DEBIAN-CVE-2018-7750

Source
https://security-tracker.debian.org/tracker/CVE-2018-7750
Import Source
https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2018-7750.json
JSON Data
https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2018-7750
Upstream
Published
2018-03-13T18:29:00Z
Modified
2025-09-19T06:15:12Z
Summary
[none]
Details

transport.py in the SSH server implementation of Paramiko before 1.17.6, 1.18.x before 1.18.5, 2.0.x before 2.0.8, 2.1.x before 2.1.5, 2.2.x before 2.2.3, 2.3.x before 2.3.2, and 2.4.x before 2.4.1 does not properly check whether authentication is completed before processing other requests, as demonstrated by channel-open. A customized SSH client can simply skip the authentication step.

References

Affected packages

Debian:11 / paramiko

Package

Name
paramiko
Purl
pkg:deb/debian/paramiko?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.4.2-0.1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / paramiko

Package

Name
paramiko
Purl
pkg:deb/debian/paramiko?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.4.2-0.1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / paramiko

Package

Name
paramiko
Purl
pkg:deb/debian/paramiko?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.4.2-0.1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:14 / paramiko

Package

Name
paramiko
Purl
pkg:deb/debian/paramiko?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.4.2-0.1

Ecosystem specific

{
    "urgency": "not yet assigned"
}