Closed mend-bolt-for-github[bot] closed 2 years ago
:heavy_check_mark: This issue was automatically closed by WhiteSource because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the WhiteSource inventory.
:information_source: This issue was automatically re-opened by WhiteSource because the vulnerable library in the specific branch(es) has been detected in the WhiteSource inventory.
CVE-2014-1692 - High Severity Vulnerability
Vulnerable Library - opensshV_6_4_P1
Library home page: https://github.com/TencentSwitchGroup/openssh.git
Found in HEAD commit: 816463d989cc5839c1cca2efb5bf2503408507fb
Found in base branch: stable/2.1
Vulnerable Source Files (2)
/crypto/openssh/schnorr.c /crypto/openssh/schnorr.c
Vulnerability Details
The hash_buffer function in schnorr.c in OpenSSH through 6.4, when Makefile.inc is modified to enable the J-PAKE protocol, does not initialize certain data structures, which might allow remote attackers to cause a denial of service (memory corruption) or have unspecified other impact via vectors that trigger an error condition.
Publish Date: 2014-01-29
URL: CVE-2014-1692
CVSS 3 Score Details (8.1)
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: High - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: http://xforce.iss.net/xforce/xfdb/90819
Release Date: 2017-12-31
Fix Resolution: Refer to OpenSSH Web site for patch, upgrade or suggested workaround information. See References. For IBM products: Refer to the appropriate IBM Security Bulletin for patch, upgrade or suggested workaround information. See References. For other distributions: Apply the appropriate update for your system.
Step up your Open Source Security Game with Mend here