libssh libssh CVE-2021-3634 vulnerability in Libssh and Other Products
Published on August 31, 2021

product logo product logo product logo product logo product logo product logo
A flaw has been found in libssh in versions prior to 0.9.6. The SSH protocol keeps track of two shared secrets during the lifetime of the session. One of them is called secret_hash and the other session_id. Initially, both of them are the same, but after key re-exchange, previous session_id is kept and used as an input to new secret_hash. Historically, both of these buffers had shared length variable, which worked as long as these buffers were same. But the key re-exchange operation can also change the key exchange method, which can be based on hash of different size, eventually creating "secret_hash" of different size than the session_id has. This becomes an issue when the session_id memory is zeroed or when it is used again during second key re-exchange.

Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory NVD

Weakness Type

What is a Memory Corruption Vulnerability?

The software writes data past the end, or before the beginning, of the intended buffer. Typically, this can result in corruption of data, a crash, or code execution. The software may modify an index or perform pointer arithmetic that references a memory location that is outside of the boundaries of the buffer. A subsequent write operation then produces undefined or unexpected results.

CVE-2021-3634 has been classified to as a Memory Corruption vulnerability or weakness.


Products Associated with CVE-2021-3634

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2021-3634 are published in these products:

Libssh
 
Red Hat Virtualization
 
Red Hat Enterprise Linux (RHEL)
 
Debian Linux
 
Fedora Project Fedora
 
Oracle Mysql Workbench
 
NetApp Cloud Backup
 

Exploit Probability

EPSS
0.12%
Percentile
30.68%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.