The hash_buffer function in schnorr.c in OpenSSH through 6.4, when Makefile.inc is modified to enable the J-PAKE protocol, does not initialize certain data structures, which might allow remote attackers to cause a denial of service (memory corruption) or have unspecified other impact via vectors that trigger an error condition.
Fix Resolution: Refer to OpenSSH Web site for patch, upgrade or suggested workaround information. See References.
For IBM products:
Refer to the appropriate IBM Security Bulletin for patch, upgrade or suggested workaround information. See References.
For other distributions:
Apply the appropriate update for your system.
Step up your Open Source Security Game with Mend here
:heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.
CVE-2014-1692 - High Severity Vulnerability
Vulnerable Libraries - opensshV_5_3_P1, thinstationthinstation_src-2.3b3
Vulnerability Details
The hash_buffer function in schnorr.c in OpenSSH through 6.4, when Makefile.inc is modified to enable the J-PAKE protocol, does not initialize certain data structures, which might allow remote attackers to cause a denial of service (memory corruption) or have unspecified other impact via vectors that trigger an error condition.
Publish Date: 2014-01-29
URL: CVE-2014-1692
CVSS 3 Score Details (8.1)
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: High - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: http://xforce.iss.net/xforce/xfdb/90819
Release Date: 2017-12-31
Fix Resolution: Refer to OpenSSH Web site for patch, upgrade or suggested workaround information. See References. For IBM products: Refer to the appropriate IBM Security Bulletin for patch, upgrade or suggested workaround information. See References. For other distributions: Apply the appropriate update for your system.
Step up your Open Source Security Game with Mend here