| Package | libssh |
|---|---|
| Version | 0.6.3-4+deb8u6 (jessie), 0.7.3-2+deb9u4 (stretch) |
| Related CVEs | CVE-2019-14889 CVE-2023-1667 |
Two security issues have been discovered in libssh, a tiny C SSH library, which may allow a remote authenticated user to cause a denial of service or inject arbitrary commands.
CVE-2019-14889
A flaw was found with the libssh API function ssh_scp_new() in
versions before 0.9.3 and before 0.8.8. When the libssh SCP client
connects to a server, the scp command, which includes a
user-provided path, is executed on the server-side. In case the
library is used in a way where users can influence the third
parameter of the function, it would become possible for an attacker
to inject arbitrary commands, leading to a compromise of the remote
target.
Note that this CVE was previously fixed in jessie and that it has
now been fixed in stretch.
CVE-2023-1667
A NULL pointer dereference was found In libssh during re-keying with
algorithm guessing. This issue may allow an authenticated client to
cause a denial of service.
For Debian 8 jessie, these problems have been fixed in version 0.6.3-4+deb8u6.
For Debian 9 stretch, these problems have been fixed in version 0.7.3-2+deb9u4.
We recommend that you upgrade your libssh packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.