Search CVE reports
1 – 10 of 35 results
CVE-2023-6004
Medium priorityA flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit unchecked hostname syntax on the client. This issue may allow an attacker to inject malicious code into the command of the features...
1 affected packages
libssh
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| libssh | — | Fixed | Fixed | Fixed | Fixed |
CVE-2023-6918
Medium priorityA flaw was found in the libssh implements abstract layer for message digest (MD) operations implemented by different supported crypto backends. The return values from these were not properly checked, which could cause low-memory...
1 affected packages
libssh
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| libssh | — | Fixed | Fixed | Fixed | Fixed |
CVE-2023-48795
Medium prioritySome fixes available 22 of 76
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation...
13 affected packages
dropbear, filezilla, golang-go.crypto, libssh, libssh2...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| dropbear | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| filezilla | Fixed | Fixed | Fixed | Not affected | Not affected |
| golang-go.crypto | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| libssh | Not affected | Fixed | Fixed | Not affected | Not affected |
| libssh2 | Not affected | Not affected | Not affected | Not affected | Not affected |
| lxd | Not in release | Not in release | Not affected | Fixed | Fixed |
| openssh | Fixed | Fixed | Fixed | Fixed | Fixed |
| openssh-ssh1 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Not in release |
| paramiko | Fixed | Fixed | Fixed | Needs evaluation | Needs evaluation |
| proftpd-dfsg | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| putty | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| python-asyncssh | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| snapd | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2020-22218
Medium priorityAn issue was discovered in function _libssh2_packet_add in libssh2 1.10.0 allows attackers to access out of bounds memory.
1 affected packages
libssh2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| libssh2 | — | Not affected | Fixed | Fixed | Fixed |
CVE-2023-3603
Medium priorityA missing allocation check in sftp server processing read requests may cause a NULL dereference on low-memory conditions. The malicious client can request up to 4GB SFTP reads, causing allocation of up to 4GB buffers, which was...
1 affected packages
libssh
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| libssh | — | Not affected | Not affected | Not affected | Not affected |
CVE-2023-2283
Medium priorityA vulnerability was found in libssh, where the authentication check of the connecting client can be bypassed in the`pki_verify_data_signature` function in memory allocation problems. This issue may happen if there is insufficient...
1 affected packages
libssh
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| libssh | — | Fixed | Fixed | Not affected | Not affected |
CVE-2023-1667
Medium prioritySome fixes available 6 of 8
A NULL pointer dereference was found In libssh during re-keying with algorithm guessing. This issue may allow an authenticated client to cause a denial of service.
1 affected packages
libssh
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| libssh | Fixed | Fixed | Fixed | Needs evaluation | Ignored |
CVE-2021-3634
Medium priorityA flaw has been found in libssh in versions prior to 0.9.6. The SSH protocol keeps track of two shared secrets during the lifetime of the session. One of them is called secret_hash and the other session_id. Initially, both of them...
1 affected packages
libssh
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| libssh | — | Fixed | Fixed | Not affected | Not affected |
CVE-2020-16135
Medium prioritylibssh 0.9.4 has a NULL pointer dereference in tftpserver.c if ssh_buffer_new returns NULL.
1 affected packages
libssh
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| libssh | — | — | Fixed | Fixed | Fixed |
CVE-2020-1730
Medium priorityA flaw was found in libssh versions before 0.8.9 and before 0.9.4 in the way it handled AES-CTR (or DES ciphers if enabled) ciphers. The server or client could crash when the connection hasn't been fully initialized and the system...
1 affected packages
libssh
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| libssh | — | — | — | Fixed | Not affected |