11 matches found
USN-8051-2 libssh vulnerabilities
USN-8051-1 fixed vulnerabilities in libssh. This update provides the corresponding updates for Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. Original advisory details: It was discovered that libssh clients incorrectly handled the key exchange process. A remote attacker could possibly...
PT-2026-20979
Name of the Vulnerable Software and Affected Versions libssh versions prior to 0.11.4-1.1 Description A denial of service condition can occur due to a malformed SFTP message. Recommendations Update to version 0.11.4-1.1 or later...
EulerOS Virtualization 2.13.0 : libssh (EulerOS-SA-2025-2610)
According to the versions of the libssh package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was found in libssh, a library that implements the SSH protocol. When calculating the session ID during the key exchange KEX...
EulerOS 2.0 SP12 : libssh (EulerOS-SA-2025-2363)
According to the versions of the libssh package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the sshkdf function responsible for key derivation...
EulerOS 2.0 SP10 : libssh (EulerOS-SA-2025-2392)
According to the versions of the libssh package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : There's a vulnerability in the libssh package where when a libssh consumer passes in an unexpectedly large input buffer to sshgetfingerprinthash...
CVE-2013-10065
CVE-2013-10065 affects Sysax Multi-Server 6.10 SSHD. A specially crafted SSH key exchange packet can crash the service, causing denial of service. The flaw is triggered by malformed key exchange data, including a non‑standard byte (0x28) replacing the SSH protocol delimiter. Multiple sources (NVD...
CVE-2025-8114
A flaw was found in libssh, a library that implements the SSH protocol. When calculating the session ID during the key exchange KEX process, an allocation failure in cryptographic functions may lead to a NULL pointer dereference. This issue can cause the client or server to crash...
PT-2025-30668
Name of the Vulnerable Software and Affected Versions libssh affected versions not specified Description A flaw exists in libssh, a library implementing the SSH protocol. During the key exchange KEX process, an allocation failure within cryptographic functions can result in a NULL pointer...
CVE-2022-42306
An issue was discovered in Veritas NetBackup through 8.2 and related Veritas products. An attacker with local access can send a crafted packet to pbxexchange during registration and cause a NULL pointer exception, effectively crashing the pbxexchange process...
MGASA-2020-0003 Updated putty packages fix security vulnerabilities
Updated putty package fixes security vulnerabilities: Two separate vulnerabilities affecting the obsolete SSH-1 protocol, both available before host key checking. Vulnerability in all the SSH client tools PuTTY, Plink, PSFTP, and PSCP if a malicious program can impersonate Pageant. Crash in GSSAP...
qpid: crash when redeclaring the exchange with specified alternate_exchange
The SessionAdapter::ExchangeHandlerImpl::checkAlternate function in broker/SessionAdapter.cpp in the C++ Broker component in Apache Qpid before 0.6, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote authenticated users to cause a denial of service NULL pointer...