libssh
| Link | package | bugs open | bugs closed | Wiki | GitHub | web search |
| Description | Library for accessing ssh client services through C libraries |
| Version | 0.10.6-2 [extra] |
Resolved
| Group | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|
| AVG-2324 | 0.9.5-1 | 0.9.6-1 | Medium | Fixed | |
| AVG-1130 | 0.9.3-1 | 0.9.4-1 | Medium | Fixed | |
| AVG-780 | 0.8.3-1 | 0.8.4-1 | Critical | Fixed |
| Issue | Group | Severity | Remote | Type | Description |
|---|---|---|---|---|---|
| CVE-2021-3634 | AVG-2324 | Medium | Yes | Arbitrary code execution | A security issue has been found in libssh before version 0.9.6. An attacker can request a rekey with a key exchange algorithm with a digest of a different... |
| CVE-2020-1730 | AVG-1130 | Medium | Yes | Denial of service | A malicious client or server could crash the counterpart implemented with libssh before 0.9.4. When AES-CTR ciphers are used and don't get fully... |
| CVE-2018-10933 | AVG-780 | Critical | Yes | Authentication bypass | An authentication bypass vulnerability has been discovered in libssh versions prior to 0.7.6 and 0.8.4, in the server-side state machine. By presenting the... |
Advisories
| Date | Advisory | Group | Severity | Type |
|---|---|---|---|---|
| 09 Apr 2020 | ASA-202004-11 | AVG-1130 | Medium | denial of service |
| 17 Oct 2018 | ASA-201810-10 | AVG-780 | Critical | authentication bypass |