[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] libssh: Possible heap-buffer overflow when rekeying (CVE-2021-3634)
From: Marco Benatto <mbenatto () redhat ! com>
Date: 2021-08-26 14:58:35
Message-ID: CAOGQQ2-5630=HhmZbaxWr2bB3vHdzd=FE1hZ2jgCn71hxPZ2WA () mail ! gmail ! com
[Download RAW message or body]
Hello all,
a new vulnerability was made public today for libssh. It involves a
possible heap-buffer overflow when rekeying and had CVE-2021-3634
assigned to it.
Vulnerability summary:
"A malicious attacker can request rekey with key exchange algorithm
with digest of different size, causing libssh reading or writing
behind the buffer limits."
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L/ (5.3)
You can find more detailed information regarding this issue on
libssh's security advisory:
https://www.libssh.org/security/advisories/CVE-2021-3634.txt
https://www.libssh.org/2021/08/26/libssh-0-9-6-security-release/
Thanks,
Marco Benatto
Red Hat Product Security
secalert@redhat.com for urgent response
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic