Vulnerability Details : CVE-2021-3634
A flaw has been found in libssh in versions prior to 0.9.6. The SSH protocol keeps track of two shared secrets during the lifetime of the session. One of them is called secret_hash and the other session_id. Initially, both of them are the same, but after key re-exchange, previous session_id is kept and used as an input to new secret_hash. Historically, both of these buffers had shared length variable, which worked as long as these buffers were same. But the key re-exchange operation can also change the key exchange method, which can be based on hash of different size, eventually creating "secret_hash" of different size than the session_id has. This becomes an issue when the session_id memory is zeroed or when it is used again during second key re-exchange.
Vulnerability category: Memory Corruption
Products affected by CVE-2021-3634
- cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:-:*:*:*
- cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql_workbench:*:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
- cpe:2.3:a:libssh:libssh:*:*:*:*:*:*:*:*
Threat overview for CVE-2021-3634
Top countries where our scanners detected CVE-2021-3634
Top open port discovered on systems with this issue
53
IPs affected by CVE-2021-3634 58,912
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2021-3634!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2021-3634
0.86%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 83 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-3634
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.0
|
MEDIUM | AV:N/AC:L/Au:S/C:N/I:N/A:P |
8.0
|
2.9
|
NIST | |
6.5
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
2.8
|
3.6
|
NIST |
CWE ids for CVE-2021-3634
-
The product writes data past the end, or before the beginning, of the intended buffer.Assigned by:
- nvd@nist.gov (Primary)
- secalert@redhat.com (Secondary)
References for CVE-2021-3634
-
https://security.netapp.com/advisory/ntap-20211004-0003/
CVE-2021-3634 libssh Vulnerability in NetApp Products | NetApp Product SecurityThird Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JKYD3ZRAMDAQX3ZW6THHUF3GXN7FF6B4/
[SECURITY] Fedora 34 Update: libssh-0.9.6-1.fc34 - package-announce - Fedora Mailing-ListsMailing List;Third Party Advisory
-
https://www.debian.org/security/2021/dsa-4965
Debian -- Security Information -- DSA-4965-1 libsshThird Party Advisory
-
https://www.oracle.com/security-alerts/cpujan2022.html
Oracle Critical Patch Update Advisory - January 2022Patch;Third Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DRK67AJCWYYVAGF5SGAHNZXCX3PN3ZFP/
[SECURITY] Fedora 33 Update: libssh-0.9.6-1.fc33 - package-announce - Fedora Mailing-Lists
-
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JKYD3ZRAMDAQX3ZW6THHUF3GXN7FF6B4/
[SECURITY] Fedora 34 Update: libssh-0.9.6-1.fc34 - package-announce - Fedora Mailing-Lists
-
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVWAAB2XMKEUMPMDALINKAA4U2QM4LNG/
[SECURITY] Fedora 35 Update: libssh-0.9.6-1.fc35 - package-announce - Fedora Mailing-Lists
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SVWAAB2XMKEUMPMDALINKAA4U2QM4LNG/
[SECURITY] Fedora 35 Update: libssh-0.9.6-1.fc35 - package-announce - Fedora Mailing-ListsMailing List;Third Party Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=1978810
1978810 – (CVE-2021-3634) CVE-2021-3634 libssh: possible heap-based buffer overflow when rekeyingIssue Tracking;Third Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DRK67AJCWYYVAGF5SGAHNZXCX3PN3ZFP/
[SECURITY] Fedora 33 Update: libssh-0.9.6-1.fc33 - package-announce - Fedora Mailing-ListsMailing List;Third Party Advisory
-
https://security.gentoo.org/glsa/202312-05
libssh: Multiple Vulnerabilities (GLSA 202312-05) — Gentoo security
Jump to