what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 24 of 24 RSS Feed

CVE-2021-3634

Status Candidate

Overview

A flaw has been found in libssh in versions prior to 0.9.6. The SSH protocol keeps track of two shared secrets during the lifetime of the session. One of them is called secret_hash and the other session_id. Initially, both of them are the same, but after key re-exchange, previous session_id is kept and used as an input to new secret_hash. Historically, both of these buffers had shared length variable, which worked as long as these buffers were same. But the key re-exchange operation can also change the key exchange method, which can be based on hash of different size, eventually creating "secret_hash" of different size than the session_id has. This becomes an issue when the session_id memory is zeroed or when it is used again during second key re-exchange.

Related Files

Gentoo Linux Security Advisory 202312-05
Posted Dec 22, 2023
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202312-5 - Multiple vulnerabilities have been discovered in libssh, the worst of which could lead to remote code execution. Versions greater than or equal to 0.10.5 are affected.

tags | advisory, remote, vulnerability, code execution
systems | linux, gentoo
advisories | CVE-2021-3634, CVE-2023-1667, CVE-2023-2283
SHA-256 | afb44d6bcb45170dbbdafae00a799179936a89de10e52757ec95db57ded898b2
Red Hat Security Advisory 2022-6430-01
Posted Sep 13, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-6430-01 - OpenShift API for Data Protection enables you to back up and restore application resources, persistent volume data, and internal container images to external backup storage. OADP enables both file system-based and snapshot-based backups for persistent volumes. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2021-3634, CVE-2021-40528, CVE-2022-1271, CVE-2022-1292, CVE-2022-1586, CVE-2022-1705, CVE-2022-1962, CVE-2022-2068, CVE-2022-2097, CVE-2022-21698, CVE-2022-24675, CVE-2022-2526, CVE-2022-25313, CVE-2022-25314
SHA-256 | 4f2de101a63895ce93b93d579c8522dbea6333fada1258ba314335efd601e058
Red Hat Security Advisory 2022-6290-01
Posted Sep 1, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-6290-01 - OpenShift API for Data Protection enables you to back up and restore application resources, persistent volume data, and internal container images to external backup storage. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2021-3634, CVE-2021-40528, CVE-2022-1271, CVE-2022-1292, CVE-2022-1586, CVE-2022-2068, CVE-2022-2097, CVE-2022-21698, CVE-2022-24675, CVE-2022-25313, CVE-2022-25314, CVE-2022-26691, CVE-2022-28327, CVE-2022-29154
SHA-256 | 443a0aac6af9d5fe21a01d1493535af36861fdd77dc1fd48c74332d392859668
Red Hat Security Advisory 2022-5699-01
Posted Aug 4, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-5699-01 - Secondary Scheduler Operator for Red Hat OpenShift 1.0.1 has been released to address a moderate security impact.

tags | advisory
systems | linux, redhat
advisories | CVE-2018-25032, CVE-2021-3634, CVE-2021-40528, CVE-2022-1271, CVE-2022-22576, CVE-2022-27774, CVE-2022-27776, CVE-2022-27782, CVE-2022-29526, CVE-2022-29824
SHA-256 | 266833afa7b849db849282af299ee898fd202a5e68f531401183e92132ec0939
Red Hat Security Advisory 2022-5525-01
Posted Jul 27, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-5525-01 - An update for service-binding-operator-bundle-container and service-binding-operator-container is now available for OpenShift Developer Tools and Services for OCP 4.7+. Issues addressed include denial of service and out of bounds read vulnerabilities.

tags | advisory, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2021-3634, CVE-2021-38561, CVE-2022-1271
SHA-256 | 34b7698decafa254a1312bae65f4fbdfbc59562f1b7388ca21965ca313affc3e
Red Hat Security Advisory 2022-5673-01
Posted Jul 21, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-5673-01 - Red Hat OpenStack Platform 16.2 (Train) director operator containers, with several Important security fixes, are available for technology preview. Issues addressed include a code execution vulnerability.

