oss-sec mailing list archives
libssh: Possible heap-buffer overflow when rekeying (CVE-2021-3634)
From: Marco Benatto <mbenatto () redhat com>
Date: Thu, 26 Aug 2021 11:58:35 -0300
Hello all, a new vulnerability was made public today for libssh. It involves a possible heap-buffer overflow when rekeying and had CVE-2021-3634 assigned to it. Vulnerability summary: "A malicious attacker can request rekey with key exchange algorithm with digest of different size, causing libssh reading or writing behind the buffer limits." CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L/ (5.3) You can find more detailed information regarding this issue on libssh's security advisory: https://www.libssh.org/security/advisories/CVE-2021-3634.txt https://www.libssh.org/2021/08/26/libssh-0-9-6-security-release/ Thanks, Marco Benatto Red Hat Product Security secalert () redhat com for urgent response
Current thread:
- libssh: Possible heap-buffer overflow when rekeying (CVE-2021-3634) Marco Benatto (Aug 26)