Openbsd

Openssh

138 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
Medienbericht
  • EPSS 38.47%
  • Veröffentlicht 28.02.2025 22:15:40
  • Zuletzt bearbeitet 30.06.2026 01:16:23

A flaw was found in the OpenSSH package. For each ping packet the SSH server receives, a pong packet is allocated in a memory buffer and stored in a queue of packages. It is only freed when the server/client key exchange has finished. A malicious cli...

Medienbericht
  • EPSS 7%
  • Veröffentlicht 18.02.2025 19:15:29
  • Zuletzt bearbeitet 12.05.2026 13:16:40

A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in spec...

  • EPSS 27.94%
  • Veröffentlicht 08.07.2024 18:15:09
  • Zuletzt bearbeitet 15.04.2026 00:35:42

A race condition vulnerability was discovered in how signals are handled by OpenSSH's server (sshd). If a remote attacker does not authenticate within a set time period, then sshd's SIGALRM handler is called asynchronously. However, this signal handl...

  • EPSS 1.63%
  • Veröffentlicht 02.07.2024 18:15:03
  • Zuletzt bearbeitet 15.04.2026 00:35:42

OpenSSH 9.5 through 9.7 before 9.8 sometimes allows timing attacks against echo-off password entry (e.g., for su and Sudo) because of an ObscureKeystrokeTiming logic error. Similarly, other timing attacks against keystroke entry could occur.

Medienbericht Exploit
  • EPSS 99.51%
  • Veröffentlicht 01.07.2024 13:15:06
  • Zuletzt bearbeitet 12.05.2026 12:17:20

A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to aut...

  • EPSS 0.66%
  • Veröffentlicht 24.12.2023 07:15:07
  • Zuletzt bearbeitet 02.06.2026 16:16:28

OpenSSH through 10.0, when common types of DRAM are used, might allow row hammer attacks (for authentication bypass) because the integer value of authenticated in mm_answer_authpassword does not resist flips of a single bit. NOTE: this is applicable ...

  • EPSS 0.43%
  • Veröffentlicht 18.12.2023 19:15:08
  • Zuletzt bearbeitet 28.05.2026 20:16:22

In ssh-agent in OpenSSH before 9.6, certain destination constraints can be incompletely applied. When destination constraints are specified during addition of PKCS#11-hosted private keys, these constraints are only applied to the first key, even if a...

  • EPSS 19.75%
  • Veröffentlicht 18.12.2023 19:15:08
  • Zuletzt bearbeitet 12.05.2026 12:16:15

In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations. For example, an untrusted Git repository can have a submodul...

Medienbericht Exploit
  • EPSS 93.31%
  • Veröffentlicht 18.12.2023 16:15:10
  • Zuletzt bearbeitet 12.05.2026 11:16:15

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client a...

Exploit
  • EPSS 76.77%
  • Veröffentlicht 20.07.2023 03:15:10
  • Zuletzt bearbeitet 21.11.2024 08:13:30

The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading ...