Nixpkgs security tracker
4.3 MEDIUM
- CVSS version (CVSS): 3.1
- Attack Vector (AV): Network (N)
- Attack Complexity (AC): Low (L)
- Privileges Required (PR): None (N)
- User Interaction (UI): Required (R)
- Scope (S): Unchanged (U)
- Confidentiality (C): None (N)
- Integrity (I): None (N)
- Availability (A): Low (L)
- Modified Attack Vector (MAV): Network (N)
- Modified Attack Complexity (MAC): Low (L)
- Modified Privileges Required (MPR): None (N)
- Modified User Interaction (MUI): Required (R)
- Modified Confidentiality (MC): None (N)
- Modified Scope (MS): Unchanged (U)
- Modified Integrity (MI): None (N)
- Modified Availability (MA): Low (L)
Activity log
- Created suggestion
Openssh: double free in red hat enterprise linux versions of openssh dh-gex client path during fips known-group validation leads to client-side denial of service
A flaw was found in OpenSSH. A malicious SSH server can exploit a double free vulnerability in the Diffie-Hellman Group Exchange (DH-GEX) client path. This occurs during FIPS (Federal Information Processing Standards) mode known-group validation when the client processes attacker-controlled DH-GEX group parameters. Successful exploitation leads to client-side process termination, resulting in a Denial of Service (DoS).
References
Affected products
Matching in nixpkgs
pkgs.openssh
Implementation of the SSH protocol
pkgs.opensshTest
Implementation of the SSH protocol
pkgs.openssh_hpn
Implementation of the SSH protocol with high performance networking patches
pkgs.openssh_gssapi
Implementation of the SSH protocol with GSSAPI support
pkgs.openssh-askpass
A passphrase dialog for OpenSSH and GTK
pkgs.opensshWithKerberos
Implementation of the SSH protocol
pkgs.openssh_hpnWithKerberos
Implementation of the SSH protocol with high performance networking patches
pkgs.perlPackages.NetOpenSSH
Perl SSH client package implemented on top of OpenSSH
pkgs.perl5Packages.NetOpenSSH
Perl SSH client package implemented on top of OpenSSH
pkgs.lxqt.lxqt-openssh-askpass
GUI to query passwords on behalf of SSH agents
pkgs.perl538Packages.NetOpenSSH
None
pkgs.perl540Packages.NetOpenSSH
None
Package maintainers
-
@romildo José Romildo Malaquias <malaquias@gmail.com>
-
@balsoft Alexander Bantyev <balsoft75@gmail.com>
-
@helsinki-Jo Joachim Ernst <joachim.ernst@helsinki-systems.de>
-
@infinisil Silvan Mosberger <contact@infinisil.com>
-
@dasJ Janne Heß <janne@hess.ooo>
-
@philiptaron Philip Taron <philip.taron@gmail.com>
-
@andir Andreas Rammhold <andreas@rammhold.de>
-
@numinit Morgan Jones <me+nixpkgs@numin.it>
-
@pyrox0 Pyrox <pyrox@pyrox.dev>
-
@wahjava Ashish SHUKLA <ashish.is@lostca.se>
-
@n3tshift n3tshift <n3tshift@tilde.pink>