QwikSec

Security Database

CVE

CWE

Training

CVE-2015-3146

Published: Apr 13, 2016

Modified: Aug 6, 2024

PUBLISHED

Description

The (1) SSH_MSG_NEWKEYS and (2) SSH_MSG_KEXDH_REPLY packet handlers in package_cb.c in libssh before 0.6.5 do not properly validate state, which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted SSH packet.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vendor-advisory

x_refsource_UBUNTU

FEDORA-2015-10962

vendor-advisory

x_refsource_FEDORA

https://www.libssh.org/security/advisories/CVE-2015-3146.txt

x_refsource_CONFIRM

FEDORA-2015-7590

vendor-advisory

x_refsource_FEDORA

https://www.libssh.org/2015/04/30/libssh-0-6-5-security-and-bugfix-release/

x_refsource_CONFIRM

vendor-advisory

x_refsource_DEBIAN

https://git.libssh.org/projects/libssh.git/commit/?h=libssh-0.6.5&id=94f6955fbaee6fda9385a23e505497efe21f5b4f

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.