This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Libssh First view 2013-02-05
Product Libssh Last view 2021-08-31
Version 0.5.3 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:libssh:libssh

Activity : Overall

Related : CVE

  Date Alert Description
6.5 2021-08-31 CVE-2021-3634

A flaw has been found in libssh in versions prior to 0.9.6. The SSH protocol keeps track of two shared secrets during the lifetime of the session. One of them is called secret_hash and the other session_id. Initially, both of them are the same, but after key re-exchange, previous session_id is kept and used as an input to new secret_hash. Historically, both of these buffers had shared length variable, which worked as long as these buffers were same. But the key re-exchange operation can also change the key exchange method, which can be based on hash of different size, eventually creating "secret_hash" of different size than the session_id has. This becomes an issue when the session_id memory is zeroed or when it is used again during second key re-exchange.

5.3 2020-04-13 CVE-2020-1730

A flaw was found in libssh versions before 0.8.9 and before 0.9.4 in the way it handled AES-CTR (or DES ciphers if enabled) ciphers. The server or client could crash when the connection hasn't been fully initialized and the system tries to cleanup the ciphers when closing the connection. The biggest threat from this vulnerability is system availability.

8 2019-12-10 CVE-2019-14889

A flaw was found with the libssh API function ssh_scp_new() in versions before 0.9.3 and before 0.8.8. When the libssh SCP client connects to a server, the scp command, which includes a user-provided path, is executed on the server-side. In case the library is used in a way where users can influence the third parameter of the function, it would become possible for an attacker to inject arbitrary commands, leading to a compromise of the remote target.

9.1 2018-10-17 CVE-2018-10933

A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. A malicious client could create channels without first performing authentication, resulting in unauthorized access.

5.9 2016-04-13 CVE-2016-0739

libssh before 0.7.3 improperly truncates ephemeral secrets generated for the (1) diffie-hellman-group1 and (2) diffie-hellman-group14 key exchange methods to 128 bits, which makes it easier for man-in-the-middle attackers to decrypt or intercept SSH sessions via unspecified vectors, aka a "bits/bytes confusion bug."

7.5 2016-04-13 CVE-2015-3146

The (1) SSH_MSG_NEWKEYS and (2) SSH_MSG_KEXDH_REPLY packet handlers in package_cb.c in libssh before 0.6.5 do not properly validate state, which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted SSH packet.

5 2014-12-28 CVE-2014-8132

Double free vulnerability in the ssh_packet_kexinit function in kex.c in libssh 0.5.x and 0.6.x before 0.6.4 allows remote attackers to cause a denial of service via a crafted kexinit packet.

1.9 2014-03-14 CVE-2014-0017

The RAND_bytes function in libssh before 0.6.3, when forking is enabled, does not properly reset the state of the OpenSSL pseudo-random number generator (PRNG), which causes the state to be shared between children processes and allows local users to obtain sensitive information by leveraging a pid collision.

4.3 2013-02-05 CVE-2013-0176

The publickey_from_privatekey function in libssh before 0.5.4, when no algorithm is matched during negotiations, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a "Client: Diffie-Hellman Key Exchange Init" packet.

CWE : Common Weakness Enumeration

%idName
14% (1) CWE-476 NULL Pointer Dereference
14% (1) CWE-399 Resource Management Errors
14% (1) CWE-310 Cryptographic Issues
14% (1) CWE-287 Improper Authentication
14% (1) CWE-200 Information Exposure
14% (1) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
14% (1) CWE-78 Improper Sanitization of Special Elements used in an OS Command ('O...

SAINT Exploits

Description Link
libssh authentication bypass More info here

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-c08cd808d3.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-6b390ceb36.nasl - Type: ACT_GATHER_INFO
2018-10-22 Name: The remote Fedora host is missing a security update.
File: fedora_2018-bca1c1ab49.nasl - Type: ACT_GATHER_INFO
2018-10-19 Name: The remote Debian host is missing a security update.
File: debian_DLA-1548.nasl - Type: ACT_GATHER_INFO
2018-10-18 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_2383767cd22411e89623a4badb2f4699.nasl - Type: ACT_GATHER_INFO
2018-10-18 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4322.nasl - Type: ACT_GATHER_INFO
2018-10-17 Name: The remote server is vulnerable to an authentication bypass.
File: libssh_0_8_4_remote.nasl - Type: ACT_ATTACK
2018-10-17 Name: The remote server is vulnerable to an authentication bypass.
File: libssh_0_8_4.nasl - Type: ACT_GATHER_INFO
2018-10-17 Name: The remote Slackware host is missing a security update.
File: Slackware_SSA_2018-289-01.nasl - Type: ACT_GATHER_INFO
2016-09-28 Name: The remote device is missing a vendor-supplied security patch.
File: f5_bigip_SOL57255643.nasl - Type: ACT_GATHER_INFO
2016-07-26 Name: An application installed on the remote host is affected by multiple vulnerabi...
File: securitycenter_5_4.nasl - Type: ACT_GATHER_INFO
2016-06-27 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201606-12.nasl - Type: ACT_GATHER_INFO
2016-04-01 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2016-0566.nasl - Type: ACT_GATHER_INFO
2016-03-25 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2016-394.nasl - Type: ACT_GATHER_INFO
2016-03-14 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2016-328.nasl - Type: ACT_GATHER_INFO
2016-03-14 Name: The remote Fedora host is missing a security update.
File: fedora_2016-dc9e8da03c.nasl - Type: ACT_GATHER_INFO
2016-03-07 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_6b3591eae2d211e5a6be5453ed2e2b49.nasl - Type: ACT_GATHER_INFO
2016-03-04 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2016-0625-1.nasl - Type: ACT_GATHER_INFO
2016-03-04 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2016-0622-1.nasl - Type: ACT_GATHER_INFO
2016-03-04 Name: The remote Fedora host is missing a security update.
File: fedora_2016-d9f950c779.nasl - Type: ACT_GATHER_INFO
2016-02-29 Name: The remote Slackware host is missing a security update.
File: Slackware_SSA_2016-057-01.nasl - Type: ACT_GATHER_INFO
2016-02-24 Name: The remote Ubuntu host is missing a security-related patch.
File: ubuntu_USN-2912-1.nasl - Type: ACT_GATHER_INFO
2016-02-24 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-3488.nasl - Type: ACT_GATHER_INFO
2016-02-24 Name: The remote Debian host is missing a security update.
File: debian_DLA-425.nasl - Type: ACT_GATHER_INFO
2015-10-12 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2015-1707-2.nasl - Type: ACT_GATHER_INFO