[3.4] libssh2: Wrong calculation of Diffie Helllman secret length (CVE-2016-0787)ID: oval:org.secpod.oval:def:1800754 | Date: (C)2018-03-29 (M)2022-09-22 |
Class: PATCH | Family: unix |
During the SSHv2 handshake when libssh2 is to get a suitable value for "group order" in the Diffle Hellman negotiation, it would pass in number of bytes to a function that expected number of bits. This would result in the library generating numbers using only an 8th the number of random bits than what were intended: 128 or 256 bits instead of 1023 or 2047 Using such drastically reduced amount of random bits for Diffie Hellman weakend the handshake security significantly. Affected versions: all versions to and including 1.6.0 Fixed In Version: libssh2 1.7.0
Platform: |
Alpine Linux 3.4 |