SUSE CVE-2023-2283

A vulnerability was found in libssh, where the authentication check of the connecting client can be bypassed in thepkiverifydatasignature function in memory allocation problems. This issue may happen if there is insufficient memory or the memory usage is limited. The problem is caused by the retu...

CVE-2023-2283

A vulnerability was found in libssh, where the authentication check of the connecting client can be bypassed in thepkiverifydatasignature function in memory allocation problems. This issue may happen if there is insufficient memory or the memory usage is limited. The problem is caused by the retu...

UBUNTU-CVE-2023-2283

A vulnerability was found in libssh, where the authentication check of the connecting client can be bypassed in thepkiverifydatasignature function in memory allocation problems. This issue may happen if there is insufficient memory or the memory usage is limited. The problem is caused by the retu...

UBUNTU-CVE-2023-1667

A NULL pointer dereference was found In libssh during re-keying with algorithm guessing. This issue may allow an authenticated client to cause a denial of service...

CVE-2023-1667

A NULL pointer dereference was found In libssh during re-keying with algorithm guessing. This issue may allow an authenticated client to cause a denial of service...

CVE-2023-2283

A vulnerability was found in libssh, where the authentication check of the connecting client can be bypassed in thepkiverifydatasignature function in memory allocation problems. This issue may happen if there is insufficient memory or the memory usage is limited. The problem is caused by the retu...

Slackware: Security Advisory (SSA:2023-124-01)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[slackware-security] libssh

New libssh packages are available for Slackware 14.2, 15.0, and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/libssh-0.10.5-i586-1slack15.0.txz: Upgraded. This update fixes security issues: A NULL dereference during rekeying with algorit...

Slackware Linux 14.2 / 15.0 / current libssh Multiple Vulnerabilities (SSA:2023-124-01)

The version of libssh installed on the remote host is prior to 0.10.5. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2023-124-01 advisory. - A vulnerability was found in libssh, where the authentication check of the connecting client can be bypassed in...

PT-2023-4889 · Libssh +9 · Libssh +9

Name of the Vulnerable Software and Affected Versions: libssh versions 0.9.6 through 0.10.4 Description: A vulnerability in the pki verify data signature function of the libssh library for client authentication is related to shortcomings in the authentication procedure. This issue may allow a...

PT-2023-3584 · Libssh +10 · Libssh +10

Name of the Vulnerable Software and Affected Versions: libssh affected versions not specified Description: A NULL pointer dereference was found in libssh during re-keying with algorithm guessing. This issue may allow an authenticated client to cause a denial of service. The vulnerability is relat...

Debian: Security Advisory (DLA-425-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

K52868493: libssh vulnerability CVE-2018-10933

Security Advisory Description A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. A malicious client could create channels without first performing authentication, resulting in unauthorized access. CVE-2018-10933 Impact There is no impact. F5 products...

K05295501: libssh vulnerability CVE-2020-1730

Security Advisory Description A flaw was found in libssh versions before 0.8.9 and before 0.9.4 in the way it handled AES-CTR or DES ciphers if enabled ciphers. The server or client could crash when the connection hasn't been fully initialized and the system tries to cleanup the ciphers when...

K57255643: libssh vulnerability CVE-2016-0739

Security Advisory Description libssh before 0.7.3 improperly truncates ephemeral secrets generated for the 1 diffie-hellman-group1 and 2 diffie-hellman-group14 key exchange methods to 128 bits, which makes it easier for man-in-the-middle attackers to decrypt or intercept SSH sessions via...

SUSE CVE-2012-4559

Multiple double free vulnerabilities in the 1 agentsigndata function in agent.c, 2 channelrequest function in channels.c, 3 sshuserauthpubkey function in auth.c, 4 sftpparseattr3 function in sftp.c, and 5 trypublickeyfromfile function in keyfiles.c in libssh before 0.5.3 allow remote attackers to...

SUSE CVE-2012-4562

Multiple integer overflows in libssh before 0.5.3 allow remote attackers to cause a denial of service infinite loop or crash and possibly execute arbitrary code via unspecified vectors, which triggers a buffer overflow, infinite loop, or possibly some other unspecified vulnerabilities...

SUSE CVE-2012-4560

Multiple buffer overflows in libssh before 0.5.3 allow remote attackers to cause a denial of service crash or possibly execute arbitrary code via unspecified vectors...

SUSE CVE-2012-4561

The 1 publickeymakedss, 2 publickeymakersa, 3 signaturefromstring, 4 sshdosign, and 5 sshsignsessionid functions in keys.c in libssh before 0.5.3 free "an invalid pointer on an error path," which might allow remote attackers to cause a denial of service crash via unspecified vectors...

SUSE CVE-2013-0176

The publickeyfromprivatekey function in libssh before 0.5.4, when no algorithm is matched during negotiations, allows remote attackers to cause a denial of service NULL pointer dereference and crash via a "Client: Diffie-Hellman Key Exchange Init" packet...