[3.4] libssh: bits/bytes confusion resulting in truncated Difffie-Hellman secret length (CVE-2016-0739)ID: oval:org.secpod.oval:def:1800640 | Date: (C)2018-03-28 (M)2022-09-22 |
Class: PATCH | Family: unix |
libssh versions 0.1 and above have a bits/bytes confusion bug and generate an anormaly short ephemeral secret for the diffie-hellman-group1 and diffie-hellman-group14 key exchange methods.The resulting secret is 128 bits long, instead of the recommended sizes of 1024and 2048 bits respectively. There are practical algorithms that can solve this problem in O operations. Fixed In Version: libssh 0.7.3
Platform: |
Alpine Linux 3.4 |