CVE-2014-1692 (High) detected in opensshV_5_3_P1, thinstationthinstation_src-2.3b3 - autoclosed

[mend-bolt-for-github[bot]]

CVE-2014-1692 - High Severity Vulnerability

Vulnerable Libraries - opensshV_5_3_P1, thinstationthinstation_src-2.3b3

Vulnerability Details

The hash_buffer function in schnorr.c in OpenSSH through 6.4, when Makefile.inc is modified to enable the J-PAKE protocol, does not initialize certain data structures, which might allow remote attackers to cause a denial of service (memory corruption) or have unspecified other impact via vectors that trigger an error condition.

Publish Date: 2014-01-29

URL: CVE-2014-1692

CVSS 3 Score Details (8.1)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: High - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: http://xforce.iss.net/xforce/xfdb/90819

Release Date: 2017-12-31

Fix Resolution: Refer to OpenSSH Web site for patch, upgrade or suggested workaround information. See References. For IBM products: Refer to the appropriate IBM Security Bulletin for patch, upgrade or suggested workaround information. See References. For other distributions: Apply the appropriate update for your system.

---

Step up your Open Source Security Game with Mend here

[mend-bolt-for-github[bot]]

:heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.