Описание
A flaw was found in libssh, a library that implements the SSH protocol. When calculating the session ID during the key exchange (KEX) process, an allocation failure in cryptographic functions may lead to a NULL pointer dereference. This issue can cause the client or server to crash.
Отчет
The Red Hat Product Security team has assessed the severity of this vulnerability as Moderate, due to its local attack vector and high complexity of exploitation. Although it requires specific allocation failure scenarios, successful exploitation can result in a crash of SSH clients or servers using libssh. This is caused by a NULL pointer dereference during the calculation of the KEX session ID.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
Платформа | Пакет | Состояние | Рекомендация | Релиз |
---|---|---|---|---|
Red Hat Enterprise Linux 10 | libssh | Fix deferred | ||
Red Hat Enterprise Linux 6 | libssh2 | Not affected | ||
Red Hat Enterprise Linux 7 | libssh2 | Not affected | ||
Red Hat Enterprise Linux 8 | libssh | Fix deferred | ||
Red Hat Enterprise Linux 9 | libssh | Fix deferred | ||
Red Hat OpenShift Container Platform 4 | rhcos | Fix deferred |
Показывать по
Дополнительная информация
Статус:
EPSS
4.7 Medium
CVSS3
Связанные уязвимости
A flaw was found in libssh, a library that implements the SSH protocol. When calculating the session ID during the key exchange (KEX) process, an allocation failure in cryptographic functions may lead to a NULL pointer dereference. This issue can cause the client or server to crash.
A flaw was found in libssh, a library that implements the SSH protocol. When calculating the session ID during the key exchange (KEX) process, an allocation failure in cryptographic functions may lead to a NULL pointer dereference. This issue can cause the client or server to crash.
A flaw was found in libssh, a library that implements the SSH protocol ...
A flaw was found in libssh, a library that implements the SSH protocol. When calculating the session ID during the key exchange (KEX) process, an allocation failure in cryptographic functions may lead to a NULL pointer dereference. This issue can cause the client or server to crash.
EPSS
4.7 Medium
CVSS3