Closed mend-bolt-for-github[bot] closed 2 years ago
mend-bolt-for-github[bot]
commented
2 years ago :heavy_check_mark: This issue was automatically closed by WhiteSource because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the WhiteSource inventory.
mend-bolt-for-github[bot]
commented
2 years ago :information_source: This issue was automatically re-opened by WhiteSource because the vulnerable library in the specific branch(es) has been detected in the WhiteSource inventory.
CVE-2014-1692 - High Severity Vulnerability
Library home page: https://github.com/TencentSwitchGroup/openssh.git
Found in HEAD commit: 816463d989cc5839c1cca2efb5bf2503408507fb
Found in base branch: stable/2.1
The hash_buffer function in schnorr.c in OpenSSH through 6.4, when Makefile.inc is modified to enable the J-PAKE protocol, does not initialize certain data structures, which might allow remote attackers to cause a denial of service (memory corruption) or have unspecified other impact via vectors that trigger an error condition.
Publish Date: 2014-01-29
URL: CVE-2014-1692
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: High - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High
For more information on CVSS3 Scores, click here.Type: Upgrade version
Origin: http://xforce.iss.net/xforce/xfdb/90819
Release Date: 2017-12-31
Fix Resolution: Refer to OpenSSH Web site for patch, upgrade or suggested workaround information. See References. For IBM products: Refer to the appropriate IBM Security Bulletin for patch, upgrade or suggested workaround information. See References. For other distributions: Apply the appropriate update for your system.
Step up your Open Source Security Game with Mend here