Libssh · Libssh · CVE-2023-6918
**Name of the Vulnerable Software and Affected Versions**
libssh (affected versions not specified)
**Description**
A flaw was found in the libssh implementation of an abstract layer for message digest (MD) operations. The return values from these operations were not properly checked, which could cause low-memory situation failures, NULL dereferences, crashes, or usage of uninitialized memory as an input for the Key Derivation Function (KDF). This could result in decryption/integrity failures, terminating the connection. The issue may allow a remote attacker to cause a denial of service.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.