Debian OpenSSH vulnerabilities

CVE-2026-35385 [HIGH] CVE-2026-35385: openssh - In OpenSSH before 10.3, a file downloaded by scp may be installed setuid or setg... In OpenSSH before 10.3, a file downloaded by scp may be installed setuid or setgid, an outcome contrary to some users' expectations, if the download is performed as root with -O (legacy scp protocol) and without -p (preserve mode). Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open

CVE-2026-35414 [MEDIUM] CVE-2026-35414: openssh - OpenSSH before 10.3 mishandles the authorized_keys principals option in uncommon... OpenSSH before 10.3 mishandles the authorized_keys principals option in uncommon scenarios involving a principals list in conjunction with a Certificate Authority that makes certain use of comma characters. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open

CVE-2026-3497 [MEDIUM] CVE-2026-3497: openssh - Vulnerability in the OpenSSH GSSAPI delta included in various Linux distribution... Vulnerability in the OpenSSH GSSAPI delta included in various Linux distributions. This vulnerability affects the GSSAPI patches added by various Linux distributions and does not affect the OpenSSH upstream project itself. The usage of sshpkt_disconnect() on an error, which does not terminate the process, allows an attacker to send an unexpected GSSAPI message type

CVE-2026-35388 [LOW] CVE-2026-35388: openssh - OpenSSH before 10.3 omits connection multiplexing confirmation for proxy-mode mu... OpenSSH before 10.3 omits connection multiplexing confirmation for proxy-mode multiplexing sessions. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open

CVE-2026-35386 [LOW] CVE-2026-35386: openssh - In OpenSSH before 10.3, command execution can occur via shell metacharacters in ... In OpenSSH before 10.3, command execution can occur via shell metacharacters in a username within a command line. This requires a scenario where the username on the command line is untrusted, and also requires a non-default configurations of % in ssh_config. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open

CVE-2026-35387 [LOW] CVE-2026-35387: openssh - OpenSSH before 10.3 can use unintended ECDSA algorithms. Listing of any ECDSA al... OpenSSH before 10.3 can use unintended ECDSA algorithms. Listing of any ECDSA algorithm in PubkeyAcceptedAlgorithms or HostbasedAcceptedAlgorithms is misinterpreted to mean all ECDSA algorithms. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open

CVE-2025-26465 [MEDIUM] CVE-2025-26465: openssh - A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled... A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. For an attack to be considered successful, the attacker needs to manage

CVE-2025-32728 [MEDIUM] CVE-2025-32728: openssh - In sshd in OpenSSH before 10.0, the DisableForwarding directive does not adhere ... In sshd in OpenSSH before 10.0, the DisableForwarding directive does not adhere to the documentation stating that it disables X11 and agent forwarding. Scope: local bookworm: resolved (fixed in 1:9.2p1-2+deb12u6) bullseye: resolved (fixed in 1:8.4p1-5+deb11u5) forky: resolved (fixed in 1:10.0p1-1) sid: resolved (fixed in 1:10.0p1-1) trixie: resolved (fixed in 1:10

CVE-2025-61984 [LOW] CVE-2025-61984: openssh - ssh in OpenSSH before 10.1 allows control characters in usernames that originate... ssh in OpenSSH before 10.1 allows control characters in usernames that originate from certain possibly untrusted sources, potentially leading to code execution when a ProxyCommand is used. The untrusted sources are the command line and %-sequence expansion of a configuration file. (A configuration file that provides a complete literal username is not categorized as a

CVE-2025-26466 [MEDIUM] CVE-2025-26466: openssh - A flaw was found in the OpenSSH package. For each ping packet the SSH server rec... A flaw was found in the OpenSSH package. For each ping packet the SSH server receives, a pong packet is allocated in a memory buffer and stored in a queue of packages. It is only freed when the server/client key exchange has finished. A malicious client may keep sending such packages, leading to an uncontrolled increase in memory consumption on the server side. Co

CVE-2025-61985 [LOW] CVE-2025-61985: openssh - ssh in OpenSSH before 10.1 allows the '\0' character in an ssh:// URI, potential... ssh in OpenSSH before 10.1 allows the '\0' character in an ssh:// URI, potentially leading to code execution when a ProxyCommand is used. Scope: local bookworm: resolved (fixed in 1:9.2p1-2+deb12u8) bullseye: open forky: resolved (fixed in 1:10.1p1-1) sid: resolved (fixed in 1:10.1p1-1) trixie: resolved (fixed in 1:10.0p1-7+deb13u1)

CVE-2024-6387 [HIGH] CVE-2024-6387: openssh - A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd).... A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period. Scope: local bookworm: resolved (fixed in 1:9.2p1-2+deb12u3) bullseye: resolved fork

CVE-2024-7589 [HIGH] CVE-2024-7589: openssh - A signal handler in sshd(8) may call a logging function that is not async-signal... A signal handler in sshd(8) may call a logging function that is not async-signal-safe. The signal handler is invoked when a client does not authenticate within the LoginGraceTime seconds (120 by default). This signal handler executes in the context of the sshd(8)'s privileged code, which is not sandboxed and runs with full root privileges. This issue is another instan

CVE-2024-6409 [HIGH] CVE-2024-6409: openssh - A race condition vulnerability was discovered in how signals are handled by Open... A race condition vulnerability was discovered in how signals are handled by OpenSSH's server (sshd). If a remote attacker does not authenticate within a set time period, then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog(). As a consequence of a successful attac

CVE-2024-39894 [HIGH] CVE-2024-39894: openssh - OpenSSH 9.5 through 9.7 before 9.8 sometimes allows timing attacks against echo-... OpenSSH 9.5 through 9.7 before 9.8 sometimes allows timing attacks against echo-off password entry (e.g., for su and Sudo) because of an ObscureKeystrokeTiming logic error. Similarly, other timing attacks against keystroke entry could occur. Scope: local bookworm: resolved bullseye: resolved forky: resolved (fixed in 1:9.8p1-1) sid: resolved (fixed in 1:9.8p1-1) tri

CVE-2023-28531 [CRITICAL] CVE-2023-28531: openssh - ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the inten... ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints. The earliest affected version is 8.9. Scope: local bookworm: resolved (fixed in 1:9.2p1-2+deb12u2) bullseye: resolved forky: resolved (fixed in 1:9.3p1-1) sid: resolved (fixed in 1:9.3p1-1) trixie: resolved (fixed in 1:9.3p1-1)

CVE-2023-38408 [HIGH] CVE-2023-38408: openssh - The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently t... The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009. Scope: local bookworm: resol

CVE-2023-48795 [MEDIUM] CVE-2023-48795: dropbear - The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH bef... The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabl

CVE-2023-51384 [MEDIUM] CVE-2023-51384: openssh - In ssh-agent in OpenSSH before 9.6, certain destination constraints can be incom... In ssh-agent in OpenSSH before 9.6, certain destination constraints can be incompletely applied. When destination constraints are specified during addition of PKCS#11-hosted private keys, these constraints are only applied to the first key, even if a PKCS#11 token returns multiple keys. Scope: local bookworm: resolved (fixed in 1:9.2p1-2+deb12u2) bullseye: resolve

CVE-2023-51385 [MEDIUM] CVE-2023-51385: openssh - In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or... In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations. For example, an untrusted Git repository can have a submodule with shell metacharacters in a user name or host name. Scope: local bookworm: resolved (fixed in 1:9.2p1-2+deb12u2