Homepage

openssh-portable vulnerabilities

Licenses: BSD-2-Clause-NetBSD | MIT | ISC | BSD-2-Clause | GPL-1.0 | snprintf | SSH-OpenSSH | X11-distribute-modifications-variant | BSD-3-Clause | Unknown | Public-Domain | BSD-4-Clause-UC | GPL-2.0 | X11 | Beerware | BSD-4-Clause | SSH-short

License

BSD-2-Clause-NetBSD
MIT
ISC
BSD-2-Clause
GPL-1.0
snprintf
SSH-OpenSSH
X11-distribute-modifications-variant
BSD-3-Clause
Unknown
Public-Domain
BSD-4-Clause-UC
GPL-2.0
X11
Beerware
BSD-4-Clause
SSH-short
Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the https://openssh.com|openssh-portable package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free
VulnerabilityVulnerable Version
  • L
Improper Neutralization of Null Byte or NUL Character

[,10.1-p1)
  • L
Improper Handling of Invalid Use of Special Elements

[,10.1-p1)
  • M
Expected Behavior Violation

[,10.0p1)
  • H
Allocation of Resources Without Limits or Throttling

[,9.9p2)
  • H
Detection of Error Condition Without Action

[,9.9p2)
  • H
Observable Timing Discrepancy

[9.5,9.8p1)
  • C
Race Condition

[8.5p1,9.8p1)
  • H
Improper Isolation or Compartmentalization

[0,)
  • M
OS Command Injection

[,9.6-p1)
  • M
Missing Critical Step in Authentication

[,9.6)
  • M
Authentication Bypass by Capture-replay

[,9.6)
  • H
Arbitrary Code Injection

[,9.3.P2)
  • M
Allocation of Resources Without Limits or Throttling

[,9.3)
  • M
Double Free

[,9.1.p1)
  • M
Information Exposure

[0,)
  • H
CVE-2001-0872

[,3.0.2)
  • C
Buffer Overflow

[1.2.2,2.2]
  • H
Access Restriction Bypass

[,2.9.9)[3.2.0,3.2.1)
  • M
CVE-2001-1382

[,1.2.2)
  • H
Access Restriction Bypass

[,3.0)
  • H
Out-of-Bounds

[,7.4)
  • L
Improper Input Validation

[,7.0)
  • M
Access Restriction Bypass

[,4.7)
  • M
Directory Traversal

[,8.0)
  • M
Directory Traversal

[0,1.2.1)[1.2.2,2.1.0)
  • M
Information Exposure

[0,)
  • C
Access Restriction Bypass

[0,3.7.1p2)
  • H
NULL Pointer Dereference

[,7.4)
  • M
Denial of Service (DoS)

[,4.5]
  • L
Information Exposure

[,5.1)
  • H
Race Condition

[2.9p1,3.6.1]
  • H
Out-of-Bounds

[0,7.1p2)
  • M
Information Exposure

[,5.9)
  • M
Denial of Service (DoS)

[,6.2)
  • M
Information Exposure

[3.0p1,3.9.1]
  • H
Cross-site Scripting (XSS)

[4.3,4.8]
  • M
CVE-2005-2797

[,4.0]
  • C
Denial of Service (DoS)

[2.9p1,3.0.1]
  • H
Access Restriction Bypass

[,4.5)
  • M
Resource Management Errors

[,5.9)
  • C
CVE-2000-0999

[,4.5]
  • M
Information Exposure

[5.9,)
  • M
Inappropriate Encoding for Output Context

[,8.0)
  • H
Access Restriction Bypass

[,7.3)
  • M
Improper Privilege Management

[0,7.6)
  • M
Access Restriction Bypass

[0,6.4)
  • M
Arbitrary Code Execution

[,4.5]
  • H
Access Restriction Bypass

[2.1,2.9]
  • H
Out-of-Bounds

[,6.5)
  • M
Observable Timing Discrepancy

[,3.9p1)
  • H
Improper Authentication

[,5.7)
  • H
Resource Management Errors

[0,openssh-4.3p2-4.10)
  • M
Cryptographic Issues

[1.2.3,2.1.1]
  • M
Improper Authentication

[2.9p1,4.6]
  • M
Access Restriction Bypass

[,4.0]
  • L
Insufficiently Protected Credentials

[0,RHSA-2007-0257)
  • C
Security Features

[,7.2)
  • H
Buffer Overflow

[,3.8)
  • L
Denial of Service (DoS)

[,5.9)
  • M
Cross-site Scripting (XSS)

[,8.0)
  • H
Untrusted Search Path

[,7.4)
  • M
CRLF Injection

[,7.3)
  • M
Directory Traversal

[,3.4p1)
  • H
Access Restriction Bypass

[,3.0.1)
  • M
Out-of-Bounds

[0,7.1p2)
  • M
Information Exposure

[0,7.1p2)
  • M
User Enumeration

[5.7,8.4)
  • H
Double Free

[8.2,8.5)
  • H
Resource Management Errors

[6.8,7.4-P1)
  • M
Arbitrary Code Execution

[3.0-P1,4.3-P1)
  • L
Information Exposure

[,4.1]
  • L
Insufficiently Protected Credentials

[,5.7)
  • H
Out-of-bounds Write

[7.7,8.1)
  • H
Access Restriction Bypass

[0,3.7)
  • H
Access of Resource Using Incompatible Type ('Type Confusion')

[0,3.7.1p2)
  • M
Information Exposure

[,7.3)
  • H
Access Restriction Bypass

[,7.4)
  • M
Access Restriction Bypass

[0,4.3p1)
  • M
Incorrect Authorization

[,8.0)
  • M
Access Restriction Bypass

[,6.6)
  • H
Access Restriction Bypass

[,7.0)
  • H
CVE-2001-0529

[,2.9.9)
  • M
Access Restriction Bypass

[,4.0)
  • H
Improper Input Validation

[0,)
  • H
Remote Code Execution (RCE)

[,4.5]
  • H
Access Restriction Bypass

[0,7.0)
  • H
Access Restriction Bypass

[,3.0)
  • H
Improper Input Validation

[0,)
  • H
Privilege Escalation

[6.2,8.8)
  • M
Access Restriction Bypass

[4.4p1,4.8]
  • H
Information Exposure

[,3.2.2]
  • H
Access Restriction Bypass

[,7.0)
  • M
Improper Input Validation

[,6.7)
  • H
Improper Input Validation

[,7.3)
  • H
Improper Input Validation

[,4.7)
  • M
Race Condition

[,7.8)
  • C
Denial of Service (DoS)

[,3.7.1)
  • H
Denial of Service (DoS)

[,3.7.1p1)
  • M
Key Management Errors

[,7.4)
  • M
Access Restriction Bypass

[,6.9)
  • H
Command Injection

[,8.3)
  • M
Access Restriction Bypass

[5.6,5.7]
  • C
Arbitrary Code Execution

[2.9p1,3.3]
  • C
Arbitrary Code Execution

[2.9p1,3.3]
  • C
CVE-2000-0525

[1.2,2.1]
  • H
Race Condition

[0,4.4)