CVE-2010-4755 — Openssh vulnerability

5 documents5 sources

Severity

4.0MEDIUMNVD

CNA7.8

EPSS

0.1%

top 64.91%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openbsd Openssh Freebsd Netbsd +1 more

Timeline

PublishedMar 2

Latest updateMay 17

Description

The (1) remote_glob function in sftp-glob.c and the (2) process_put function in sftp.c in OpenSSH 5.8 and earlier, as used in FreeBSD 7.3 and 8.1, NetBSD 5.0.2, OpenBSD 4.7, and other products, allow remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in SSH_FXP_STAT requests to an sftp daemon, a different vulnerability than CVE-2010-2632.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 8.0 | Impact: 2.9

Affected Packages2 packages

▶NVDopenbsd/openssh5.8+79

▶NVDopenbsd/openbsd4.7

Also affects: Netbsd 5.0.2, Freebsd 7.3, 8.1

Patches

Patch: cvsweb.netbsd.org ↗Patch: cvsweb.netbsd.org ↗Patch: cvsweb.netbsd.org ↗

🔴Vulnerability Details

GHSA

GHSA-r3f6-ghj9-9mqf: The (1) remote_glob function in sftp-glob↗2022-05-17

▶

CVEList

CVE-2010-4755: The (1) remote_glob function in sftp-glob↗2011-03-02

▶

📋Vendor Advisories

Red Hat

openssh: remote DoS in sftp via crafted glob expressions↗2011-01-03

▶

💬Community

Bugzilla

CVE-2010-4755 openssh: remote DoS in sftp via crafted glob expressions↗2011-03-02

▶