CVE-2015-3146

The (1) SSH_MSG_NEWKEYS and (2) SSH_MSG_KEXDH_REPLY packet handlers in package_cb.c in libssh before 0.6.5 do not properly validate state, which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted SSH packet.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 85%
Affected Products (NVD)
VendorProductVersion
libsshlibssh
𝑥
≤ 0.6.4
canonicalubuntu_linux
12.04
canonicalubuntu_linux
14.04
canonicalubuntu_linux
15.10
debiandebian_linux
7.0
debiandebian_linux
8.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
libssh
bookworm
0.10.6-0+deb12u1
fixed
bookworm (security)
0.10.6-0+deb12u1
fixed
bullseye
0.9.8-0+deb11u1
fixed
bullseye (security)
0.9.8-0+deb11u1
fixed
sid
0.11.1-1
fixed
squeeze
not-affected
trixie
0.11.1-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
libssh
precise
Fixed 0.5.2-1ubuntu0.12.04.6
released
trusty
Fixed 0.6.1-0ubuntu3.3
released
utopic
ignored
vivid
ignored
wily
Fixed 0.6.3-3ubuntu3.2
released
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
libssh-config
suse enterprise desktop 15 SP4
0.9.6-150400.1.5
fixed
suse enterprise desktop 15 SP5
0.9.6-150400.1.5
fixed
suse enterprise desktop 15 SP6
0.9.8-150600.9.1
fixed
suse enterprise desktop 15 SP7
0.9.8-150600.9.1
fixed
suse enterprise sap 15 SP4
0.9.6-150400.1.5
fixed
suse enterprise sap 15 SP5
0.9.6-150400.1.5
fixed
suse enterprise sap 15 SP6
0.9.8-150600.9.1
fixed
suse enterprise sap 15 SP7
0.9.8-150600.9.1
fixed
suse enterprise server 15 SP4
0.9.6-150400.1.5
fixed
suse enterprise server 15 SP5
0.9.6-150400.1.5
fixed
suse enterprise server 15 SP6
0.9.8-150600.9.1
fixed
suse enterprise server 15 SP7
0.9.8-150600.9.1
fixed
libssh-devel
suse enterprise desktop 15
0.7.5-4.16
fixed
suse enterprise desktop 15 SP1
0.8.4-8.26
fixed
suse enterprise desktop 15 SP2
0.8.7-10.12.1
fixed
suse enterprise desktop 15 SP3
0.8.7-10.12.1
fixed
suse enterprise desktop 15 SP4
0.9.6-150400.1.5
fixed
suse enterprise desktop 15 SP5
0.9.6-150400.1.5
fixed
suse enterprise desktop 15 SP6
0.9.8-150600.9.1
fixed
suse enterprise desktop 15 SP7
0.9.8-150600.9.1
fixed
suse enterprise sap 15
0.7.5-4.16
fixed
suse enterprise sap 15 SP1
0.8.4-8.26
fixed
suse enterprise sap 15 SP2
0.8.7-10.12.1
fixed
suse enterprise sap 15 SP3
0.8.7-10.12.1
fixed
suse enterprise sap 15 SP4
0.9.6-150400.1.5
fixed
suse enterprise sap 15 SP5
0.9.6-150400.1.5
fixed
suse enterprise sap 15 SP6
0.9.8-150600.9.1
fixed
suse enterprise sap 15 SP7
0.9.8-150600.9.1
fixed
suse enterprise server 15
0.7.5-4.16
fixed
suse enterprise server 15 SP1
0.8.4-8.26
fixed
suse enterprise server 15 SP2
0.8.7-10.12.1
fixed
suse enterprise server 15 SP3
0.8.7-10.12.1
fixed
suse enterprise server 15 SP4
0.9.6-150400.1.5
fixed
suse enterprise server 15 SP5
0.9.6-150400.1.5
fixed
suse enterprise server 15 SP6
0.9.8-150600.9.1
fixed
suse enterprise server 15 SP7
0.9.8-150600.9.1
fixed
libssh4
suse enterprise desktop 15
0.7.5-4.16
fixed
suse enterprise desktop 15 SP1
0.8.4-8.26
fixed
suse enterprise desktop 15 SP2
0.8.7-10.12.1
fixed
suse enterprise desktop 15 SP3
0.8.7-10.12.1
fixed
suse enterprise desktop 15 SP4
0.9.6-150400.1.5
fixed
suse enterprise desktop 15 SP5
0.9.6-150400.1.5
fixed
suse enterprise desktop 15 SP6
