CVSS: 6.5EPSS: 0%CPEs: 10EXPL: 0CVE-2021-3634 – libssh: possible heap-based buffer overflow when rekeying
https://notcve.org/view.php?id=CVE-2021-3634
A flaw has been found in libssh in versions prior to 0.9.6. The SSH protocol keeps track of two shared secrets during the lifetime of the session. One of them is called secret_hash and the other session_id. Initially, both of them are the same, but after key re-exchange, previous session_id is kept and used as an input to new secret_hash. Historically, both of these buffers had shared length variable, which worked as long as these buffers were same. • https://bugzilla.redhat.com/show_bug.cgi?id=1978810 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DRK67AJCWYYVAGF5SGAHNZXCX3PN3ZFP https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JKYD3ZRAMDAQX3ZW6THHUF3GXN7FF6B4 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVWAAB2XMKEUMPMDALINKAA4U2QM4LNG https://security.gentoo.org/glsa/202312-05 https://security.netapp.com/advisory/ntap-20211004-0003 https://www&# • CWE-787: Out-of-bounds Write •
CVSS: 5.9EPSS: 0%CPEs: 8EXPL: 1CVE-2020-16135 – libssh: NULL pointer dereference in sftpserver.c if ssh_buffer_new returns NULL
https://notcve.org/view.php?id=CVE-2020-16135
libssh 0.9.4 has a NULL pointer dereference in tftpserver.c if ssh_buffer_new returns NULL. libssh versión 0.9.4, presenta una desreferencia del puntero NULL en el archivo tftpserver.c si la función ssh_buffer_new devuelve NULL A flaw was found in libssh. A NULL pointer dereference in tftpserver.c if ssh_buffer_new returns NULL. • https://bugs.libssh.org/T232 https://bugs.libssh.org/rLIBSSHe631ebb3e2247dd25e9678e6827c20dc73b73238 https://gitlab.com/libssh/libssh-mirror/-/merge_requests/120 https://lists.debian.org/debian-lts-announce/2020/07/msg00034.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FCIKQRKXAAB4HMWM62EPZJ4DVBHIIEG6 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JNW5GBC6JFN76VEWQXMLT5F7VCZ5AJ2E https://security.gentoo.org/glsa/202011-05 https:/ • CWE-476: NULL Pointer Dereference •