---

CVE-2021-3634 - log back

CVE-2021-3634 edited at 26 Aug 2021 15:28:45

Notes

Workaround ========== The only temporary workaround is to enable key exchange algorithms with the same digest size, for example for SHA256: + rc = ssh_options_set(s->ssh.session, SSH_OPTIONS_KEY_EXCHANGE, "diffie-hellman-group14-sha256,curve25519-sha256,ecdh-sha2-nistp256"); - rc = ssh_options_set(s->ssh.session, SSH_OPTIONS_KEY_EXCHANGE, - "diffie-hellman-group14-sha256,curve25519-sha256,ecdh-sha2-nistp256");

CVE-2021-3634 edited at 26 Aug 2021 15:28:37
Severity	- Unknown + Medium
Remote	- Unknown + Remote
Type	- Unknown + Arbitrary code execution
Description	+ A security issue has been found in libssh before version 0.9.6. An attacker can request a rekey with a key exchange algorithm with a digest of a different size, causing libssh reading or writing behind the buffer limits.
References	+ https://www.libssh.org/security/advisories/CVE-2021-3634.txt + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35485 + https://git.libssh.org/projects/libssh.git/commit/?id=d3060bc84ed4e160082e819b4d404f76df7c8063
Notes	+ Workaround + ========== + + The only temporary workaround is to enable key exchange algorithms with the same digest size, for example for SHA256: + + rc = ssh_options_set(s->ssh.session, SSH_OPTIONS_KEY_EXCHANGE, + "diffie-hellman-group14-sha256,curve25519-sha256,ecdh-sha2-nistp256");

CVE-2021-3634 created at 26 Aug 2021 15:24:15