VulnerableCode Package Details - pkg:deb/debian/libssh@0.9.5-1%2Bdeb11u1

Search for packages

Package details: pkg:deb/debian/libssh@0.9.5-1%2Bdeb11u1

Essentials
History (0)

purl	pkg:deb/debian/libssh@0.9.5-1%2Bdeb11u1
Tags	Ghost

Next non-vulnerable version	0.9.8-0+deb11u1
Latest non-vulnerable version	0.9.8-0+deb11u1
Risk	3.0

Vulnerabilities affecting this package (2)

Vulnerability	Summary	Fixed by
VCID-k3xa-q7wv-aaar Aliases: CVE-2023-2283	A vulnerability was found in libssh, where the authentication check of the connecting client can be bypassed in the`pki_verify_data_signature` function in memory allocation problems. This issue may happen if there is insufficient memory or the memory usage is limited. The problem is caused by the return value `rc,` which is initialized to SSH_ERROR and later rewritten to save the return value of the function call `pki_key_check_hash_compatible.` The value of the variable is not changed between this point and the cryptographic verification. Therefore any error between them calls `goto error` returning SSH_OK.	0.9.7-0+deb11u1 Affected by 0 other vulnerabilities. 0.9.8-0+deb11u1 Affected by 0 other vulnerabilities.
VCID-ubs2-4r7j-aaaq Aliases: CVE-2023-1667	A NULL pointer dereference was found In libssh during re-keying with algorithm guessing. This issue may allow an authenticated client to cause a denial of service.	0.9.7-0+deb11u1 Affected by 0 other vulnerabilities. 0.9.8-0+deb11u1 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-k3xa-q7wv-aaar
Aliases:
CVE-2023-2283

A vulnerability was found in libssh, where the authentication check of the connecting client can be bypassed in the`pki_verify_data_signature` function in memory allocation problems. This issue may happen if there is insufficient memory or the memory usage is limited. The problem is caused by the return value `rc,` which is initialized to SSH_ERROR and later rewritten to save the return value of the function call `pki_key_check_hash_compatible.` The value of the variable is not changed between this point and the cryptographic verification. Therefore any error between them calls `goto error` returning SSH_OK.

0.9.7-0+deb11u1
Affected by 0 other vulnerabilities.

0.9.8-0+deb11u1
Affected by 0 other vulnerabilities.

VCID-ubs2-4r7j-aaaq
Aliases:
CVE-2023-1667

A NULL pointer dereference was found In libssh during re-keying with algorithm guessing. This issue may allow an authenticated client to cause a denial of service.

0.9.7-0+deb11u1
Affected by 0 other vulnerabilities.

0.9.8-0+deb11u1
Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version