Your submission was sent successfully! Close

CVE-2016-0787

Published: 13 April 2016

The diffie_hellman_sha256 function in kex.c in libssh2 before 1.7.0 improperly truncates secrets to 128 or 256 bits, which makes it easier for man-in-the-middle attackers to decrypt or intercept SSH sessions via unspecified vectors, aka a "bits/bytes confusion bug."

Notes

AuthorNote
seth-arnold
Debian noted there may be discussion of incomplete fix
Priority

Medium

CVSS 3 base score: 5.9

Status

Package Release Status
libssh2
Launchpad, Ubuntu, Debian
precise
Released (1.2.8-2ubuntu0.1)
trusty
Released (1.4.3-2ubuntu0.1)
upstream
Released (1.7.0)
wily Ignored
(reached end-of-life)
xenial
Released (1.5.0-2ubuntu0.1)
yakkety
Released (1.7.0-1ubuntu0.1)
Patches:
upstream: https://github.com/libssh2/libssh2/commit/ca5222ea819cc5ed797860070b4c6c1aeeb28420
upstream: https://github.com/libssh2/libssh2/commit/7934c9ce2a029c43e3642a492d3b9e494d1542be