Fluid Attacks Database

Description

Double free vulnerability in the ssh_packet_kexinit function in kex.c in libssh 0.5.x and 0.6.x before 0.6.4 allows remote attackers to cause a denial of service via a crafted kexinit packet.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 11	libssh	>=0 <0.6.3-4	0.6.3-4
debian 12	libssh	>=0 <0.6.3-4	0.6.3-4
debian 14	libssh	>=0 <0.6.3-4	0.6.3-4
debian 13	libssh	>=0 <0.6.3-4	0.6.3-4

Aliases

1. CVE-2014-81322. NVD-2014-81323. OSV-DEBIAN-2014-81324. OSV-2014-81325. SECURITY-TRACKER-CVE-2014-8132

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.