Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
libssh libssh vulnerabilities and exploits
(subscribe to this query)
1.9
CVSSv2
CVE-2014-0017
The RAND_bytes function in libssh prior to 0.6.3, when forking is enabled, does not properly reset the state of the OpenSSL pseudo-random number generator (PRNG), which causes the state to be shared between children processes and allows local users to obtain sensitive information...
Libssh Libssh 0.6.1
Libssh Libssh 0.5.5
Libssh Libssh 0.5.3
Libssh Libssh 0.5.4
Libssh Libssh 0.6.0
Libssh Libssh
Libssh Libssh 0.5.1
Libssh Libssh 0.5.2
Libssh Libssh 0.4.7
Libssh Libssh 0.4.8
Libssh Libssh 0.5.0
4.3
CVSSv2
CVE-2013-0176
The publickey_from_privatekey function in libssh prior to 0.5.4, when no algorithm is matched during negotiations, allows remote malicious users to cause a denial of service (NULL pointer dereference and crash) via a "Client: Diffie-Hellman Key Exchange Init" packet.
Libssh Libssh 0.4.8
Libssh Libssh 0.4.7
Libssh Libssh 0.5.0
Libssh Libssh
Libssh Libssh 0.5.1
Libssh Libssh 0.5.2
7.5
CVSSv2
CVE-2012-6063
Double free vulnerability in the sftp_mkdir function in sftp.c in libssh prior to 0.5.3 allows remote malicious users to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors, a different vector than CVE-2012-4559.
Libssh Libssh 0.5.0
Libssh Libssh 0.4.8
Libssh Libssh 0.5.1
Libssh Libssh
Libssh Libssh 0.4.7
6.8
CVSSv2
CVE-2012-4559
Multiple double free vulnerabilities in the (1) agent_sign_data function in agent.c, (2) channel_request function in channels.c, (3) ssh_userauth_pubkey function in auth.c, (4) sftp_parse_attr_3 function in sftp.c, and (5) try_publickey_from_file function in keyfiles.c in libssh ...
Libssh Libssh
Libssh Libssh 0.4.7
Libssh Libssh 0.5.0
Libssh Libssh 0.4.8
Libssh Libssh 0.5.1
7.5
CVSSv2
CVE-2012-4560
Multiple buffer overflows in libssh prior to 0.5.3 allow remote malicious users to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors.
Libssh Libssh
Libssh Libssh 0.5.1
Libssh Libssh 0.4.8
Libssh Libssh 0.4.7
Libssh Libssh 0.5.0
5
CVSSv2
CVE-2012-4561
The (1) publickey_make_dss, (2) publickey_make_rsa, (3) signature_from_string, (4) ssh_do_sign, and (5) ssh_sign_session_id functions in keys.c in libssh prior to 0.5.3 free "an invalid pointer on an error path," which might allow remote malicious users to cause a denia...
Libssh Libssh 0.4.8
Libssh Libssh 0.4.7
Libssh Libssh 0.5.0
Libssh Libssh
Libssh Libssh 0.5.1
7.5
CVSSv2
CVE-2012-4562
Multiple integer overflows in libssh prior to 0.5.3 allow remote malicious users to cause a denial of service (infinite loop or crash) and possibly execute arbitrary code via unspecified vectors, which triggers a buffer overflow, infinite loop, or possibly some other unspecified ...
Libssh Libssh 0.5.1
Libssh Libssh 0.5.0
Libssh Libssh
Libssh Libssh 0.4.8
Libssh Libssh 0.4.7
5
CVSSv2
CVE-2014-8132
Double free vulnerability in the ssh_packet_kexinit function in kex.c in libssh 0.5.x and 0.6.x prior to 0.6.4 allows remote malicious users to cause a denial of service via a crafted kexinit packet.
Libssh Libssh 0.6.0
Libssh Libssh 0.6.1
Libssh Libssh 0.5.4
Libssh Libssh 0.5.5
Libssh Libssh 0.5.0
Libssh Libssh 0.6.2
Libssh Libssh 0.6.3
Libssh Libssh 0.5.2
Libssh Libssh 0.5.3
Debian Debian Linux 7.0
Debian Debian Linux 8.0
Opensuse Opensuse 13.1
Opensuse Opensuse 12.3
Opensuse Opensuse 13.2
Fedoraproject Fedora 19
Fedoraproject Fedora 20
Fedoraproject Fedora 21
Canonical Ubuntu Linux 14.10
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 12.04
NA
CVE-2023-3603
A missing allocation check in sftp server processing read requests may cause a NULL dereference on low-memory conditions. The malicious client can request up to 4GB SFTP reads, causing allocation of up to 4GB buffers, which was not being checked for failure. This will likely cras...
Libssh Libssh -
NA
CVE-2023-6004
A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit unchecked hostname syntax on the client. This issue may allow an malicious user to inject malicious code into the command of the features mentioned through the hostname parameter.
Libssh Libssh
Redhat Enterprise Linux 8.0
Redhat Enterprise Linux 9.0
Fedoraproject Fedora 38
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-21111
CVE-2024-32884
IDOR
CVE-2023-1000
CVE-2024-33260
CVE-2024-3682
reflected XSS
race condition
CVE-2024-3400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »