A flaw was found in libssh when using the ChaCha20 cipher with the OpenSSL library. If an attacker manages to exhaust the heap space, this error is not detected and may lead to libssh using a partially initialized cipher context. This occurs because the OpenSSL error code returned aliases with the SSH_OK code, resulting in libssh not properly detecting the error returned by the OpenSSL library. This issue can lead to undefined behavior, including compromised data confidentiality and integrity or crashes.
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HLibssh
APPLibssh0.10.0 – 0.11.2 (bez)
Related vulnerabilities
A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. A malicious c...
A flaw was found in libssh. This vulnerability allows local man-in-the-middle attacks, security downgrades of ...
A flaw was found in libssh. The API function `ssh_get_hexa()` is vulnerable to a denial of service when proces...
A flaw was found in the libssh library in versions less than 0.11.2. An out-of-bounds read can be triggered in...
A flaw was found with the libssh API function ssh_scp_new() in versions before 0.9.3 and before 0.8.8. When th...