84 matches found
CVE-2025-11625 Host verification bypass and credential leak
Improper host authentication vulnerability in wolfSSH version 1.4.20 and earlier clients that allows authentication bypass and leaking of clients credentials...
wolfSSH 安全漏洞
wolfSSH is a small, fast, and portable SSH implementation of wolfSSL open source, including support for SCP and SFTP. A security vulnerability exists in wolfSSH 1.4.20 and earlier versions that stems from improper host authentication and could lead to authentication bypass and client credential...
wolfSSH 安全漏洞
wolfSSH is a small, fast, portable SSH implementation of wolfSSL open source, including support for SCP and SFTP. A security vulnerability exists in wolfSSH that stems from a possible stack buffer overflow when receiving specially crafted packets, which could lead to the execution of arbitrary co...
EUVD-2022-53348
Malicious code in bioql PyPI...
EUVD-2024-27817
Malicious code in bioql PyPI...
curl: CVE-2025-10966: missing SFTP host verification with wolfSSH
Summary: When curl is built with the wolfSSH backend, the SSH/SFTP implementation in lib/vssh/wolfssh.c performs no server host key verification and exposes no host identity options in the curl tool. I verified this locally by building curl with wolfSSH binary reports wolfssh/1.4.20, observing th...
CVE-2022-32073
WolfSSH v1.4.7 was discovered to contain an integer overflow via the function wolfSSHSFTPRecvRMDIR...
The vulnerability of the SSH library wolfSSH, related to deficiencies in authentication procedures, allows attackers to circumvent existing security restrictions.
The vulnerability of the SSH library wolfSSH is related to deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor to circumvent existing security restrictions remotely...
CVE-2024-2873
A vulnerability was found in wolfSSH's server-side state machine before versions 1.4.17. A malicious client could create channels without first performing user authentication, resulting in unauthorized access...
CVE-2024-2873 User authentication bypass in wolfSSH server
A vulnerability was found in wolfSSH's server-side state machine before versions 1.4.17. A malicious client could create channels without first performing user authentication, resulting in unauthorized access...
CVE-2024-2873 User authentication bypass in wolfSSH server
A vulnerability was found in wolfSSH's server-side state machine before versions 1.4.17. A malicious client could create channels without first performing user authentication, resulting in unauthorized access...
CVE-2024-2873 User authentication bypass in wolfSSH server
A vulnerability was found in wolfSSH's server-side state machine before versions 1.4.17. A malicious client could create channels without first performing user authentication, resulting in unauthorized access...
CVE-2024-2873
CVE-2024-2873 affects wolfSSH’s server-side state machine prior to 1.4.17. A malicious client could create channels without first authenticating, resulting in unauthorized access (confidentiality and integrity impact reported; availability not affected). Affected: wolfSSH versions before 1.4.17. ...
wolfSSH 安全漏洞
wolfSSH is a small, fast, and portable implementation of SSH, including support for SCP and SFTP. A security vulnerability exists in wolfSSH versions prior to 1.4.17. An attacker could use this vulnerability to create a channel without first performing user authentication, which could lead to...
PT-2023-35855 · Wolfssh · Wolfssh
Name of the Vulnerable Software and Affected Versions: wolfSSH affected versions not specified Description: The issue is related to a heap buffer overflow, which can cause a crash. The crash occurs in the wolfSSH shutdown function, specifically when handling a BundlePacket and SendChannelExit...
CVE-2022-32073
WolfSSH v1.4.7 was discovered to contain an integer overflow via the function wolfSSHSFTPRecvRMDIR...
CVE-2022-32073
WolfSSH v1.4.7 was discovered to contain an integer overflow via the function wolfSSHSFTPRecvRMDIR...
Integer overflow
WolfSSH v1.4.7 was discovered to contain an integer overflow via the function wolfSSHSFTPRecvRMDIR...
CVE-2022-32073
WolfSSH v1.4.7 was discovered to contain an integer overflow via the function wolfSSHSFTPRecvRMDIR...
CVE-2022-32073
WolfSSH v1.4.7 was discovered to contain an integer overflow via the function wolfSSHSFTPRecvRMDIR...