Описание
A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. A malicious client could create channels without first performing authentication, resulting in unauthorized access.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 0.8.0~20170825.94fa1e38-1ubuntu0.1 |
| cosmic | released | 0.8.1-1ubuntu0.1 |
| devel | released | 0.8.1-1ubuntu0.1 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was released [0.6.1-0ubuntu3.4]] |
| esm-infra/bionic | not-affected | 0.8.0~20170825.94fa1e38-1ubuntu0.1 |
| esm-infra/xenial | not-affected | 0.6.3-4.3ubuntu0.1 |
| precise/esm | DNE | |
| trusty | released | 0.6.1-0ubuntu3.4 |
| trusty/esm | DNE | trusty was released [0.6.1-0ubuntu3.4] |
| upstream | needs-triage |
Показывать по
EPSS
6.4 Medium
CVSS2
9.1 Critical
CVSS3
Связанные уязвимости
A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. A malicious client could create channels without first performing authentication, resulting in unauthorized access.
A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. A malicious client could create channels without first performing authentication, resulting in unauthorized access.
A vulnerability was found in libssh's server-side state machine before ...
EPSS
6.4 Medium
CVSS2
9.1 Critical
CVSS3