Описание
libssh before 0.7.3 improperly truncates ephemeral secrets generated for the (1) diffie-hellman-group1 and (2) diffie-hellman-group14 key exchange methods to 128 bits, which makes it easier for man-in-the-middle attackers to decrypt or intercept SSH sessions via unspecified vectors, aka a "bits/bytes confusion bug."
| Релиз | Статус | Примечание |
|---|---|---|
| devel | released | 0.6.3-4.2ubuntu1 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was released [0.6.1-0ubuntu3.3]] |
| esm-infra/xenial | released | 0.6.3-4.2ubuntu1 |
| precise | released | 0.5.2-1ubuntu0.12.04.6 |
| trusty | released | 0.6.1-0ubuntu3.3 |
| trusty/esm | DNE | trusty was released [0.6.1-0ubuntu3.3] |
| upstream | released | 0.7.3 |
| vivid/stable-phone-overlay | DNE | |
| vivid/ubuntu-core | DNE | |
| wily | released | 0.6.3-3ubuntu3.2 |
Показывать по
EPSS
4.3 Medium
CVSS2
5.9 Medium
CVSS3
Связанные уязвимости
libssh before 0.7.3 improperly truncates ephemeral secrets generated for the (1) diffie-hellman-group1 and (2) diffie-hellman-group14 key exchange methods to 128 bits, which makes it easier for man-in-the-middle attackers to decrypt or intercept SSH sessions via unspecified vectors, aka a "bits/bytes confusion bug."
libssh before 0.7.3 improperly truncates ephemeral secrets generated for the (1) diffie-hellman-group1 and (2) diffie-hellman-group14 key exchange methods to 128 bits, which makes it easier for man-in-the-middle attackers to decrypt or intercept SSH sessions via unspecified vectors, aka a "bits/bytes confusion bug."
libssh before 0.7.3 improperly truncates ephemeral secrets generated f ...
EPSS
4.3 Medium
CVSS2
5.9 Medium
CVSS3