CVE-2021-3634 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Medium
Remote	Yes
Type	Arbitrary code execution
Description	A security issue has been found in libssh before version 0.9.6. An attacker can request a rekey with a key exchange algorithm with a digest of a different size, causing libssh reading or writing behind the buffer limits.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-2324	libssh	0.9.5-1	0.9.6-1	Medium	Fixed

References
https://www.libssh.org/security/advisories/CVE-2021-3634.txt https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35485 https://git.libssh.org/projects/libssh.git/commit/?id=d3060bc84ed4e160082e819b4d404f76df7c8063

References

https://www.libssh.org/security/advisories/CVE-2021-3634.txt
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35485
https://git.libssh.org/projects/libssh.git/commit/?id=d3060bc84ed4e160082e819b4d404f76df7c8063

Notes
Workaround ========== The only temporary workaround is to enable key exchange algorithms with the same digest size, for example for SHA256: rc = ssh_options_set(s->ssh.session, SSH_OPTIONS_KEY_EXCHANGE, "diffie-hellman-group14-sha256,curve25519-sha256,ecdh-sha2-nistp256");

Notes

Workaround
==========

The only temporary workaround is to enable key exchange algorithms with the same digest size, for example for SHA256:

rc = ssh_options_set(s->ssh.session, SSH_OPTIONS_KEY_EXCHANGE, "diffie-hellman-group14-sha256,curve25519-sha256,ecdh-sha2-nistp256");