FreshPorts - VuXML
This page displays vulnerability information about FreeBSD Ports.
The last vuln.xml file processed by FreshPorts is:
nothing found there
List all Vulnerabilities, by package
List all Vulnerabilities, by date
These are the vulnerabilities relating to the commit you have selected:
|57b1ee25-1a7c-11ec-9376-0800272221cc||libssh -- possible heap-buffer overflow vulnerability|
libssh security advisories:
The SSH protocol keeps track of two shared secrets during the lifetime
of the session. One of them is called `secret_hash` and and the other
`session_id`. Initially, both of them are the same, but after key
re-exchange, previous `session_id` is kept and used as an input to new
Historically, both of these buffers had shared length variable, which
worked as long as these buffers were same. But the key re-exchange
operation can also change the key exchange method, which can be based on
hash of different size, eventually creating `secret_hash` of different
size than the `session_id` has.
This becomes an issue when the `session_id` memory is zeroized or when
it is used again during second key re-exchange.
ge 0.9.1 le 0.9.5