CVE-2021-3634 log

Source
Severity Medium
Remote Yes
Type Arbitrary code execution
Description
A security issue has been found in libssh before version 0.9.6. An attacker can request a rekey with a key exchange algorithm with a digest of a different size, causing libssh reading or writing behind the buffer limits.
Group Package Affected Fixed Severity Status Ticket
AVG-2324 libssh 0.9.5-1 0.9.6-1 Medium Fixed
References
https://www.libssh.org/security/advisories/CVE-2021-3634.txt
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35485
https://git.libssh.org/projects/libssh.git/commit/?id=d3060bc84ed4e160082e819b4d404f76df7c8063
Notes
Workaround
==========

The only temporary workaround is to enable key exchange algorithms with the same digest size, for example for SHA256:

rc = ssh_options_set(s->ssh.session, SSH_OPTIONS_KEY_EXCHANGE, "diffie-hellman-group14-sha256,curve25519-sha256,ecdh-sha2-nistp256");