Описание
ssh in OpenSSH before 10.1 allows the '\0' character in an ssh:// URI, potentially leading to code execution when a ProxyCommand is used.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| openssh | fixed | 1:10.1p1-1 | package | |
| openssh | no-dsa | trixie | package | |
| openssh | no-dsa | bookworm | package | |
| openssh | postponed | bullseye | package |
Примечания
https://www.openwall.com/lists/oss-security/2025/10/06/1
EPSS
Связанные уязвимости
ssh in OpenSSH before 10.1 allows the '\0' character in an ssh:// URI, potentially leading to code execution when a ProxyCommand is used.
ssh in OpenSSH before 10.1 allows the '\0' character in an ssh:// URI, potentially leading to code execution when a ProxyCommand is used.
ssh in OpenSSH before 10.1 allows the '\0' character in an ssh:// URI, potentially leading to code execution when a ProxyCommand is used.
ssh in OpenSSH before 10.1 allows the '\0' character in an ssh:// URI, potentially leading to code execution when a ProxyCommand is used.
Уязвимость компонента ProxyCommand средства криптографической защиты OpenSSH, позволяющая нарушителю выполнить произвольный код
EPSS