Nixpkgs security tracker
3.6 LOW
- CVSS version: 3.1
- Attack vector (AV): LOCAL
- Attack complexity (AC): HIGH
- Privileges required (PR): LOW
- User interaction (UI): NONE
- Scope (S): UNCHANGED
- Confidentiality impact (C): LOW
- Integrity impact (I): LOW
- Availability impact (A): NONE
Libssh: use of uninitialized variable in privatekey_from_file()
A vulnerability was found in libssh, where an uninitialized variable exists under certain conditions in the privatekey_from_file() function. This flaw can be triggered if the file specified by the filename doesn't exist and may lead to possible signing failures or heap corruption.
References
Affected products
- <0.11.2
Matching in nixpkgs
pkgs.libssh
SSH client library
pkgs.libssh2
Client-side C library implementing the SSH2 protocol
pkgs.haskellPackages.libssh
libssh bindings
pkgs.haskellPackages.libssh2
FFI bindings to libssh2 SSH2 client library (http://libssh2.org/)
pkgs.haskellPackages.libssh2-conduit
Conduit wrappers for libssh2 FFI bindings (see libssh2 package)
pkgs.python311Packages.ansible-pylibssh
Python bindings to client functionality of libssh specific to Ansible use case
pkgs.python312Packages.ansible-pylibssh
Python bindings to client functionality of libssh specific to Ansible use case
pkgs.python313Packages.ansible-pylibssh
Python bindings to client functionality of libssh specific to Ansible use case
pkgs.tests.pkg-config.defaultPkgConfigPackages.libssh2
Test whether libssh2-1.11.1 exposes pkg-config modules libssh2
Package maintainers
-
@svanderburg Sander van der Burg <s.vanderburg@tudelft.nl>
-
@SuperSandro2000 Sandro Jäckel <sandro.jaeckel@gmail.com>
-
@geluk Johan Geluk <johan+nix@geluk.io>