CVE-2018-10933

Summary

A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. A malicious client could create channels without first performing authentication, resulting in unauthorized access.

Affected Software

VendorProductVersion RangeStatus
[UNKNOWN]libssh0.7.6affected
[UNKNOWN]libssh0.8.4affected

Weaknesses

  • CWE-592: CWE-592

ADP Enrichment

CVE Program Container

Additional References

References