Home

CVE-2021-3634

Description

A flaw has been found in libssh in versions prior to 0.9.6. The SSH protocol keeps track of two shared secrets during the lifetime of the session. One of them is called secret_hash and the other session_id. Initially, both of them are the same, but after key re-exchange, previous session_id is kept and used as an input to new secret_hash. Historically, both of these buffers had shared length variable, which worked as long as these buffers were same. But the key re-exchange operation can also change the key exchange method, which can be based on hash of different size, eventually creating secret_hash of different size than the session_id has. This becomes an issue when the session_id memory is zeroed or when it is used again during second key re-exchange.

Risk Information

Base Score
6.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
0.117

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2021-3634 are affected in MySQL Workbench Enterprise Edition 8.0.27Windows
Vulnerabilities CVE-2021-3634 are affected in MySQL Workbench CE (x64) 8.0.27Windows
A tiny C SSH library (USN-5053-1) libssh-4_0.9.3-2ubuntu2.2_i386.debLinux
A tiny C SSH library (USN-5053-1) libssh-4_0.9.3-2ubuntu2.2_amd64.debLinux
A tiny C SSH library (USN-5053-1) libssh-4_0.9.5-1ubuntu0.1_i386.debLinux
A tiny C SSH library (USN-5053-1) libssh-4_0.9.5-1ubuntu0.1_amd64.debLinux
(RHSA-2022:2031) libssh security, bug fix, and enhancement update libssh-0.9.6-3.el8.x86_64.rpmLinux
(RHSA-2022:2031) libssh security, bug fix, and enhancement update libssh-config-0.9.6-3.el8.noarch.rpmLinux
(RHSA-2022:2031) libssh security, bug fix, and enhancement update libssh-debugsource-0.9.6-3.el8.i686.rpmLinux
(RHSA-2022:2031) libssh security, bug fix, and enhancement update libssh-debugsource-0.9.6-3.el8.x86_64.rpmLinux
(RHSA-2022:2031) libssh security, bug fix, and enhancement update libssh-devel-0.9.6-3.el8.i686.rpmLinux
(RHSA-2022:2031) libssh security, bug fix, and enhancement update libssh-devel-0.9.6-3.el8.x86_64.rpmLinux
libssh security, bug fix, and enhancement update (RLSA-2022:2031) libssh-0.9.6-3.el8.i686.rpmLinux
libssh security, bug fix, and enhancement update (RLSA-2022:2031) libssh-0.9.6-3.el8.x86_64.rpmLinux
libssh security, bug fix, and enhancement update (RLSA-2022:2031) libssh-devel-0.9.6-3.el8.i686.rpmLinux
libssh security, bug fix, and enhancement update (RLSA-2022:2031) libssh-devel-0.9.6-3.el8.x86_64.rpmLinux
libssh security, bug fix, and enhancement update (RLSA-2022:2031) libssh-config-0.9.6-3.el8.noarch.rpmLinux
SUSE-SU-2024:0539-1(SUSE Linux Enterprise Server 12 SP5 ) libssh-config-0.9.8-3.12.2.x86_64.rpmLinux
SUSE-SU-2024:0539-1(SUSE Linux Enterprise Server 12 SP5 ) libssh-debugsource-0.9.8-3.12.2.x86_64.rpmLinux
SUSE-SU-2024:0539-1(SUSE Linux Enterprise Server 12 SP5 ) libssh4-0.9.8-3.12.2.x86_64.rpmLinux
SUSE-SU-2024:0539-1(SUSE Linux Enterprise Server 12 SP5 ) libssh4-32bit-0.9.8-3.12.2.x86_64.rpmLinux
SUSE-SU-2024:0539-1(SUSE Linux Enterprise Server 12 SP5 ) libssh4-debuginfo-0.9.8-3.12.2.x86_64.rpmLinux
SUSE-SU-2024:0539-1(SUSE Linux Enterprise Server 12 SP5 ) libssh4-debuginfo-32bit-0.9.8-3.12.2.x86_64.rpmLinux
Libssh update (ELSA-2024-3233) libssh-0.9.6-14.el8.i686.rpmLinux
Libssh update (ELSA-2024-3233) libssh-0.9.6-14.el8.x86_64.rpmLinux
Libssh-config update (ELSA-2024-3233) libssh-config-0.9.6-14.el8.noarch.rpmLinux
Libssh-devel update (ELSA-2024-3233) libssh-devel-0.9.6-14.el8.i686.rpmLinux
Libssh-devel update (ELSA-2024-3233) libssh-devel-0.9.6-14.el8.x86_64.rpmLinux

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-347137MySQL Workbench CE (x64) (8.0.42)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234