Date: Thu, 26 Aug 2021 11:58:35 -0300 From: Marco Benatto <mbenatto@...hat.com> To: oss-security@...ts.openwall.com Subject: libssh: Possible heap-buffer overflow when rekeying (CVE-2021-3634) Hello all, a new vulnerability was made public today for libssh. It involves a possible heap-buffer overflow when rekeying and had CVE-2021-3634 assigned to it. Vulnerability summary: "A malicious attacker can request rekey with key exchange algorithm with digest of different size, causing libssh reading or writing behind the buffer limits." CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L/ (5.3) You can find more detailed information regarding this issue on libssh's security advisory: https://www.libssh.org/security/advisories/CVE-2021-3634.txt https://www.libssh.org/2021/08/26/libssh-0-9-6-security-release/ Thanks, Marco Benatto Red Hat Product Security secalert@...hat.com for urgent response
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.