FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-29 07:54:42 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
0b040e24-f751-11e4-b24d-5453ed2e2b49libssh -- null pointer dereference

Andreas Schneider reports:

libssh versions 0.5.1 and above have a logical error in the handling of a SSH_MSG_NEWKEYS and SSH_MSG_KEXDH_REPLY package. A detected error did not set the session into the error state correctly and further processed the packet which leads to a null pointer dereference. This is the packet after the initial key exchange and doesn’t require authentication.

This could be used for a Denial of Service (DoS) attack.


Discovery 2015-04-30
Entry 2015-05-10
libssh
< 0.6.5

CVE-2015-3146
https://www.libssh.org/2015/04/30/libssh-0-6-5-security-and-bugfix-release