0.9.8-150600.9.1
fixed
suse enterprise desktop 15 SP7
0.9.8-150600.9.1
fixed
suse enterprise sap 12 SP5
0.8.7-1.31
fixed
suse enterprise sap 15
0.7.5-4.16
fixed
suse enterprise sap 15 SP1
0.8.4-8.26
fixed
suse enterprise sap 15 SP2
0.8.7-10.12.1
fixed
suse enterprise sap 15 SP3
0.8.7-10.12.1
fixed
suse enterprise sap 15 SP4
0.9.6-150400.1.5
fixed
suse enterprise sap 15 SP5
0.9.6-150400.1.5
fixed
suse enterprise sap 15 SP6
0.9.8-150600.9.1
fixed
suse enterprise sap 15 SP7
0.9.8-150600.9.1
fixed
suse enterprise server 12 SP5
0.8.7-1.31
fixed
suse enterprise server 15
0.7.5-4.16
fixed
suse enterprise server 15 SP1
0.8.4-8.26
fixed
suse enterprise server 15 SP2
0.8.7-10.12.1
fixed
suse enterprise server 15 SP3
0.8.7-10.12.1
fixed
suse enterprise server 15 SP4
0.9.6-150400.1.5
fixed
suse enterprise server 15 SP5
0.9.6-150400.1.5
fixed
suse enterprise server 15 SP6
0.9.8-150600.9.1
fixed
suse enterprise server 15 SP7
0.9.8-150600.9.1
fixed
libssh4-32bit
suse enterprise desktop 15
0.7.5-4.16
fixed
suse enterprise desktop 15 SP1
0.8.4-8.26
fixed
suse enterprise desktop 15 SP2
0.8.7-10.12.1
fixed
suse enterprise desktop 15 SP3
0.8.7-10.12.1
fixed
suse enterprise desktop 15 SP4
0.9.6-150400.1.5
fixed
suse enterprise desktop 15 SP5
0.9.6-150400.1.5
fixed
suse enterprise desktop 15 SP6
0.9.8-150600.9.1
fixed
suse enterprise desktop 15 SP7
0.9.8-150600.9.1
fixed
suse enterprise sap 12 SP5
0.8.7-1.31
fixed
suse enterprise sap 15
0.7.5-4.16
fixed
suse enterprise sap 15 SP1
0.8.4-8.26
fixed
suse enterprise sap 15 SP2
0.8.7-10.12.1
fixed
suse enterprise sap 15 SP3
0.8.7-10.12.1
fixed
suse enterprise sap 15 SP4
0.9.6-150400.1.5
fixed
suse enterprise sap 15 SP5
0.9.6-150400.1.5
fixed
suse enterprise sap 15 SP6
0.9.8-150600.9.1
fixed
suse enterprise sap 15 SP7
0.9.8-150600.9.1
fixed
suse enterprise server 12 SP5
0.8.7-1.31
fixed
suse enterprise server 15
0.7.5-4.16
fixed
suse enterprise server 15 SP1
0.8.4-8.26
fixed
suse enterprise server 15 SP2
0.8.7-10.12.1
fixed
suse enterprise server 15 SP3
0.8.7-10.12.1
fixed
suse enterprise server 15 SP4
0.9.6-150400.1.5
fixed
suse enterprise server 15 SP5
0.9.6-150400.1.5
fixed
suse enterprise server 15 SP6
0.9.8-150600.9.1
fixed
suse enterprise server 15 SP7
0.9.8-150600.9.1
fixed
References
http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161802.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158013.html
http://www.debian.org/security/2016/dsa-3488
http://www.ubuntu.com/usn/USN-2912-1
https://git.libssh.org/projects/libssh.git/commit/?h=libssh-0.6.5&id=94f6955fbaee6fda9385a23e505497efe21f5b4f
https://www.libssh.org/2015/04/30/libssh-0-6-5-security-and-bugfix-release/
https://www.libssh.org/security/advisories/CVE-2015-3146.txt
http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161802.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158013.html
http://www.debian.org/security/2016/dsa-3488
http://www.ubuntu.com/usn/USN-2912-1
https://git.libssh.org/projects/libssh.git/commit/?h=libssh-0.6.5&id=94f6955fbaee6fda9385a23e505497efe21f5b4f
https://www.libssh.org/2015/04/30/libssh-0-6-5-security-and-bugfix-release/
https://www.libssh.org/security/advisories/CVE-2015-3146.txt