Fluid Attacks Database

Description

A NULL pointer dereference was found In libssh during re-keying with algorithm guessing. This issue may allow an authenticated client to cause a denial of service.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 14	libssh	>=0 <0.10.5-1	0.10.5-1
debian 11	libssh	=0.9.5-1 \|\| =0.9.5-1+deb11u1 \|\| =0.9.6-1 \|\| =0.9.6-2 \|\| >=0 <0.9.7-0+deb11u1	0.9.7-0+deb11u1
debian 12	libssh	>=0 <0.10.5-1	0.10.5-1
debian 13	libssh	>=0 <0.10.5-1	0.10.5-1
rpm rhel8	libssh	<0:0.9.6-10.el8_8	0:0.9.6-10.el8_8
rpm rhel7	libssh	-	-
rpm rhel8.6	libssh	<0:0.9.6-4.el8_6	0:0.9.6-4.el8_6
rpm rhel9	libssh	<0:0.10.4-11.el9	0:0.10.4-11.el9

Aliases

1. CVE-2023-16672. NVD-2023-16673. OSV-DEBIAN-2023-16674. OSV-2023-16675. SECURITY-TRACKER-CVE-2023-1667

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.