tags | advisory, code execution
systems | linux, redhat
advisories | CVE-2021-3634, CVE-2021-3737, CVE-2021-40528, CVE-2021-41103, CVE-2021-4189, CVE-2021-43565, CVE-2022-1271, CVE-2022-1621, CVE-2022-1629, CVE-2022-22576, CVE-2022-25313, CVE-2022-25314, CVE-2022-26945, CVE-2022-27774
SHA-256 | e6a4b0b59b2757ea6ef380429f73c2819e182dbd4e1d06bf09b8c22eac8f952b
Red Hat Security Advisory 2022-5483-01
Posted Jul 1, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-5483-01 - The Migration Toolkit for Containers enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Issues addressed include a denial of service vulnerability.

tags | advisory, web, denial of service
systems | linux, redhat
advisories | CVE-2018-25032, CVE-2020-0404, CVE-2020-13974, CVE-2020-19131, CVE-2020-27820, CVE-2020-35492, CVE-2020-4788, CVE-2021-0941, CVE-2021-20322, CVE-2021-21781, CVE-2021-26401, CVE-2021-29154, CVE-2021-3612, CVE-2021-3634
SHA-256 | ce70c2647076c3e2e1ce8691bcc4d5a053b71f02fc338cb8e6f439843c00f8bc
Red Hat Security Advisory 2022-5392-01
Posted Jun 29, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-5392-01 - Red Hat Advanced Cluster Management for Kubernetes 2.3.11 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which resolve security issues and fix several bugs. Issues addressed include a traversal vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2018-25032, CVE-2020-0404, CVE-2020-13974, CVE-2020-27820, CVE-2020-4788, CVE-2021-0941, CVE-2021-20322, CVE-2021-21781, CVE-2021-25219, CVE-2021-26401, CVE-2021-29154, CVE-2021-3612, CVE-2021-3634, CVE-2021-3669
SHA-256 | 91ea6d7e287cf68f884e0838fff02b750c8ceaf606330ce2c7b1403d1eb46d64
Red Hat Security Advisory 2022-5201-01
Posted Jun 28, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-5201-01 - Red Hat Advanced Cluster Management for Kubernetes 2.4.5 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which apply security fixes and fix several bugs. Issues addressed include a traversal vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2018-25032, CVE-2020-0404, CVE-2020-13974, CVE-2020-19131, CVE-2020-27820, CVE-2020-4788, CVE-2021-0941, CVE-2021-20322, CVE-2021-21781, CVE-2021-25219, CVE-2021-26401, CVE-2021-29154, CVE-2021-3612, CVE-2021-3634
SHA-256 | 0ed89745dca96ce3d4084d2ff69e0833e3f3df669d2223a3ae686ad91ed7ff0b
Red Hat Security Advisory 2022-5188-01
Posted Jun 27, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-5188-01 - Updated images are now available for Red Hat Advanced Cluster Security for Kubernetes (RHACS). The updated image includes bug and security fixes.

tags | advisory
systems | linux, redhat
advisories | CVE-2018-25032, CVE-2021-23222, CVE-2021-25219, CVE-2021-3634, CVE-2021-3672, CVE-2021-3737, CVE-2021-4189, CVE-2022-1154, CVE-2022-1271, CVE-2022-1902
SHA-256 | de99e1a865995c3cb23cb50bcf37b75b678a3a66147e77f88143a4717bf81758
Red Hat Security Advisory 2022-5132-01
Posted Jun 21, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-5132-01 - Updated images are now available for Red Hat Advanced Cluster Security for Kubernetes (RHACS). The updated image includes bug and security fixes.

tags | advisory
systems | linux, redhat
advisories | CVE-2018-25032, CVE-2021-23177, CVE-2021-23222, CVE-2021-25219, CVE-2021-31566, CVE-2021-3634, CVE-2021-3672, CVE-2021-3737, CVE-2021-4189, CVE-2022-0778, CVE-2022-1154, CVE-2022-1271, CVE-2022-1902, CVE-2022-24407
SHA-256 | bfca0ba942391c6a43c9f8d48bf4d26fb94e10f853c2bf23fb873d2cf0db5c07
Red Hat Security Advisory 2022-5006-01
Posted Jun 19, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-5006-01 - Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation. This advisory covers the RPM packages for the release. Issues addressed include a traversal vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2018-25032, CVE-2021-25219, CVE-2021-3634, CVE-2021-3737, CVE-2021-38185, CVE-2021-3981, CVE-2021-4189, CVE-2021-43813, CVE-2022-1154, CVE-2022-1271, CVE-2022-1650, CVE-2022-23772, CVE-2022-23773, CVE-2022-23806, CVE-2022-24675, CVE-2022-24785, CVE-2022-28327, CVE-2022-29224, CVE-2022-29225, CVE-2022-29226, CVE-2022-29228, CVE-2022-31045
SHA-256 | 6f6ba67471416e8a7e06343894cacbc3dcadc86799322067063a37ae1ba3d122
Red Hat Security Advisory 2022-4985-01
Posted Jun 10, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-4985-01 - New Cryostat 2.1.1 on RHEL 8 container images have been released, containing bug fixes and addressing security vulnerabilities. Issues addressed include a deserialization vulnerability.

