Your submission was sent successfully! Close

CVE-2018-10933

Published: 16 October 2018

A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. A malicious client could create channels without first performing authentication, resulting in unauthorized access.

Priority

Medium

CVSS 3 base score: 9.1

Status

Package Release Status
libssh
Launchpad, Ubuntu, Debian
bionic
Released (0.8.0~20170825.94fa1e38-1ubuntu0.1)
cosmic
Released (0.8.1-1ubuntu0.1)
precise Does not exist

trusty Does not exist
(trusty was released [0.6.1-0ubuntu3.4])
upstream Needs triage

xenial
Released (0.6.3-4.3ubuntu0.1)