DSA-3487-1 libssh2 -- libssh2ID: oval:org.secpod.oval:def:602380 | Date: (C)2016-03-02 (M)2023-07-28 |
Class: PATCH | Family: unix |
Andreas Schneider reported that libssh2, a SSH2 client-side library, passes the number of bytes to a function that expects number of bits during the SSHv2 handshake when libssh2 is to get a suitable value for "group order" in the Diffie-Hellman negotiation. This weakens significantly the handshake security, potentially allowing an eavesdropper with enough resources to decrypt or intercept SSH sessions.
Platform: |
Debian 8.x |
Debian 7.x |