This vulnerability is marked as RESERVED by NVD. This means that the CVE-ID is reserved for future use by the CVE Numbering Authority (CNA) or a security researcher, but the details of it are not yet publicly available yet.
This page will reflect the classification results once they are available through NVD.
Any vendor information available is shown as below.
libssh: Buffer underflow in ssh_get_hexa() on invalid input
To mitigate this issue, consider disabling GSSAPI authentication if it is not required, or reduce the LogLevel in the sshd_config file to a value lower than SSH_LOG_PACKET (e.g., INFO).
To disable GSSAPI authentication, add or modify the following line in /etc/ssh/sshd_config:
GSSAPIAuthentication no
To reduce logging verbosity, add or modify the following line in /etc/ssh/sshd_config:
LogLevel INFO
After making changes to sshd_config, the sshd service must be restarted for the changes to take effect. This may temporarily interrupt active SSH sessions.
[Buffer underflow in ssh_get_hexa() on invalid input]
| Name | Vendor | Version |
|---|---|---|
| Libssh | Ubuntu/noble | 0.10.6-2ubuntu0.3 |
| Libssh | Ubuntu/questing | 0.11.2-1ubuntu0.2 |
| Libssh | Ubuntu/upstream | 0.11.4 |
| Libssh | Ubuntu/esm-infra/bionic | TBD |
| Libssh | Ubuntu/esm-infra/focal | TBD |
| Libssh | Ubuntu/esm-infra/xenial | TBD |
| Libssh | Ubuntu/jammy | 0.9.6-2ubuntu0.22.04.6 |