CVE-2021-3634 — Out-of-bounds Write in Libssh

CWE-787 — Out-of-bounds Write CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer9 documents9 sources

Severity

6.5MEDIUMNVD

EPSS

0.1%

top 69.42%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Libssh Oracle Mysql Workbench Debian Linux +3 more

Timeline

PublishedAug 31

Latest updateMay 24

Description

A flaw has been found in libssh in versions prior to 0.9.6. The SSH protocol keeps track of two shared secrets during the lifetime of the session. One of them is called secret_hash and the other session_id. Initially, both of them are the same, but after key re-exchange, previous session_id is kept and used as an input to new secret_hash. Historically, both of these buffers had shared length variable, which worked as long as these buffers were same. But the key re-exchange operation can also cha…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages5 packages

▶NVDlibssh/libssh0.9.1 — 0.9.6

▶Debianlibssh/libssh< 0.9.5-1+deb11u1+3

▶CVEListV5libssh/libsshlibssh 0.9.6

▶NVDoracle/mysql_workbench8.0.27

▶NVDredhat/virtualization4.0

Also affects: Debian Linux 10.0, 11.0, Fedora 33, 34, 35, Enterprise Linux 8.0

Patches

Patch: www.oracle.com ↗Patch: www.oracle.com ↗

🔴Vulnerability Details

GHSA

GHSA-4wwm-f449-qwpq: A flaw has been found in libssh in versions prior to 0↗2022-05-24

▶

OSV

CVE-2021-3634: A flaw has been found in libssh in versions prior to 0↗2021-08-31

▶

CVEList

CVE-2021-3634: A flaw has been found in libssh in versions prior to 0↗2021-08-31

▶

📋Vendor Advisories

Oracle

Oracle Oracle MySQL Risk Matrix: Workbench: libssh — CVE-2021-3634↗2022-01-15

▶

Red Hat

libssh: possible heap-based buffer overflow when rekeying↗2021-08-26

▶

Ubuntu

libssh vulnerability↗2021-08-26

▶

Microsoft

▶

Debian

CVE-2021-3634: libssh - A flaw has been found in libssh in versions prior to 0.9.6. The SSH protocol kee...↗2021

▶