CVSS: 4.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-6004 – Libssh: proxycommand/proxyjump features allow injection of malicious code through hostname
https://notcve.org/view.php?id=CVE-2023-6004
28 Dec 2023 — A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit unchecked hostname syntax on the client. This issue may allow an attacker to inject malicious code into the command of the features mentioned through the hostname parameter. Se encontró una falla en libssh. Al utilizar la función ProxyCommand o ProxyJump, los usuarios pueden explotar la sintaxis del hostname no verificada en el cliente. • https://access.redhat.com/errata/RHSA-2024:2504 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 9.8EPSS: 66%CPEs: 79EXPL: 5CVE-2023-48795 – ssh: Prefix truncation attack on Binary Packet Protocol (BPP)
https://notcve.org/view.php?id=CVE-2023-48795
18 Dec 2023 — The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phas... • https://packetstorm.news/files/id/176280 • CWE-222: Truncation of Security-relevant Information CWE-354: Improper Validation of Integrity Check Value •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-3603 – Processing sftp server read may cause null dereference
https://notcve.org/view.php?id=CVE-2023-3603
21 Jul 2023 — A missing allocation check in sftp server processing read requests may cause a NULL dereference on low-memory conditions. The malicious client can request up to 4GB SFTP reads, causing allocation of up to 4GB buffers, which was not being checked for failure. This will likely crash the authenticated user's sftp server connection (if implemented as forking as recommended). For thread-based servers, this might also cause DoS for legitimate users. Given this code is not in any released versions, no security rel... • https://access.redhat.com/security/cve/CVE-2023-3603 • CWE-476: NULL Pointer Dereference •
CVSS: 5.3EPSS: 0%CPEs: 9EXPL: 0CVE-2020-1730 – libssh: denial of service when handling AES-CTR (or DES) ciphers
https://notcve.org/view.php?id=CVE-2020-1730
09 Apr 2020 — A flaw was found in libssh versions before 0.8.9 and before 0.9.4 in the way it handled AES-CTR (or DES ciphers if enabled) ciphers. The server or client could crash when the connection hasn't been fully initialized and the system tries to cleanup the ciphers when closing the connection. The biggest threat from this vulnerability is system availability. Se detectó un fallo en libssh versiones anteriores a 0.8.9 y versiones anteriores a 0.9.4, en la manera en que se manejaron los cifrados AES-CTR (o DES si e... • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1730 • CWE-476: NULL Pointer Dereference •
CVSS: 9.3EPSS: 1%CPEs: 11EXPL: 0CVE-2019-14889 – libssh: unsanitized location in scp could lead to unwanted command execution
https://notcve.org/view.php?id=CVE-2019-14889
10 Dec 2019 — A flaw was found with the libssh API function ssh_scp_new() in versions before 0.9.3 and before 0.8.8. When the libssh SCP client connects to a server, the scp command, which includes a user-provided path, is executed on the server-side. In case the library is used in a way where users can influence the third parameter of the function, it would become possible for an attacker to inject arbitrary commands, leading to a compromise of the remote target. Se detectó un fallo con la función ssh_scp_new() de la AP... • http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00033.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.1EPSS: 79%CPEs: 15EXPL: 42CVE-2018-10933 – libSSH - Authentication Bypass
https://notcve.org/view.php?id=CVE-2018-10933
17 Oct 2018 — A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. A malicious client could create channels without first performing authentication, resulting in unauthorized access. Se ha detectado una vulnerabilidad en la máquina de estado del lado del servidor de libssh en versiones anteriores a la 0.7.6 y 0.8.4. Un cliente malicioso podría crear canales sin realizar antes la autenticación, lo que resulta en un acceso no autorizado. Peter Winter-Smith of NCC Group discovered... • https://packetstorm.news/files/id/181227 • CWE-287: Improper Authentication CWE-592: DEPRECATED: Authentication Bypass Issues •