CVE-2021-3634

Name of the Vulnerable Software and Affected Versions libssh versions prior to 0.9.6

Description A flaw has been found in libssh. The SSH protocol keeps track of two shared secrets during the lifetime of the session: secret hash and session id. Initially, both of them are the same, but after key re-exchange, the previous session id is kept and used as an input to new secret hash. Historically, both of these buffers had a shared length variable, which worked as long as these buffers were the same. However, the key re-exchange operation can also change the key exchange method, which can be based on a hash of different size, eventually creating a secret hash of different size than the session id has. This becomes an issue when the session id memory is zeroed or when it is used again during the second key re-exchange. The issue can lead to a buffer overflow, potentially allowing a remote attacker to cause a denial-of-service.

Recommendations For versions prior to 0.9.6, update to version 0.9.6 or later to resolve the issue. As a temporary workaround, consider restricting the use of the key re-exchange operation until a patch is available. Avoid using the session id and secret hash variables in a way that could lead to a buffer overflow until the issue is resolved.