High severity7.5NVD Advisory· Published Jun 7, 2018· Updated Jun 17, 2026
CVE-2018-3737
CVE-2018-3737
Description
sshpk is vulnerable to ReDoS when parsing crafted invalid public keys.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
sshpknpm | < 1.13.2 | 1.13.2 |
Affected products
2- Range: Versions up to and including 1.13.1
Patches
Vulnerability mechanics
References
6- hackerone.com/reports/319593nvdExploitThird Party AdvisoryWEB
- github.com/advisories/GHSA-2m39-62fm-q8r3ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2018-3737ghsaADVISORY
- github.com/joyent/node-sshpk/blob/v1.13.1/lib/formats/ssh.jsghsaWEB
- github.com/joyent/node-sshpk/commit/46065d38a5e6d1bccf86d3efb2fb83c14e3f9957ghsaWEB
- www.npmjs.com/advisories/606ghsaWEB
News mentions
0No linked articles in our index yet.