tags | advisory, vulnerability
systems | linux, redhat
advisories | CVE-2018-25032, CVE-2021-3634, CVE-2021-3737, CVE-2021-4189, CVE-2022-25647, CVE-2022-28948
SHA-256 | 29ff927b4e6efd73257365583c3736b94f307003c4ae5533fe580bcab4812753
Red Hat Security Advisory 2022-4956-01
Posted Jun 9, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-4956-01 - Red Hat Advanced Cluster Management for Kubernetes 2.5.0 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs and security issues. Issues addressed include privilege escalation and traversal vulnerabilities.

tags | advisory, vulnerability
systems | linux, redhat
advisories | CVE-2020-0404, CVE-2020-13974, CVE-2020-19131, CVE-2020-27820, CVE-2020-4788, CVE-2021-0941, CVE-2021-20322, CVE-2021-21781, CVE-2021-26401, CVE-2021-29154, CVE-2021-3612, CVE-2021-3634, CVE-2021-3669, CVE-2021-37159, CVE-2021-3737, CVE-2021-3743, CVE-2021-3744, CVE-2021-3752, CVE-2021-3759, CVE-2021-3764, CVE-2021-3772, CVE-2021-3773, CVE-2021-3918, CVE-2021-4002, CVE-2021-4037, CVE-2021-4083, CVE-2021-41190, CVE-2021-4157
SHA-256 | 878315e02041e8cdde9d1b5e67ed064f3cf0e6605b2eb860d63e94f3d703f519
Red Hat Security Advisory 2022-4671-01
Posted Jun 3, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-4671-01 - Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications. Issues addressed include a spoofing vulnerability.

tags | advisory, spoof
systems | linux, redhat
advisories | CVE-2018-25032, CVE-2021-3634, CVE-2021-3737, CVE-2021-41617, CVE-2021-4189, CVE-2022-24904, CVE-2022-24905, CVE-2022-29165
SHA-256 | 1a7182c8803733e24a2f52a38dc6173bf272d5ad45772e1226fe7c4a018efefe
Red Hat Security Advisory 2022-4880-01
Posted Jun 2, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-4880-01 - Updated images are now available for Red Hat Advanced Cluster Security for Kubernetes (RHACS). The updated image includes bug fixes and feature improvements. Issues addressed include a bypass vulnerability.

tags | advisory, bypass
systems | linux, redhat
advisories | CVE-2018-25032, CVE-2021-23222, CVE-2021-23820, CVE-2021-25219, CVE-2021-3634, CVE-2021-3672, CVE-2021-3737, CVE-2021-41190, CVE-2021-4189, CVE-2022-1154, CVE-2022-1271
SHA-256 | c63643705f44dff2556cecc50e362faec1c7302c8cda104e2a0666de9f499543
Red Hat Security Advisory 2022-4863-01
Posted Jun 1, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-4863-01 - OpenShift Serverless version 1.22.1 contains a moderate security impact.

tags | advisory
systems | linux, redhat
advisories | CVE-2018-25032, CVE-2021-3634, CVE-2021-3737, CVE-2021-4189, CVE-2022-23772, CVE-2022-23773, CVE-2022-23806
SHA-256 | dda02360413f1824abefb4a0bce3718b9ecc6ba04a0192343b6453bd7257ab9c
Red Hat Security Advisory 2022-4814-01
Posted May 31, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-4814-01 - The Migration Toolkit for Containers enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Issues addressed include denial of service and memory exhaustion vulnerabilities.

