CVE-2016-0787
13.04.2016, 17:59
The diffie_hellman_sha256 function in kex.c in libssh2 before 1.7.0 improperly truncates secrets to 128 or 256 bits, which makes it easier for man-in-the-middle attackers to decrypt or intercept SSH sessions via unspecified vectors, aka a "bits/bytes confusion bug."Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| opensuse | opensuse | 13.2 |
| libssh2 | libssh2 | 𝑥 ≤ 1.6.0 |
| debian | debian_linux | 7.0 |
| debian | debian_linux | 8.0 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
openSUSE / SLES Releases
openSUSE Product | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| libssh2-1 |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| libssh2-1-32bit |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| libssh2-devel |
|
Red Hat Enterprise Linux Releases
Common Weakness Enumeration
References