The publickey_from_privatekey function in libssh prior to 0.5.4, when no algorithm is matched during negotiations, allows remote malicious users to cause a denial of service (NULL pointer dereference and crash) via a "Client: Diffie-Hellman Key Exchange Init" packet.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
libssh libssh 0.4.8 |
||
libssh libssh 0.4.7 |
||
libssh libssh 0.5.0 |
||
libssh libssh |
||
libssh libssh 0.5.1 |
||
libssh libssh 0.5.2 |