An issue in AsyncSSH before 2.14.1 allows attackers to control the extension info message (RFC 8308) via a man-in-the-middle attack, aka a Rogue Extension Negotiation.
The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Asyncssh | Asyncssh_project | * | 2.14.1 (excluding) |