tags | advisory, web, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2018-25032, CVE-2020-0404, CVE-2020-13974, CVE-2020-19131, CVE-2020-27820, CVE-2020-35492, CVE-2020-4788, CVE-2021-0941, CVE-2021-20322, CVE-2021-21781, CVE-2021-26401, CVE-2021-29154, CVE-2021-3612, CVE-2021-3634, CVE-2021-3669, CVE-2021-37159, CVE-2021-3737, CVE-2021-3743, CVE-2021-3744, CVE-2021-3752, CVE-2021-3759, CVE-2021-3764, CVE-2021-3772, CVE-2021-3773, CVE-2021-3807, CVE-2021-39293, CVE-2021-4002
SHA-256 | de3fa8ee040cf6c28c1affa37a50086f48d77a4fce95eaf6d26445098ef47a20
Red Hat Security Advisory 2022-4690-01
Posted May 19, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-4690-01 - Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications. Issues addressed include a spoofing vulnerability.

tags | advisory, spoof
systems | linux, redhat
advisories | CVE-2018-25032, CVE-2021-25219, CVE-2021-3634, CVE-2021-3639, CVE-2021-3737, CVE-2021-41617, CVE-2021-4189, CVE-2022-0778, CVE-2022-1154, CVE-2022-1271, CVE-2022-24904, CVE-2022-24905, CVE-2022-29165
SHA-256 | 3bfe6b3b087ca42a19201811078371538ab2936796ff2422443605c3aef038d7
Red Hat Security Advisory 2022-4692-01
Posted May 19, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-4692-01 - Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications. Issues addressed include a spoofing vulnerability.

tags | advisory, spoof
systems | linux, redhat
advisories | CVE-2018-25032, CVE-2021-3634, CVE-2021-3737, CVE-2021-41617, CVE-2021-4189, CVE-2022-24904, CVE-2022-24905, CVE-2022-29165
SHA-256 | ecf97b114c811de8b773415e31f85d2dbbd762da9a08556fc7bc868b0c83a9a5
Red Hat Security Advisory 2022-4691-01
Posted May 19, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-4691-01 - Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications. Issues addressed include a spoofing vulnerability.

tags | advisory, spoof
systems | linux, redhat
advisories | CVE-2018-25032, CVE-2021-3634, CVE-2021-3737, CVE-2021-41617, CVE-2021-4189, CVE-2022-24904, CVE-2022-24905, CVE-2022-29165
SHA-256 | 6fe762e2616c6dacdada61a5ff131f5097db13088eef51a3811f2266f29dfb07
Red Hat Security Advisory 2022-2031-01
Posted May 11, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-2031-01 - libssh is a library which implements the SSH protocol. It can be used to implement client and server applications. Issues addressed include a buffer overflow vulnerability.

tags | advisory, overflow, protocol
systems | linux, redhat
advisories | CVE-2021-3634
SHA-256 | 99f67d3e5873587a717a66b1ddacad59122c8692e3fefaf1169520a8c0bbacd6
Debian Security Advisory 4965-1
Posted Aug 28, 2021
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4965-1 - It was discovered that a buffer overflow in rekeying in libssh could result in denial of service or potentially the execution of arbitrary code.

tags | advisory, denial of service, overflow, arbitrary
systems | linux, debian
advisories | CVE-2021-3634
SHA-256 | 51cf4039278881bec9f067e5cdcadada9c752de725e77c89140310d82ef1fcb8
Ubuntu Security Notice USN-5053-1
Posted Aug 26, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5053-1 - It was discovered that libssh incorrectly handled rekeying. A remote attacker could use this issue to cause libssh to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2021-3634
SHA-256 | f3a279c38ed606749ddabedbd85154581e55cffe1b0adcb35cbdf2b297cc05de
Page 1 of 1
Back1Next

File Archive:

July 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    27 Files
  • 2
    Jul 2nd
    10 Files
  • 3
    Jul 3rd
    35 Files
  • 4
    Jul 4th
    27 Files
  • 5
    Jul 5th
    18 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    28 Files
  • 9
    Jul 9th
    44 Files
  • 10
    Jul 10th
    24 Files
  • 11
    Jul 11th
    25 Files
  • 12
    Jul 12th
    11 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close