CVE-2015-3146 — NULL Pointer Dereference in Libssh
Severity
7.5HIGHNVD
EPSS
2.8%
top 13.77%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedApr 13
Latest updateMay 17
Description
The (1) SSH_MSG_NEWKEYS and (2) SSH_MSG_KEXDH_REPLY packet handlers in package_cb.c in libssh before 0.6.5 do not properly validate state, which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted SSH packet.
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6
Affected Packages3 packages
Also affects: Debian Linux 7.0, 8.0, Fedora 21, 22, Ubuntu Linux 12.04, 14.04, 15.10
🔴Vulnerability Details
4GHSA▶
GHSA-46jx-xcg7-prj7: The (1) SSH_MSG_NEWKEYS and (2) SSH_MSG_KEXDH_REPLY packet handlers in package_cb↗2022-05-17
OSV▶
CVE-2015-3146: The (1) SSH_MSG_NEWKEYS and (2) SSH_MSG_KEXDH_REPLY packet handlers in package_cb↗2016-04-13
CVEList▶
CVE-2015-3146: The (1) SSH_MSG_NEWKEYS and (2) SSH_MSG_KEXDH_REPLY packet handlers in package_cb↗2016-04-13
📋Vendor Advisories
3💬Community
3Bugzilla▶
CVE-2015-3146 libssh: null pointer dereference due to a logical error in the handling of a SSH_MSG_NEWKEYS and KEXDH_REPLY packets [fedora-all]↗2015-05-04
Bugzilla▶
CVE-2015-3146 libssh: null pointer dereference due to a logical error in the handling of a SSH_MSG_NEWKEYS and KEXDH_REPLY packets [epel-all]↗2015-05-04
Bugzilla▶
CVE-2015-3146 libssh: null pointer dereference due to a logical error in the handling of a SSH_MSG_NEWKEYS and KEXDH_REPLY packets↗2015-04-21