Fluid Attacks Database

Description

ssh in OpenSSH before 10.1 allows control characters in usernames that originate from certain possibly untrusted sources, potentially leading to code execution when a ProxyCommand is used. The untrusted sources are the command line and %-sequence expansion of a configuration file. (A configuration file that provides a complete literal username is not categorized as an untrusted source.)

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 11	openssh	=1:8.4p1-5 \|\| =1:8.4p1-5+deb11u1 \|\| =1:8.4p1-5+deb11u2 \|\| =1:8.4p1-5+deb11u3 \|\| =1:8.4p1-5+deb11u4 \|\| =1:8.4p1-5+deb11u5 \|\| =1:8.4p1-5+deb11u6 \|\| >=0 <1:8.4p1-5+deb11u7	1:8.4p1-5+deb11u7
debian 12	openssh	=1:9.2p1-2 \|\| =1:9.2p1-2+deb12u1 \|\| =1:9.2p1-2+deb12u2 \|\| =1:9.2p1-2+deb12u3 \|\| =1:9.2p1-2+deb12u4 \|\| =1:9.2p1-2+deb12u5 \|\| =1:9.2p1-2+deb12u6 \|\| =1:9.2p1-2+deb12u7 \|\| >=0 <1:9.2p1-2+deb12u8	1:9.2p1-2+deb12u8
debian 13	openssh	=1:10.0p1-7 \|\| >=0 <1:10.0p1-7+deb13u1	1:10.0p1-7+deb13u1
debian 14	openssh	=1:10.0p1-7 \|\| =1:10.0p1-8 \|\| >=0 <1:10.1p1-1	1:10.1p1-1
alpine v3.23	openssh	=10.0_p1-r0 \|\| =10.0_p1-r1 \|\| =10.0_p1-r10 \|\| =10.0_p1-r11 \|\| =10.0_p1-r2 \|\| =10.0_p1-r3 \|\| =10.0_p1-r4 \|\| =10.0_p1-r5 \|\| =10.0_p1-r6 \|\| =10.0_p1-r7 \|\| =10.0_p1-r8 \|\| =10.0_p1-r9 \|\| =5.1_p1-r1 \|\| =5.1_p1-r2 \|\| =5.1p1-r0 \|\| =5.2_p1-r0 \|\| =5.2_p1-r1 \|\| =5.2_p1-r2 \|\| =5.2_p1-r3 \|\| =5.3_p1-r3 \|\| =5.4_p1-r0 \|\| =5.4_p1-r1 \|\| =5.4_p1-r2 \|\| =5.4_p1-r3 \|\| =5.5_p1-r0 \|\| =5.6_p1-r0 \|\| =5.6_p1-r1 \|\| =5.8_p1-r0 \|\| =5.8_p1-r1 \|\| =5.8_p1-r2 \|\| =5.8_p2-r0 \|\| =5.8_p2-r1 \|\| =5.8_p2-r2 \|\| =5.9_p1-r0 \|\| =5.9_p1-r1 \|\| =5.9_p1-r2 \|\| =6.0_p1-r0 \|\| =6.1_p1-r0 \|\| =6.1_p1-r1 \|\| =6.1_p1-r2 \|\| =6.2_p1-r0 \|\| =6.2_p2-r0 \|\| =6.2_p2-r1 \|\| =6.2_p2-r2 \|\| =6.3_p1-r0 \|\| =6.3_p1-r1 \|\| =6.3_p1-r2 \|\| =6.4_p1-r0 \|\| =6.4_p1-r1 \|\| =6.6_p1-r0 \|\| =6.6_p1-r1 \|\| =6.6_p1-r2 \|\| =6.6_p1-r3 \|\| =6.6_p1-r4 \|\| =6.6_p1-r5 \|\| =6.6_p1-r6 \|\| =6.7_p1-r0 \|\| =6.8_p1-r0 \|\| =6.8_p1-r1 \|\| =6.8_p1-r2 \|\| =6.9_p1-r0 \|\| =6.9_p1-r1 \|\| =6.9_p1-r2 \|\| =6.9_p1-r3 \|\| =6.9_p1-r4 \|\| =6.9_p1-r5 \|\| =7.1_p1-r0 \|\| =7.1_p1-r1 \|\| =7.1_p2-r0 \|\| =7.2_p1-r0 \|\| =7.2_p2-r0 \|\| =7.2_p2-r1 \|\| =7.3_p1-r0 \|\| =7.3_p1-r1 \|\| =7.3_p1-r2 \|\| =7.4_p1-r0 \|\| =7.4_p1-r1 \|\| =7.4_p1-r2 \|\| =7.5_p1-r0 \|\| =7.5_p1-r1 \|\| =7.5_p1-r2 \|\| =7.5_p1-r3 \|\| =7.5_p1-r4 \|\| =7.5_p1-r5 \|\| =7.5_p1-r6 \|\| =7.5_p1-r7 \|\| =7.5_p1-r8 \|\| =7.6_p1-r0 \|\| =7.6_p1-r1 \|\| =7.7_p1-r0 \|\| =7.7_p1-r1 \|\| =7.7_p1-r2 \|\| =7.7_p1-r3 \|\| =7.7_p1-r4 \|\| =7.8_p1-r0 \|\| =7.9_p1-r0 \|\| =7.9_p1-r1 \|\| =7.9_p1-r2 \|\| =7.9_p1-r3 \|\| =7.9_p1-r4 \|\| =7.9_p1-r5 \|\| =8.0_p1-r0 \|\| =8.0_p1-r1 \|\| =8.0_p1-r2 \|\| =8.1_p1-r0 \|\| =8.2_p1-r0 \|\| =8.3_p1-r0 \|\| =8.4_p1-r0 \|\| =8.4_p1-r1 \|\| =8.4_p1-r2 \|\| =8.4_p1-r3 \|\| =8.5_p1-r0 \|\| =8.5_p1-r1 \|\| =8.5_p1-r2 \|\| =8.6_p1-r0 \|\| =8.6_p1-r1 \|\| =8.6_p1-r2 \|\| =8.6_p1-r3 \|\| =8.6_p1-r4 \|\| =8.8_p1-r0 \|\| =8.8_p1-r1 \|\| =8.8_p1-r2 \|\| =8.8_p1-r3 \|\| =8.8_p1-r4 \|\| =8.9_p1-r0 \|\| =9.0_p1-r0 \|\| =9.0_p1-r1 \|\| =9.0_p1-r2 \|\| =9.0_p1-r3 \|\| =9.0_p1-r4 \|\| =9.1_p1-r0 \|\| =9.1_p1-r1 \|\| =9.2_p1-r0 \|\| =9.2_p1-r1 \|\| =9.2_p1-r2 \|\| =9.2_p1-r3 \|\| =9.2_p1-r4 \|\| =9.3_p1-r0 \|\| =9.3_p1-r1 \|\| =9.3_p1-r2 \|\| =9.3_p1-r3 \|\| =9.3_p1-r4 \|\| =9.3_p1-r5 \|\| =9.3_p1-r6 \|\| =9.3_p1-r7 \|\| =9.3_p2-r0 \|\| =9.3_p2-r1 \|\| =9.3_p2-r2 \|\| =9.4_p1-r0 \|\| =9.5_p1-r0 \|\| =9.6_p1-r0 \|\| =9.7_p1-r0 \|\| =9.7_p1-r1 \|\| =9.7_p1-r2 \|\| =9.7_p1-r3 \|\| =9.8_p1-r0 \|\| =9.8_p1-r1 \|\| =9.9_p1-r0 \|\| =9.9_p1-r1 \|\| =9.9_p1-r2 \|\| =9.9_p2-r0 \|\| >=0 <10.1_p1-r0	10.1_p1-r0
alpine v3.22	openssh	=10.0_p1-r0 \|\| =10.0_p1-r1 \|\| =10.0_p1-r2 \|\| =10.0_p1-r3 \|\| =10.0_p1-r4 \|\| =10.0_p1-r5 \|\| =10.0_p1-r6 \|\| =10.0_p1-r7 \|\| =10.0_p1-r8 \|\| =10.0_p1-r9 \|\| =5.1_p1-r1 \|\| =5.1_p1-r2 \|\| =5.1p1-r0 \|\| =5.2_p1-r0 \|\| =5.2_p1-r1 \|\| =5.2_p1-r2 \|\| =5.2_p1-r3 \|\| =5.3_p1-r3 \|\| =5.4_p1-r0 \|\| =5.4_p1-r1 \|\| =5.4_p1-r2 \|\| =5.4_p1-r3 \|\| =5.5_p1-r0 \|\| =5.6_p1-r0 \|\| =5.6_p1-r1 \|\| =5.8_p1-r0 \|\| =5.8_p1-r1 \|\| =5.8_p1-r2 \|\| =5.8_p2-r0 \|\| =5.8_p2-r1 \|\| =5.8_p2-r2 \|\| =5.9_p1-r0 \|\| =5.9_p1-r1 \|\| =5.9_p1-r2 \|\| =6.0_p1-r0 \|\| =6.1_p1-r0 \|\| =6.1_p1-r1 \|\| =6.1_p1-r2 \|\| =6.2_p1-r0 \|\| =6.2_p2-r0 \|\| =6.2_p2-r1 \|\| =6.2_p2-r2 \|\| =6.3_p1-r0 \|\| =6.3_p1-r1 \|\| =6.3_p1-r2 \|\| =6.4_p1-r0 \|\| =6.4_p1-r1 \|\| =6.6_p1-r0 \|\| =6.6_p1-r1 \|\| =6.6_p1-r2 \|\| =6.6_p1-r3 \|\| =6.6_p1-r4 \|\| =6.6_p1-r5 \|\| =6.6_p1-r6 \|\| =6.7_p1-r0 \|\| =6.8_p1-r0 \|\| =6.8_p1-r1 \|\| =6.8_p1-r2 \|\| =6.9_p1-r0 \|\| =6.9_p1-r1 \|\| =6.9_p1-r2 \|\| =6.9_p1-r3 \|\| =6.9_p1-r4 \|\| =6.9_p1-r5 \|\| =7.1_p1-r0 \|\| =7.1_p1-r1 \|\| =7.1_p2-r0 \|\| =7.2_p1-r0 \|\| =7.2_p2-r0 \|\| =7.2_p2-r1 \|\| =7.3_p1-r0 \|\| =7.3_p1-r1 \|\| =7.3_p1-r2 \|\| =7.4_p1-r0 \|\| =7.4_p1-r1 \|\| =7.4_p1-r2 \|\| =7.5_p1-r0 \|\| =7.5_p1-r1 \|\| =7.5_p1-r2 \|\| =7.5_p1-r3 \|\| =7.5_p1-r4 \|\| =7.5_p1-r5 \|\| =7.5_p1-r6 \|\| =7.5_p1-r7 \|\| =7.5_p1-r8 \|\| =7.6_p1-r0 \|\| =7.6_p1-r1 \|\| =7.7_p1-r0 \|\| =7.7_p1-r1 \|\| =7.7_p1-r2 \|\| =7.7_p1-r3 \|\| =7.7_p1-r4 \|\| =7.8_p1-r0 \|\| =7.9_p1-r0 \|\| =7.9_p1-r1 \|\| =7.9_p1-r2 \|\| =7.9_p1-r3 \|\| =7.9_p1-r4 \|\| =7.9_p1-r5 \|\| =8.0_p1-r0 \|\| =8.0_p1-r1 \|\| =8.0_p1-r2 \|\| =8.1_p1-r0 \|\| =8.2_p1-r0 \|\| =8.3_p1-r0 \|\| =8.4_p1-r0 \|\| =8.4_p1-r1 \|\| =8.4_p1-r2 \|\| =8.4_p1-r3 \|\| =8.5_p1-r0 \|\| =8.5_p1-r1 \|\| =8.5_p1-r2 \|\| =8.6_p1-r0 \|\| =8.6_p1-r1 \|\| =8.6_p1-r2 \|\| =8.6_p1-r3 \|\| =8.6_p1-r4 \|\| =8.8_p1-r0 \|\| =8.8_p1-r1 \|\| =8.8_p1-r2 \|\| =8.8_p1-r3 \|\| =8.8_p1-r4 \|\| =8.9_p1-r0 \|\| =9.0_p1-r0 \|\| =9.0_p1-r1 \|\| =9.0_p1-r2 \|\| =9.0_p1-r3 \|\| =9.0_p1-r4 \|\| =9.1_p1-r0 \|\| =9.1_p1-r1 \|\| =9.2_p1-r0 \|\| =9.2_p1-r1 \|\| =9.2_p1-r2 \|\| =9.2_p1-r3 \|\| =9.2_p1-r4 \|\| =9.3_p1-r0 \|\| =9.3_p1-r1 \|\| =9.3_p1-r2 \|\| =9.3_p1-r3 \|\| =9.3_p1-r4 \|\| =9.3_p1-r5 \|\| =9.3_p1-r6 \|\| =9.3_p1-r7 \|\| =9.3_p2-r0 \|\| =9.3_p2-r1 \|\| =9.3_p2-r2 \|\| =9.4_p1-r0 \|\| =9.5_p1-r0 \|\| =9.6_p1-r0 \|\| =9.7_p1-r0 \|\| =9.7_p1-r1 \|\| =9.7_p1-r2 \|\| =9.7_p1-r3 \|\| =9.8_p1-r0 \|\| =9.8_p1-r1 \|\| =9.9_p1-r0 \|\| =9.9_p1-r1 \|\| =9.9_p1-r2 \|\| =9.9_p2-r0 \|\| >=0 <10.0_p1-r10	10.0_p1-r10
rpm rhel9.6	openssh	<0:8.7p1-45.el9_6.1	0:8.7p1-45.el9_6.1
rpm rhel8	openssh	<0:8.0p1-27.el8_10	0:8.0p1-27.el8_10
rpm rhel10	openssh	<0:9.9p1-12.el10_1	0:9.9p1-12.el10_1
rpm rhel10.0	openssh	<0:9.9p1-7.el10_0.1	0:9.9p1-7.el10_0.1

1-10 of 14

Aliases

1. CVE-2025-619842. NVD-2025-619843. OSV-DEBIAN-2025-619844. OSV-2025-619845. OSV-ALPINE-2025-619846. SECURITY-TRACKER-CVE-2025-619847. SECURITY-CVE-2025-61984

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.