Vulnerabilities

CVE-2015-3146

by Fred · 13/04/2016

The (1) SSH_MSG_NEWKEYS and (2) SSH_MSG_KEXDH_REPLY packet handlers in package_cb.c in libssh before 0.6.5 do not properly validate state, which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted SSH packet.

Date published : 2016-04-13

https://git.libssh.org/projects/libssh.git/commit/?h=libssh-0.6.5&id=94f6955fbaee6fda9385a23e505497efe21f5b4f

libssh 0.6.5 (Security and bugfix release)

Similar

Tags: Cybersecurity Alert