CVE-2021-3634

Source
https://nvd.nist.gov/vuln/detail/CVE-2021-3634
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-3634.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-3634
Related
Published
2021-08-31T17:15:08Z
Modified
2024-10-12T07:52:55.400978Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

A flaw has been found in libssh in versions prior to 0.9.6. The SSH protocol keeps track of two shared secrets during the lifetime of the session. One of them is called secrethash and the other sessionid. Initially, both of them are the same, but after key re-exchange, previous sessionid is kept and used as an input to new secrethash. Historically, both of these buffers had shared length variable, which worked as long as these buffers were same. But the key re-exchange operation can also change the key exchange method, which can be based on hash of different size, eventually creating "secrethash" of different size than the sessionid has. This becomes an issue when the session_id memory is zeroed or when it is used again during second key re-exchange.

References

Affected packages

Debian:11 / libssh

Package

Name
libssh
Purl
pkg:deb/debian/libssh?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.9.5-1+deb11u1

Affected versions

0.*

0.9.5-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / libssh

Package

Name
libssh
Purl
pkg:deb/debian/libssh?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.9.6-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / libssh

Package

Name
libssh
Purl
pkg:deb/debian/libssh?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.9.6-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / gitlab.com/libssh/libssh-mirror

Affected ranges

Type
GIT
Repo
https://gitlab.com/libssh/libssh-mirror
Events

Affected versions

libssh-0.*

libssh-0.9.1
libssh-0.9.2
libssh-0.9.3
libssh-0.9.4
libssh-0.9.5