Lucene search
K

13 matches found

OSV
OSV
added 2026/06/17 8:17 p.m.35 views

DEBIAN-CVE-2026-55199

libssh2 through 1.11.1, fixed in commit 1762685, contains a pre-authentication denial of service vulnerability in the SSHMSGEXTINFO handler in src/packet.c that allows a malicious SSH server to cause a client CPU exhaustion loop by sending a crafted extension count value. A malicious server can s...

7.5CVSS5.3AI score0.00408EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/06/17 6:44 p.m.11 views

CVE-2026-55199 libssh2 - Pre-Authentication DoS via SSH_MSG_EXT_INFO Handler

libssh2 through 1.11.1, fixed in commit 1762685, contains a pre-authentication denial of service vulnerability in the SSHMSGEXTINFO handler in src/packet.c that allows a malicious SSH server to cause a client CPU exhaustion loop by sending a crafted extension count value. A malicious server can s...

8.2CVSS5.3AI score0.00408EPSS
Exploits1References3
EUVD
EUVD
added 2026/06/17 6:44 p.m.10 views

EUVD-2026-37782

libssh2 through 1.11.1, fixed in commit 1762685, contains a pre-authentication denial of service vulnerability in the SSHMSGEXTINFO handler in src/packet.c that allows a malicious SSH server to cause a client CPU exhaustion loop by sending a crafted extension count value. A malicious server can s...

8.2CVSS5.3AI score0.00408EPSS
Exploits1References3
OSV
OSV
added 2026/06/07 5:10 a.m.13 views

MGASA-2026-0179 Updated golang-x-crypto & golang-x-sys-devel packages fix security vulnerability

fixes a protocol weakness in the golang.org/x/crypto/ssh package that allowed a MITM attacker to compromise the integrity of the secure channel before it was established, allowing them to prevent transmission of a number of messages immediately after the secure channel was established without...

5.9CVSS6.9AI score0.9378EPSS
Exploits4References5
OSV
OSV
added 2024/12/12 6:58 a.m.4 views

USN-7108-2 python-asyncssh vulnerabilities

USN-7108-1 fixed vulnerabilities in AysncSSH. This update provides the corresponding update for Ubuntu 18.04 LTS. Original advisory details: Fabian Bäumer, Marcus Brinkmann, and Jörg Schwenk discovered that AsyncSSH did not properly handle the extension info message. An attacker able to intercept...

6.8CVSS6.7AI score0.00867EPSS
Exploits0References3
OSV
OSV
added 2023/11/14 3:15 a.m.31 views

CVE-2023-46445

An issue in AsyncSSH before 2.14.1 allows attackers to control the extension info message RFC 8308 via a man-in-the-middle attack, aka a "Rogue Extension Negotiation."...

5.9CVSS5.5AI score
Exploits0References8
OSV
OSV
added 2023/11/14 3:15 a.m.3 views

PYSEC-2023-237

An issue in AsyncSSH v2.14.0 and earlier allows attackers to control the extension info message RFC 8308 via a man-in-the-middle attack...

5.9CVSS5.9AI score0.00586EPSS
Exploits0References1
OSV
OSV
added 2023/11/14 3:15 a.m.3 views

UBUNTU-CVE-2023-46445

An issue in AsyncSSH before 2.14.1 allows attackers to control the extension info message RFC 8308 via a man-in-the-middle attack, aka a "Rogue Extension Negotiation."...

5.9CVSS5.8AI score0.00586EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2023/11/14 3:15 a.m.43 views

CVE-2023-46445

An issue in AsyncSSH before 2.14.1 allows attackers to control the extension info message RFC 8308 via a man-in-the-middle attack, aka a "Rogue Extension Negotiation."...

5.9CVSS6.2AI score0.00586EPSS
Exploits0References4
Cvelist
Cvelist
added 2023/11/14 12:0 a.m.39 views

CVE-2023-46445

An issue in AsyncSSH before 2.14.1 allows attackers to control the extension info message RFC 8308 via a man-in-the-middle attack, aka a "Rogue Extension Negotiation."...

5.8AI score0.00586EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2023/11/09 6:34 p.m.38 views

AsyncSSH Rogue Extension Negotiation

Summary An issue in AsyncSSH v2.14.0 and earlier allows attackers to control the extension info message RFC 8308 via a man-in-the-middle attack. Details The rogue extension negotiation attack targets an AsyncSSH client connecting to any SSH server sending an extension info message. The attack...

5.9CVSS7.2AI score0.00586EPSS
Exploits0References11Affected Software1
OSV
OSV
added 2023/11/09 6:34 p.m.4 views

GHSA-CFC2-WR2V-GXM5 AsyncSSH Rogue Extension Negotiation

Summary An issue in AsyncSSH v2.14.0 and earlier allows attackers to control the extension info message RFC 8308 via a man-in-the-middle attack. Details The rogue extension negotiation attack targets an AsyncSSH client connecting to any SSH server sending an extension info message. The attack...

5.3CVSS6.1AI score0.00586EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2023/11/09 12:0 a.m.4 views

PT-2023-9800 · Asyncssh +3 · Asyncssh +3

Name of the Vulnerable Software and Affected Versions: AsyncSSH versions prior to 2.14.1 Description: The issue in AsyncSSH allows attackers to control the extension info message via a man-in-the-middle attack, enabling them to conduct algorithm downgrade attacks during user authentication. This...

6.8CVSS6.5AI score0.9378EPSS
Exploits4References50
Rows per page
Query Builder