CVE-2015-3146

Published: 5 May 2015

The (1) SSH_MSG_NEWKEYS and (2) SSH_MSG_KEXDH_REPLY packet handlers in package_cb.c in libssh before 0.6.5 do not properly validate state, which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted SSH packet.

Priority

CVSS 3 base score: 7.5

Status

Package	Release	Status
libssh Launchpad, Ubuntu, Debian	precise	Released (0.5.2-1ubuntu0.12.04.6)
	trusty	Does not exist (trusty was released [0.6.1-0ubuntu3.3])
	upstream	Released (0.6.5)
	utopic	Ignored (reached end-of-life)
	vivid	Ignored (reached end-of-life)
	wily	Released (0.6.3-3ubuntu3.2)
	Patches: upstream: https://www.libssh.org/security/patches/CVE-2015-3146-libssh-0.5.5.patch

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3146
https://www.libssh.org/2015/04/30/libssh-0-6-5-security-and-bugfix-release/
https://ubuntu.com/security/notices/USN-2912-1
NVD
Launchpad
Debian

Bugs

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=784404

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›