Libssh
CVE-2018-10933
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Lifecycle Timeline
1DescriptionNVD
A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. A malicious client could create channels without first performing authentication, resulting in unauthorized access.
AnalysisAI
A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
Technical ContextAI
This vulnerability is classified under CWE-592. A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. A malicious client could create channels without first performing authentication, resulting in unauthorized access. Affected products include: Libssh, Canonical Ubuntu Linux, Debian Debian Linux, Redhat Enterprise Linux, Netapp Oncommand Unified Manager.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remot
libssh 0.9.4 has a NULL pointer dereference in tftpserver.c if ssh_buffer_new returns NULL. Rated medium severity (CVSS
Multiple integer overflows in libssh before 0.5.3 allow remote attackers to cause a denial of service (infinite loop or
Multiple buffer overflows in libssh before 0.5.3 allow remote attackers to cause a denial of service (crash) or possibly
Cryptographic key derivation failure in libssh versions prior to 0.11.2 (when built against OpenSSL older than 3.0) can
A flaw was found with the libssh API function ssh_scp_new() in versions before 0.9.3 and before 0.8.8. Rated high severi
CVE-2025-5318 is an out-of-bounds read vulnerability in libssh versions before 0.11.2 caused by an incorrect comparison
A flaw was found in libssh when using the ChaCha20 cipher with the OpenSSL library.
The (1) SSH_MSG_NEWKEYS and (2) SSH_MSG_KEXDH_REPLY packet handlers in package_cb.c in libssh before 0.6.5 do not proper
Double free vulnerability in the sftp_mkdir function in sftp.c in libssh before 0.5.3 allows remote attackers to cause a
Multiple double free vulnerabilities in the (1) agent_sign_data function in agent.c, (2) channel_request function in cha
libssh before 0.7.3 improperly truncates ephemeral secrets generated for the (1) diffie-hellman-group1 and (2) diffie-he
Same weakness CWE-592 – DEPRECATED: Authentication Bypass Issues
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today