Description
A flaw was found in the libssh implements abstract layer for message digest (MD) operations implemented by different supported crypto backends. The return values from these were not properly checked, which could cause low-memory situations failures, NULL dereferences, crashes, or usage of the uninitialized memory as an input for the KDF. In this case, non-matching keys will result in decryption/integrity failures, terminating the connection.
CVSS Metrics
- Vector
- CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
- Attack Vector
- network
- Complexity
- high
- Privileges
- none
- User Action
- none
- Scope
- unchanged
- Confidentiality
- none
- Integrity
- none
- Availability
- low
- Weaknesses
- CWE-252CWE-252
Metadata
- Primary Vendor
- LIBSSH
- Published
- 12/19/2023
- Last Modified
- 2/15/2025
- Source
- NIST NVD
- Note: Verify all details with official vendor sources before applying patches.
Affected Products
libssh : libsshlibssh : libsshfedoraproject : fedorafedoraproject : fedoraredhat : enterprise_linuxredhat : enterprise_linux
AI-Powered Remediation
Generate remediation guidance or a C-suite brief for this vulnerability.