Critical severity9.8NVD Advisory· Published Mar 13, 2018· Updated Jun 17, 2026
CVE-2018-7750
CVE-2018-7750
Description
transport.py in the SSH server implementation of Paramiko before 1.17.6, 1.18.x before 1.18.5, 2.0.x before 2.0.8, 2.1.x before 2.1.5, 2.2.x before 2.2.3, 2.3.x before 2.3.2, and 2.4.x before 2.4.1 does not properly check whether authentication is completed before processing other requests, as demonstrated by channel-open. A customized SSH client can simply skip the authentication step.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
paramikoPyPI | >= 2.0.0, < 2.0.8 | 2.0.8 |
paramikoPyPI | >= 2.1.0, < 2.1.5 | 2.1.5 |
paramikoPyPI | >= 2.2.0, < 2.2.3 | 2.2.3 |
paramikoPyPI | >= 2.3.0, < 2.3.2 | 2.3.2 |
paramikoPyPI | >= 2.4.0, < 2.4.1 | 2.4.1 |
paramikoPyPI | >= 1.18.0, < 1.18.5 | 1.18.5 |
paramikoPyPI | < 1.17.6 | 1.17.6 |
Affected products
8- ghsa-coords8 versionspkg:pypi/paramikopkg:rpm/opensuse/python-paramiko&distro=openSUSE%20Tumbleweedpkg:rpm/suse/python-paramiko&distro=SUSE%20Enterprise%20Storage%203pkg:rpm/suse/python-paramiko&distro=SUSE%20Enterprise%20Storage%204pkg:rpm/suse/python-paramiko&distro=SUSE%20Enterprise%20Storage%205pkg:rpm/suse/python-paramiko&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2012pkg:rpm/suse/python-paramiko&distro=SUSE%20OpenStack%20Cloud%206pkg:rpm/suse/python-paramiko&distro=SUSE%20OpenStack%20Cloud%207
>= 2.0.0, < 2.0.8+ 7 more
- (no CPE)range: >= 2.0.0, < 2.0.8
- (no CPE)range: < 2.7.2-3.7
- (no CPE)range: < 1.15.2-2.6.1
- (no CPE)range: < 2.0.8-3.3.1
- (no CPE)range: < 2.0.8-3.3.1
- (no CPE)range: < 1.15.2-2.9.1
- (no CPE)range: < 1.15.2-2.6.1
- (no CPE)range: < 2.0.8-3.3.1
Patches
Vulnerability mechanics
References
27- github.com/paramiko/paramiko/commit/fa29bd8446c8eab237f5187d28787727b4610516nvdPatchThird Party AdvisoryWEB
- www.exploit-db.com/exploits/45712/nvdExploitThird Party AdvisoryVDB Entry
- www.securityfocus.com/bid/103713nvdThird Party AdvisoryVDB EntryWEB
- access.redhat.com/errata/RHSA-2018:0591nvdThird Party AdvisoryWEB
- access.redhat.com/errata/RHSA-2018:0646nvdThird Party AdvisoryWEB
- access.redhat.com/errata/RHSA-2018:1124nvdThird Party AdvisoryWEB
- access.redhat.com/errata/RHSA-2018:1125nvdThird Party AdvisoryWEB
- access.redhat.com/errata/RHSA-2018:1213nvdThird Party AdvisoryWEB
- access.redhat.com/errata/RHSA-2018:1274nvdThird Party AdvisoryWEB
- access.redhat.com/errata/RHSA-2018:1328nvdThird Party AdvisoryWEB
- access.redhat.com/errata/RHSA-2018:1525nvdThird Party AdvisoryWEB
- access.redhat.com/errata/RHSA-2018:1972nvdThird Party AdvisoryWEB
- github.com/advisories/GHSA-232r-66cg-79pxghsaADVISORY
- github.com/paramiko/paramiko/blob/master/sites/www/changelog.rstnvdThird Party AdvisoryWEB
- github.com/paramiko/paramiko/issues/1175nvdIssue TrackingThird Party AdvisoryWEB
- lists.debian.org/debian-lts-announce/2018/10/msg00018.htmlnvdMailing ListThird Party AdvisoryWEB
- lists.debian.org/debian-lts-announce/2021/12/msg00025.htmlnvdMailing ListThird Party AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2018-7750ghsaADVISORY
- usn.ubuntu.com/3603-1/nvdThird Party Advisory
- usn.ubuntu.com/3603-2/nvdThird Party Advisory
- github.com/paramiko/paramiko/blob/e861c7697622774071ce73b46ffe8817eacdedfa/sites/www/changelog.rstghsaWEB
- github.com/paramiko/paramiko/commit/e9dfd854bdaf8af15d7834f7502a0451d217bb8cghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/paramiko/PYSEC-2018-19.yamlghsaWEB
- usn.ubuntu.com/3603-1ghsaWEB
- usn.ubuntu.com/3603-2ghsaWEB
- web.archive.org/web/20190831123128/http://www.securityfocus.com/bid/103713ghsaWEB
- www.exploit-db.com/exploits/45712ghsaWEB
News mentions
0No linked articles in our index yet.