Home

CVE-2016-0739

Description

libssh before 0.7.3 improperly truncates ephemeral secrets generated for the (1) diffie-hellman-group1 and (2) diffie-hellman-group14 key exchange methods to 128 bits, which makes it easier for man-in-the-middle attackers to decrypt or intercept SSH sessions via unspecified vectors, aka a bits/bytes confusion bug.

Risk Information

Base Score
5.9
MODERATE
Vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
4.313

Associated Vulnerability

VulnerabilityOS Platform
A tiny C SSH library (USN-2912-1) libssh-4_0.6.1-0ubuntu3.3_i386.debLinux
A tiny C SSH library (USN-2912-1) libssh-4_0.6.1-0ubuntu3.3_amd64.debLinux
A tiny C SSH library (USN-2912-1) libssh-4_0.6.3-3ubuntu3.2_i386.debLinux
A tiny C SSH library (USN-2912-1) libssh-4_0.6.3-3ubuntu3.2_amd64.debLinux
A tiny C SSH library (USN-2912-1) libssh-4_0.5.2-1ubuntu0.12.04.6_i386.debLinux
A tiny C SSH library (USN-2912-1) libssh-4_0.5.2-1ubuntu0.12.04.6_amd64.debLinux
(RHSA-2016:0566) Moderate: libssh security update libssh-0.7.1-2.el7.x86_64.rpmLinux
(RHSA-2016:0566) Moderate: libssh security update libssh-devel-0.7.1-2.el7.x86_64.rpmLinux
SUSE-SU-2016:0622-1(SUSE Linux Enterprise Desktop 11-SP4 ) libssh2-0.2-5.22.1.x86_64.rpmLinux
SUSE-SU-2016:0625-1(SUSE Linux Enterprise Desktop 12-SP1 ) libssh-debugsource-0.6.3-11.1.x86_64.rpmLinux
SUSE-SU-2016:0625-1(SUSE Linux Enterprise Desktop 12-SP1 ) libssh4-0.6.3-11.1.x86_64.rpmLinux
SUSE-SU-2016:0625-1(SUSE Linux Enterprise Desktop 12-SP1 ) libssh4-debuginfo-0.6.3-11.1.x86_64.rpmLinux
(RHSA-2016:0566)Moderate: security update libssh-debuginfo-0.7.1-2.el7.x86_64.rpmLinux
Libssh update (ELSA-2024-3233) libssh-0.9.6-14.el8.i686.rpmLinux
Libssh update (ELSA-2024-3233) libssh-0.9.6-14.el8.x86_64.rpmLinux
Libssh-config update (ELSA-2024-3233) libssh-config-0.9.6-14.el8.noarch.rpmLinux
Libssh-devel update (ELSA-2024-3233) libssh-devel-0.9.6-14.el8.i686.rpmLinux
Libssh-devel update (ELSA-2024-3233) libssh-devel-0.9.6-14.el8.x86_64.rpmLinux
Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-0739)NCM

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234