« List of all CVEs

CVE-2016-0739

Published: 4/13/2016 Last updated: 8/5/2024 Reserved: 12/16/2015

libssh before 0.7.3 improperly truncates ephemeral secrets generated for the (1) diffie-hellman-group1 and (2) diffie-hellman-group14 key exchange methods to 128 bits, which makes it easier for man-in-the-middle attackers to decrypt or intercept SSH sessions via unspecified vectors, aka a "bits/bytes confusion bug."

CNA assigner: redhat (53f830b8-0a3f-465b-8143-3b8a9948e749) Requested by: n/a

Opam packages affected (1)

libssh

Products affected (1)

Product Vendor Version
n/a n/a n/a

References (20)