rpm package
suse/libssh&distro=SUSE Linux Enterprise Desktop 12
pkg:rpm/suse/libssh&distro=SUSE%20Linux%20Enterprise%20Desktop%2012
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2016-0739 | Med | 5.9 | < 0.6.3-11.1 | 0.6.3-11.1 | Apr 13, 2016 | libssh before 0.7.3 improperly truncates ephemeral secrets generated for the (1) diffie-hellman-group1 and (2) diffie-hellman-group14 key exchange methods to 128 bits, which makes it easier for man-in-the-middle attackers to decrypt or intercept SSH sessions via unspecified vecto | |
| CVE-2015-3146 | Hig | 7.5 | < 0.6.3-8.1 | 0.6.3-8.1 | Apr 13, 2016 | The (1) SSH_MSG_NEWKEYS and (2) SSH_MSG_KEXDH_REPLY packet handlers in package_cb.c in libssh before 0.6.5 do not properly validate state, which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted SSH packet. |
- affected < 0.6.3-11.1fixed 0.6.3-11.1
libssh before 0.7.3 improperly truncates ephemeral secrets generated for the (1) diffie-hellman-group1 and (2) diffie-hellman-group14 key exchange methods to 128 bits, which makes it easier for man-in-the-middle attackers to decrypt or intercept SSH sessions via unspecified vecto
- affected < 0.6.3-8.1fixed 0.6.3-8.1
The (1) SSH_MSG_NEWKEYS and (2) SSH_MSG_KEXDH_REPLY packet handlers in package_cb.c in libssh before 0.6.5 do not properly validate state, which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted SSH packet.