CVE-2018-7750
See a problem?- Source
- https://nvd.nist.gov/vuln/detail/CVE-2018-7750
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-7750.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2018-7750
- Aliases
- Related
- Published
- 2018-03-13T18:29:00Z
- Modified
- 2024-09-11T04:26:32.576891Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
transport.py in the SSH server implementation of Paramiko before 1.17.6, 1.18.x before 1.18.5, 2.0.x before 2.0.8, 2.1.x before 2.1.5, 2.2.x before 2.2.3, 2.3.x before 2.3.2, and 2.4.x before 2.4.1 does not properly check whether authentication is completed before processing other requests, as demonstrated by channel-open. A customized SSH client can simply skip the authentication step.
- References
-
- http://www.securityfocus.com/bid/103713
- https://access.redhat.com/errata/RHSA-2018:0591
- https://access.redhat.com/errata/RHSA-2018:0646
- https://access.redhat.com/errata/RHSA-2018:1124
- https://access.redhat.com/errata/RHSA-2018:1125
- https://access.redhat.com/errata/RHSA-2018:1213
- https://access.redhat.com/errata/RHSA-2018:1274
- https://access.redhat.com/errata/RHSA-2018:1328
- https://access.redhat.com/errata/RHSA-2018:1525
- https://access.redhat.com/errata/RHSA-2018:1972
- https://www.exploit-db.com/exploits/45712/
- https://lists.debian.org/debian-lts-announce/2018/10/msg00018.html
- https://lists.debian.org/debian-lts-announce/2021/12/msg00025.html
- https://github.com/paramiko/paramiko/commit/fa29bd8446c8eab237f5187d28787727b4610516
- https://github.com/paramiko/paramiko/issues/1175
- https://github.com/paramiko/paramiko/blob/master/sites/www/changelog.rst
- https://usn.ubuntu.com/3603-1/
- https://usn.ubuntu.com/3603-2/
- https://security.alpinelinux.org/vuln/CVE-2018-7750
- https://security-tracker.debian.org/tracker/CVE-2018-7750
Affected packages
Alpine:v3.11 / py3-paramiko
Package
- Name
- py3-paramiko
- Purl
- pkg:apk/alpine/py3-paramiko?arch=source
Alpine:v3.12 / py3-paramiko
Package
- Name
- py3-paramiko
- Purl
- pkg:apk/alpine/py3-paramiko?arch=source
Alpine:v3.13 / py3-paramiko
Package
- Name
- py3-paramiko
- Purl
- pkg:apk/alpine/py3-paramiko?arch=source
Alpine:v3.14 / py3-paramiko
Package
- Name
- py3-paramiko
- Purl
- pkg:apk/alpine/py3-paramiko?arch=source
Debian:11 / paramiko
Package
- Name
- paramiko
- Purl
- pkg:deb/debian/paramiko?arch=source
Debian:12 / paramiko
Package
- Name
- paramiko
- Purl
- pkg:deb/debian/paramiko?arch=source
Debian:13 / paramiko
Package
- Name
- paramiko
- Purl
- pkg:deb/debian/paramiko?arch=source
Git / github.com/ansible/ansible
Affected ranges
- Type
- GIT
- Repo
- https://github.com/ansible/ansible
- Events
- Type
- GIT
- Repo
- https://github.com/paramiko/paramiko
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
1.*
1.10.0
1.10.1
1.10.2
1.10.3
1.10.4
1.10.5
1.10.6
1.10.7
1.11.0
1.11.1
1.11.2
1.11.3
1.11.4
1.11.5
1.11.6
1.12.0
1.12.1
1.12.2
1.12.3
1.12.4
1.13.0
1.13.1
1.13.2
1.13.3
1.13.4
1.14.0
1.14.1
1.14.2
1.14.3
1.15.0
1.15.1
1.15.2
1.15.3
1.15.4
1.15.5
1.16.0
1.16.1
1.16.2
1.16.3
1.17.0
1.17.1
1.17.2
1.17.3
1.18.0
1.18.1
1.7.7.1
1.7.7.2
1.8.0
1.8.1
1.9.0
2.*
2.0.0
2.0.1
2.0.2
2.0.3
2.0.4
2.0.5
2.0.6
2.0.7
Other
initial-merge-from-ssh-done
py3-test-parity
release-1.*
release-1.7.4
release-1.7.5
release-1.7.6
v1.*
v1.10.0
v1.10.1
v1.10.2
v1.10.3
v1.10.4
v1.10.5
v1.10.6
v1.10.7
v1.11.0
v1.11.1
v1.11.2
v1.11.3
v1.11.4
v1.11.5
v1.11.6
v1.12.0
v1.12.1
v1.12.2
v1.12.3
v1.12.4
v1.13.0
v1.13.1
v1.13.2
v1.13.3
v1.13.4
v1.14.0
v1.14.1
v1.14.2
v1.14.3
v1.15.0
v1.15.1
v1.15.2
v1.15.3
v1.15.4
v1.15.5
v1.16.0
v1.16.1
v1.16.2
v1.16.3
v1.17.0
v1.17.1
v1.17.2
v1.17.3
v1.18.0
v1.18.1
v1.7.7.1
v1.7.7.2
v1.8.0
v1.8.1
v1.9.0