libssh: Possible heap-buffer overflow when rekeying (CVE-2021-3634)

[Marco Benatto <mbenatto () redhat com>]

Hello all,

a new vulnerability was made public today for libssh. It involves a
possible heap-buffer overflow when rekeying and had CVE-2021-3634
assigned to it.

Vulnerability summary:

"A malicious attacker can request rekey with key exchange algorithm
with digest of different size, causing libssh reading or writing
behind the buffer limits."

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L/ (5.3)

You can find more detailed information regarding this issue on
libssh's security advisory:
https://www.libssh.org/security/advisories/CVE-2021-3634.txt
https://www.libssh.org/2021/08/26/libssh-0-9-6-security-release/

Thanks,

Marco Benatto
Red Hat Product Security
secalert () redhat com for urgent response