Vulnerabilities > Libssh > Libssh > 0.4.7

DATE CVE VULNERABILITY TITLE RISK
2023-12-18 CVE-2023-48795 Improper Validation of Integrity Check Value vulnerability in multiple products
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. 		5.9
5.9
2019-12-10 CVE-2019-14889 OS Command Injection vulnerability in multiple products
A flaw was found with the libssh API function ssh_scp_new() in versions before 0.9.3 and before 0.8.8. 		8.8
8.8
2016-04-13 CVE-2016-0739 Information Exposure vulnerability in multiple products
libssh before 0.7.3 improperly truncates ephemeral secrets generated for the (1) diffie-hellman-group1 and (2) diffie-hellman-group14 key exchange methods to 128 bits, which makes it easier for man-in-the-middle attackers to decrypt or intercept SSH sessions via unspecified vectors, aka a "bits/bytes confusion bug." 		4.3
4.3
2016-04-13 CVE-2015-3146 Denial of Service vulnerability in libssh
The (1) SSH_MSG_NEWKEYS and (2) SSH_MSG_KEXDH_REPLY packet handlers in package_cb.c in libssh before 0.6.5 do not properly validate state, which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted SSH packet.
network
low complexity
libssh canonical debian fedoraproject
5.0
5.0
2014-03-14 CVE-2014-0017 Cryptographic Issues vulnerability in Libssh
The RAND_bytes function in libssh before 0.6.3, when forking is enabled, does not properly reset the state of the OpenSSL pseudo-random number generator (PRNG), which causes the state to be shared between children processes and allows local users to obtain sensitive information by leveraging a pid collision.
local
libssh CWE-310
1.9
1.9
2013-02-05 CVE-2013-0176 Resource Management Errors vulnerability in Libssh
The publickey_from_privatekey function in libssh before 0.5.4, when no algorithm is matched during negotiations, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a "Client: Diffie-Hellman Key Exchange Init" packet.
network
libssh CWE-399
4.3
4.3
2012-11-30 CVE-2012-6063 Resource Management Errors vulnerability in Libssh
Double free vulnerability in the sftp_mkdir function in sftp.c in libssh before 0.5.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors, a different vector than CVE-2012-4559.
network
low complexity
libssh CWE-399
7.5
7.5
2012-11-30 CVE-2012-4562 Numeric Errors vulnerability in Libssh
Multiple integer overflows in libssh before 0.5.3 allow remote attackers to cause a denial of service (infinite loop or crash) and possibly execute arbitrary code via unspecified vectors, which triggers a buffer overflow, infinite loop, or possibly some other unspecified vulnerabilities.
network
low complexity
libssh CWE-189
7.5
7.5
2012-11-30 CVE-2012-4561 Buffer Overflow and Denial of Service vulnerability in libssh
The (1) publickey_make_dss, (2) publickey_make_rsa, (3) signature_from_string, (4) ssh_do_sign, and (5) ssh_sign_session_id functions in keys.c in libssh before 0.5.3 free "an invalid pointer on an error path," which might allow remote attackers to cause a denial of service (crash) via unspecified vectors.
network
low complexity
libssh
5.0
5.0
2012-11-30 CVE-2012-4560 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Libssh
Multiple buffer overflows in libssh before 0.5.3 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors.
network
low complexity
libssh CWE-119
7.5
7.5