This vulnerability is marked as RESERVED by NVD. This means that the CVE-ID is reserved for future use by the CVE Numbering Authority (CNA) or a security researcher, but the details of it are not yet publicly available yet.
This page will reflect the classification results once they are available through NVD.
Any vendor information available is shown as below.
libssh: Improper sanitation of paths received from SCP servers
Do not use SCP! SCP is deprecated for several years and will
be removed in future releases!
If you have to, the application MUST validate the path returned
from ssh_scp_request_get_filename() is the path the application
requested. The libssh does not do any writing in this case.
[Improper sanitation of paths received from SCP servers]
| Name | Vendor | Version |
|---|---|---|
| Libssh | Ubuntu/esm-infra/xenial | TBD |
| Libssh | Ubuntu/jammy | 0.9.6-2ubuntu0.22.04.6 |
| Libssh | Ubuntu/noble | 0.10.6-2ubuntu0.3 |
| Libssh | Ubuntu/questing | 0.11.2-1ubuntu0.2 |
| Libssh | Ubuntu/upstream | 0.11.4 |
| Libssh | Ubuntu/esm-infra/bionic | TBD |
| Libssh | Ubuntu/esm-infra/focal | TBD |