow in the internal payload size calculation caused the write loop to spin indefinitely, sending empty packets without making progress. The size comparison now uses int64 to prevent truncation...

CVE-2026-39834 Invoking infinite loop on large channel writes in golang.org/x/crypto/ssh

When writing data larger than 4GB in a single Write call on an SSH channel, an integer overflow in the internal payload size calculation caused the write loop to spin indefinitely, sending empty packets without making progress. The size comparison now uses int64 to prevent truncation...

CVE-2026-39834

CVE-2026-39834 concerns a flaw in golang.org/x/crypto/ssh where writing data larger than 4GB in a single Write on an SSH channel triggers an integer overflow in the internal payload size calculation. The overflow causes the write loop to spin indefinitely, sending empty packets and making no prog...

PT-2026-42713

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description An integer overflow occurs during the internal payload size calculation when writing data exceeding 4GB in a single Write call on an SSH channel. This leads to a...

MGASA-2026-0066 Updated trilead-ssh2 packages fix security vulnerabilities

CVE-2023-48795: Fixed prefix truncation breaking ssh channel integrity aka Terrapin Attack...

Updated trilead-ssh2 packages fix security vulnerabilities

CVE-2023-48795: Fixed prefix truncation breaking ssh channel integrity aka Terrapin Attack...

Siemens SIMATIC S7-1500 Out-of-bounds Write (CVE-2019-3857)

An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way SSHMSGCHANNELREQUEST packets with an exit signal are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects t...

TencentOS Server 3: libssh (TSSA-2024:0056)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0056 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

ssh: Prefix truncation attack on Binary Packet Protocol (BPP)

A flaw was found in the SSH channel integrity. By manipulating sequence numbers during the handshake, an attacker can remove the initial messages on the secure channel without causing a MAC failure. For example, an attacker could disable the ping extension and thus disable the new countermeasure ...

ssh: Prefix truncation attack on Binary Packet Protocol (BPP)

A flaw was found in the SSH channel integrity. By manipulating sequence numbers during the handshake, an attacker can remove the initial messages on the secure channel without causing a MAC failure. For example, an attacker could disable the ping extension and thus disable the new countermeasure ...

SUSE-SU-2024:0974-1 Security update for jsch-agent-proxy

This update for jsch-agent-proxy fixes the following issues: - CVE-2023-48795: Fixed prefix truncation breaking ssh channel integrity aka Terrapin Attack bsc1218198...

ssh: Prefix truncation attack on Binary Packet Protocol (BPP)

A flaw was found in the SSH channel integrity. By manipulating sequence numbers during the handshake, an attacker can remove the initial messages on the secure channel without causing a MAC failure. For example, an attacker could disable the ping extension and thus disable the new countermeasure ...

SUSE-SU-2024:0210-1 Security update for erlang

This update for erlang fixes the following issues: - CVE-2023-48795: Fixed prefix truncation breaking ssh channel integrity aka Terrapin Attack bsc1218192...

Medium: libssh

Issue Overview: AWS is aware of CVE-2023-48795, also known as Terrapin, which is found in the SSH protocol and affects SSH channel integrity. A protocol extension has been introduced by OpenSSH which needs to be applied to both the client and the server in order to address this issue. We recommen...

SUSE-SU-2024:0006-1 Security update for libssh2_org

This update for libssh2org fixes the following issues: - CVE-2023-48795: Fixed prefix truncation breaking ssh channel integrity Terrapin Attack bsc1218127...

SUSE-SU-2023:4904-1 Security update for openssh

This update for openssh fixes the following issues: - CVE-2023-48795: Fixed prefix truncation breaking ssh channel integrity bsc1217950...

SUSE-SU-2023:4903-1 Security update for openssh

This update for openssh fixes the following issues: - CVE-2023-48795: Fixed prefix truncation breaking ssh channel integrity bsc1217950...

CVE-2023-48795

A flaw was found in the SSH channel integrity. By manipulating sequence numbers during the handshake, an attacker can remove the initial messages on the secure channel without causing a MAC failure. For example, an attacker could disable the ping extension and thus disable the new countermeasure ...