High severity7.5NVD Advisory· Published Apr 13, 2016· Updated May 6, 2026
CVE-2015-3146
CVE-2015-3146
Description
The (1) SSH_MSG_NEWKEYS and (2) SSH_MSG_KEXDH_REPLY packet handlers in package_cb.c in libssh before 0.6.5 do not properly validate state, which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted SSH packet.
Affected products
8cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*+ 2 more
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
7- www.libssh.org/2015/04/30/libssh-0-6-5-security-and-bugfix-release/nvdVendor Advisory
- www.libssh.org/security/advisories/CVE-2015-3146.txtnvdVendor Advisory
- lists.fedoraproject.org/pipermail/package-announce/2015-July/161802.htmlnvd
- lists.fedoraproject.org/pipermail/package-announce/2015-May/158013.htmlnvd
- www.debian.org/security/2016/dsa-3488nvd
- www.ubuntu.com/usn/USN-2912-1nvd
- git.libssh.org/projects/libssh.git/commit/nvd
News mentions
0No linked articles in our index yet.