14 lines
1.7 KiB
JSON
14 lines
1.7 KiB
JSON
{
|
|
"id": "openEuler-SA-2023-1291",
|
|
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1291",
|
|
"title": "An update for libssh is now available for openEuler-22.03-LTS",
|
|
"severity": "Moderate",
|
|
"description": "The ssh library was designed to be used by programmers needing a working SSH implementation by the mean of a library. The complete control of the client is made by the programmer. With libssh, you can remotely execute programs, transfer files, use a secure and transparent tunnel for your remote programs. With its Secure FTP implementation, you can play with remote files easily, without third-party programs others than libcrypto (from openssl).\r\n\r\nSecurity Fix(es):\r\n\r\nA NULL pointer dereference was found In libssh during re-keying with algorithm guessing. This issue may allow an authenticated client to cause a denial of service.(CVE-2023-1667)\r\n\r\nA vulnerability was found in libssh, where the authentication check of the connecting client can be bypassed in the`pki_verify_data_signature` function in memory allocation problems. This issue may happen if there is insufficient memory or the memory usage is limited. The problem is caused by the return value `rc,` which is initialized to SSH_ERROR and later rewritten to save the return value of the function call `pki_key_check_hash_compatible.` The value of the variable is not changed between this point and the cryptographic verification. Therefore any error between them calls `goto error` returning SSH_OK.(CVE-2023-2283)",
|
|
"cves": [
|
|
{
|
|
"id": "CVE-2023-2283",
|
|
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2283",
|
|
"severity": "Moderate"
|
|
}
|
|
]
|
|
} |