USN-6138-1: libssh vulnerabilities
Philip Turnbull discovered that libssh incorrectly handled rekeying with
algorithm guessing. A remote attacker could use this issue to cause libssh
to crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2023-1667)
Kevin Backhouse discovered that libssh incorrectly handled verifying data
signatures. A remote attacker could possibly use this issue to bypass
authorization. (CVE-2023-2283)
Source: USN-6138-1: libssh vulnerabilities
Leave a Reply