CVE-2023-48795

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted from the extension negotiation message, and a client and server may consequently end up with a connecti...

Amazon Linux 2 : openssh (ALAS-2023-2376)

The version of openssh installed on the remote host is prior to 7.4p1-22. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-2376 advisory. AWS is aware of CVE-2023-48795, also known as Terrapin, which is found in the SSH protocol and affects SSH channel integrity. A...

Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by vulnerabilities in libssh2

Summary IBM Flex System Chassis Management Module CMM has addressed the following vulnerabilties in libssh2. Vulnerability Details CVEID: CVE-2019-3863 DESCRIPTION: A flaw was found in libssh2 before 1.8.1. A server could send a multiple keyboard interactive response messages whose total length a...

Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities

Summary IBM QRadar SIEM includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. Additionally, a cross site scripting issue was found. These have been addressed in the update. Vulnerability Details CVEID:CVE-2020-22218 DESCRIPTION: libssh...

The vulnerability of the _libssh2_packet_add function in the libssh2 component of the SSH2 implementation library Libssh2 allows a attacker to cause a service failure.

The vulnerability of the libssh2packetadd function in the libssh2 component of the SSH2 implementation library is related to buffer overflow attacks. Exploiting this vulnerability could allow a malicious actor to cause service failures remotely...

Advisory ROSA-SA-2023-2278

Software: libssh2 1.8.0 OS: rosa-server79 packageevrstring: libssh2-1.8.0-4.res7.1.x8664.rpm CVE-ID: CVE-2020-22218 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: An issue was discovered in the libssh2packetadd function in libssh2 1.10.0 that allows attackers to access external memory. CVE-STATUS: Fixed...

Ubuntu 16.04 ESM : libssh2 vulnerabilities (USN-5308-1)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5308-1 advisory. It was discovered that libssh2 mishandled certain input. If libssh2 were used to connect to a malicious or compromised SSH server, a remote,...

Moderate: Red Hat Security Advisory: libssh2 security update

An update for libssh2 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

libssh2: use-of-uninitialized-value in _libssh2_transport_read

A flaw was found in the libssh2 library. An out-of-bounds access issue can occur due to an improper initialization of a variable, resulting in a crash in the application linked to the library...

libssh2 security update

1.8.0-4.el79.1 - fix use-of-uninitialized-value CVE-2020-22218...

Oracle Linux 7 : libssh2 (ELSA-2023-5615)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-5615 advisory. 1.8.0-4.el79.1 - fix use-of-uninitialized-value CVE-2020-22218 Tenable has extracted the preceding description block directly from the Oracle Linux security...

RHEL 7 : libssh2 (RHSA-2023:5615)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:5615 advisory. The libssh2 packages provide a library that implements the SSH2 protocol. Security Fixes: libssh2: use-of-uninitialized-value in libssh2transportread...

CBL Mariner 2.0 Security Update: libssh2 (CVE-2020-22218)

The version of libssh2 installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2020-22218 advisory. - An issue was discovered in function libssh2packetadd in libssh2 1.10.0 allows attackers to access out of...

CVE-2020-22218 affecting package libssh2 for versions less than 1.9.0-3

CVE-2020-22218 affecting package libssh2 for versions less than 1.9.0-3. A patched version of the package is available...

CLSA-2023-1695835793 libssh2: Fix of CVE-2020-22218

CVE-2020-22218: doing totalnum zero length check...

libssh2: Fix of CVE-2020-22218

CVE-2020-22218: doing totalnum zero length check...

CLSA-2023-1695835423 libssh2: Fix of CVE-2020-22218

CVE-2020-22218: doing totalnum zero length check...

CLSA-2023-1695835334 Fix CVE(s): CVE-2020-22218

SECURITY UPDATE: An issue was discovered in function libssh2packetadd in libssh2 1.10.0 allows attackers to access out of bounds memory. - debian/patches/CVE-2020-22218.patch: doing totalnum zero length check. - CVE-2020-22218...

Important: libssh2

Issue Overview: An issue was discovered in function libssh2packetadd in libssh2 1.10.0 allows attackers to access out of bounds memory. CVE-2020-22218 Affected Packages: libssh2 Issue Correction: Run yum update libssh2 or yum update --advisory ALAS-2023-1834 to update your system. New Packages:...

Amazon Linux AMI : libssh2 (ALAS-2023-1834)

The version of libssh2 installed on the remote host is prior to 1.4.2-3.14. It is, therefore, affected by a vulnerability as referenced in the ALAS-2023-1834 advisory. An issue was discovered in function libssh2packetadd in libssh2 1.10.0 allows attackers to access out of bounds memory...