Philip Turnbull discovered that libssh incorrectly handled rekeying with algorithm guessing. A remote attacker could use this issue to cause libssh to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2023-1667)
Kevin Backhouse discovered that libssh incorrectly handled verifying data signatures. A remote attacker could possibly use this issue to bypass authorization. (CVE-2023-2283)
{ "availability": "No subscription required", "binaries": [ { "libssh-dev": "0.9.3-2ubuntu2.3", "libssh-gcrypt-dev": "0.9.3-2ubuntu2.3", "libssh-gcrypt-4-dbgsym": "0.9.3-2ubuntu2.3", "libssh-gcrypt-4": "0.9.3-2ubuntu2.3", "libssh-4-dbgsym": "0.9.3-2ubuntu2.3", "libssh-doc": "0.9.3-2ubuntu2.3", "libssh-4": "0.9.3-2ubuntu2.3" } ] }
{ "availability": "No subscription required", "binaries": [ { "libssh-dev": "0.9.6-2ubuntu0.22.04.1", "libssh-gcrypt-dev": "0.9.6-2ubuntu0.22.04.1", "libssh-gcrypt-4-dbgsym": "0.9.6-2ubuntu0.22.04.1", "libssh-gcrypt-4": "0.9.6-2ubuntu0.22.04.1", "libssh-4-dbgsym": "0.9.6-2ubuntu0.22.04.1", "libssh-doc": "0.9.6-2ubuntu0.22.04.1", "libssh-4": "0.9.6-2ubuntu0.22.04.1" } ] }