QwikSec

Security Database

CVE

CWE

Training

CVE-2016-0787

Published: Apr 13, 2016

Modified: Aug 5, 2024

PUBLISHED

Description

The diffie_hellman_sha256 function in kex.c in libssh2 before 1.7.0 improperly truncates secrets to 128 or 256 bits, which makes it easier for man-in-the-middle attackers to decrypt or intercept SSH sessions via unspecified vectors, aka a "bits/bytes confusion bug."

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

FEDORA-2016-215a2219b1

vendor-advisory

x_refsource_FEDORA

https://kc.mcafee.com/corporate/index?page=content&id=SB10156

x_refsource_CONFIRM

http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html

x_refsource_CONFIRM

https://www.libssh2.org/CVE-2016-0787.patch

x_refsource_CONFIRM

https://www.libssh2.org/adv_20160223.html

x_refsource_CONFIRM

https://puppet.com/security/cve/CVE-2016-0787

x_refsource_CONFIRM

FEDORA-2016-7942ee2cc5

vendor-advisory

x_refsource_FEDORA

vendor-advisory

x_refsource_GENTOO

openSUSE-SU-2016:0639

vendor-advisory

x_refsource_SUSE

https://bto.bluecoat.com/security-advisory/sa120

x_refsource_CONFIRM

vendor-advisory

x_refsource_DEBIAN

vdb-entry

x_refsource_BID

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.