Fluid Attacks Database

Description

The diffie_hellman_sha256 function in kex.c in libssh2 before 1.7.0 improperly truncates secrets to 128 or 256 bits, which makes it easier for man-in-the-middle attackers to decrypt or intercept SSH sessions via unspecified vectors, aka a "bits/bytes confusion bug."

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 13	libssh2	>=0 <1.5.0-2.1	1.5.0-2.1
debian 14	libssh2	>=0 <1.5.0-2.1	1.5.0-2.1
alpine v3.4	libssh2	=1.2.8-r0 \|\| =1.2.9-r0 \|\| =1.3.0-r0 \|\| =1.4.0-r0 \|\| =1.4.1-r0 \|\| =1.4.2-r0 \|\| =1.4.2-r1 \|\| =1.4.3-r0 \|\| =1.5.0-r0 \|\| =1.6.0-r0 \|\| >=0 <1.7.0-r0	1.7.0-r0
debian 11	libssh2	>=0 <1.5.0-2.1	1.5.0-2.1
nuget	libssh2-vc141_xp	>=0 <=1.6.0	1.8.2
debian 12	libssh2	>=0 <1.5.0-2.1	1.5.0-2.1
rpm rhel7	libssh2	<0:1.4.3-10.el7_2.1	0:1.4.3-10.el7_2.1
rpm rhel6	libssh2	<0:1.4.2-2.el6_7.1	0:1.4.2-2.el6_7.1

Aliases

1. CVE-2016-07872. NVD-2016-07873. OSV-DEBIAN-2016-07874. OSV-2016-07875. OSV-ALPINE-2016-07876. GCVE-2016-07877. SECURITY-TRACKER-CVE-2016-07878. SECURITY-CVE-2016-0787

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.