USN-6585-1: libssh2 vulnerability

Fabian Bäumer, Marcus Brinkmann, Jörg Schwenk discovered that the SSH protocol was vulnerable to a prefix truncation attack. If a remote attacker was able to intercept SSH communications, extension negotiation messages could be truncated, possibly leading to certain algorithms and features being...

Ubuntu 23.10 : libssh2 vulnerability (USN-6585-1)

The remote Ubuntu 23.10 host has packages installed that are affected by a vulnerability as referenced in the USN-6585-1 advisory. Fabian Bumer, Marcus Brinkmann, Jrg Schwenk discovered that the SSH protocol was vulnerable to a prefix truncation attack. If a remote attacker was able to intercept...

K000138219: libssh2 vulnerability CVE-2020-22218

Security Advisory Description An issue was discovered in function libssh2packetadd in libssh2 1.10.0 allows attackers to access out of bounds memory. CVE-2020-22218 Impact An attacker may be able to cause disclosure of information from process memory. Security Advisory Status F5 Product Developme...

F5 Networks BIG-IP : libssh2 vulnerability (K000138219)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.2.2. It is, therefore, affected by a vulnerability as referenced in the K000138219 advisory. An issue was discovered in function libssh2packetadd in libssh2 1.10.0 allows attackers to access out of bounds...

Ubuntu 16.04 ESM / 18.04 ESM : OpenSSH vulnerabilities (USN-6560-2)

The remote Ubuntu 16.04 ESM / 18.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6560-2 advisory. USN-6560-1 fixed several vulnerabilities in OpenSSH. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS...

Important Photon OS Security Update - PHSA-2024-5.0-0188

Updates of 'erlang', 'openssh', 'sqlite', 'libssh2' packages of Photon OS have been released...

Fedora 38 : putty (2024-71c2c6526c)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-71c2c6526c advisory. Security fix for CVE-2023-48795. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus...

Mageia: Security Advisory (MGASA-2024-0002)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Updated libssh2 packages fix a security vulnerability (Terrapin Attack)

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted from the extension negotiation message, and a client and server may consequently end up with a connecti...

MGASA-2024-0002 Updated libssh2 packages fix a security vulnerability (Terrapin Attack)

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted from the extension negotiation message, and a client and server may consequently end up with a connecti...

GLSA-202312-16 : libssh: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202312-16 libssh: Multiple Vulnerabilities - The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are...

OESA-2023-1957 libgit2 security update

libgit2 is a portable, pure C implementation of the Git core methods provided as a re-entrant linkable library with a solid API, allowing you to write native speed custom Git applications in any language which supports C bindings. Security Fixes: libgit2 is a cross-platform, linkable library...

OSV-2023-1343 Heap-buffer-overflow in _libssh2_kex_agree_instr

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=65212 Crash type: Heap-buffer-overflow READ Crash state: libssh2kexagreeinstr libssh2packetadd fullpacket...

PT-2023-35661 · Libssh2 · Libssh2

Name of the Vulnerable Software and Affected Versions: libssh2 affected versions not specified Description: The issue is related to a heap buffer overflow read. Technical details about the crash include the libssh2 kex agree instr and libssh2 packet add functions, as well as the fullpacket state...

CentOS 7 : libssh2 (RHSA-2023:5615)

The remote CentOS Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:5615 advisory. - An issue was discovered in function libssh2packetadd in libssh2 1.10.0 allows attackers to access out of bounds memory. CVE-2020-22218 Note that Nessus has no...

Slackware Linux 14.0 / 14.1 / 14.2 / 15.0 / current proftpd Vulnerability (SSA:2023-354-01)

The version of proftpd installed on the remote host is prior to 1.3.8b. It is, therefore, affected by a vulnerability as referenced in the SSA:2023-354-01 advisory. - The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attacker...

FreeBSD : putty -- add protocol extension against 'Terrapin attack' (91955195-9ebb-11ee-bc14-a703705db3a6)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 91955195-9ebb-11ee-bc14-a703705db3a6 advisory. - The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other...

Ubuntu 20.04 LTS / 22.04 LTS / 23.04 / 23.10 : OpenSSH vulnerabilities (USN-6560-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.04 / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6560-1 advisory. Fabian Bumer, Marcus Brinkmann, Jrg Schwenk discovered that the SSH protocol was vulnerable to a prefix truncation attack. If...

AZL-32201 CVE-2023-48795 affecting package libssh2 for versions less than 1.9.0-4

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted from the extension negotiation message, and a client and server may consequently end up with a connecti...

AZL-34944 CVE-2023-48795 affecting package libssh2 for versions less than 1.11.1-1

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted from the extension negotiation message, and a client and server may consequently end up with a connecti...