Homepage

openssh-portable vulnerabilities

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the https://openssh.com|openssh-portable package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free
VulnerabilityVulnerable Version
  • M
Expected Behavior Violation

[,10.0p1)
  • H
Allocation of Resources Without Limits or Throttling

[,9.9p2)
  • H
Detection of Error Condition Without Action

[,9.9p2)
  • H
Observable Timing Discrepancy

[9.5,9.8p1)
  • C
Race Condition

[8.5p1,9.8p1)
  • H
Improper Isolation or Compartmentalization

[0,)
  • M
OS Command Injection

[,9.6-p1)
  • M
Missing Critical Step in Authentication

[,9.6)
  • M
Authentication Bypass by Capture-replay

[,9.6)
  • H
Arbitrary Code Injection

[,9.3.P2)
  • M
Allocation of Resources Without Limits or Throttling

[,9.3)
  • M
Double Free

[,9.1.p1)
  • M
Information Exposure

[0,)
  • H
CVE-2001-0872

[,3.0.2)
  • C
Buffer Overflow

[1.2.2,2.2]
  • H
Access Restriction Bypass

[,2.9.9)[3.2.0,3.2.1)
  • M
CVE-2001-1382

[,1.2.2)
  • H
Access Restriction Bypass

[,3.0)
  • C
Access Restriction Bypass

[0,3.7.1p2)
  • M
Directory Traversal

[0,1.2.1)[1.2.2,2.1.0)
  • M
Information Exposure

[0,)
  • M
Access Restriction Bypass

[,4.7)
  • M
Directory Traversal

[,8.0)
  • H
Out-of-Bounds

[,7.4)
  • L
Improper Input Validation

[,7.0)
  • H
NULL Pointer Dereference

[,7.4)
  • M
Denial of Service (DoS)

[,4.5]
  • L
Information Exposure

[,5.1)
  • H
Race Condition

[2.9p1,3.6.1]
  • H
Out-of-Bounds

[0,7.1p2)
  • M
Information Exposure

[,5.9)
  • M
Denial of Service (DoS)

[,6.2)
  • M
Information Exposure

[3.0p1,3.9.1]
  • H
Cross-site Scripting (XSS)

[4.3,4.8]
  • M
CVE-2005-2797

[,4.0]
  • C
Denial of Service (DoS)

[2.9p1,3.0.1]
  • H
Access Restriction Bypass

[,4.5)
  • M
Resource Management Errors

[,5.9)
  • C
CVE-2000-0999

[,4.5]
  • M
Inappropriate Encoding for Output Context

[,8.0)
  • H
Access Restriction Bypass

[,7.3)
  • M
Information Exposure

[5.9,)
  • M
Improper Privilege Management

[0,7.6)
  • M
Access Restriction Bypass

[0,6.4)
  • M
Arbitrary Code Execution

[,4.5]
  • H
Access Restriction Bypass

[2.1,2.9]
  • H
Out-of-Bounds

[,6.5)
  • M
Cross-site Scripting (XSS)

[3.5p1,3.5]
  • H
Improper Authentication

[,5.7)
  • H
Resource Management Errors

[0,openssh-4.3p2-4.10)
  • M
Cryptographic Issues

[1.2.3,2.1.1]
  • M
Improper Authentication

[2.9p1,4.6]
  • M
Access Restriction Bypass

[,4.0]
  • L
Insufficiently Protected Credentials

[0,RHSA-2007-0257)
  • L
Denial of Service (DoS)

[,5.9)
  • H
Untrusted Search Path

[,7.4)
  • M
Cross-site Scripting (XSS)

[,8.0)
  • H
Buffer Overflow

[,3.8)
  • C
Security Features

[,7.2)
  • M
CRLF Injection

[,7.3)
  • M
Directory Traversal

[,3.4p1)
  • H
Access Restriction Bypass

[,3.0.1)
  • M
Out-of-Bounds

[0,7.1p2)
  • M
Information Exposure

[0,7.1p2)
  • M
User Enumeration

[5.7,8.4)
  • H
Double Free

[8.2,8.5)
  • H
Resource Management Errors

[6.8,7.3]
  • M
Arbitrary Code Execution

[3.0p1,3.9.1]
  • L
Information Exposure

[,4.1]
  • H
Access Restriction Bypass

[0,3.7)
  • M
Information Exposure

[,7.3)
  • H
Access of Resource Using Incompatible Type ('Type Confusion')

[0,3.7.1p2)
  • H
Out-of-bounds Write

[7.7,8.1)
  • M
Incorrect Authorization

[,8.0)
  • M
Access Restriction Bypass

[,6.6)
  • L
Insufficiently Protected Credentials

[,5.7)
  • H
Access Restriction Bypass

[,7.0)
  • M
Access Restriction Bypass

[0,4.3p1)
  • H
Access Restriction Bypass

[,7.4)
  • H
CVE-2001-0529

[,2.9.9)
  • M
Access Restriction Bypass

[,4.0)
  • H
Improper Input Validation

[0,)
  • H
Remote Code Execution (RCE)

[,4.5]
  • H
Access Restriction Bypass

[0,7.0)
  • H
Access Restriction Bypass

[,3.0)
  • H
Improper Input Validation

[0,)
  • H
Privilege Escalation

[6.2,8.8)
  • M
Access Restriction Bypass

[4.4p1,4.8]
  • H
Information Exposure

[,3.2.2]
  • H
Improper Input Validation

[,4.7)
  • H
Access Restriction Bypass

[,7.0)
  • H
Improper Input Validation

[,7.3)
  • M
Race Condition

[,7.8)
  • M
Access Restriction Bypass

[,6.9)
  • M
Key Management Errors

[,7.4)
  • M
Improper Input Validation

[,6.7)
  • C
Denial of Service (DoS)

[,3.7.1)
  • H
Denial of Service (DoS)

[,3.7.1p1)
  • H
Command Injection

[,8.3)
  • M
Access Restriction Bypass

[5.6,5.7]
  • C
Arbitrary Code Execution

[2.9p1,3.3]
  • C
Arbitrary Code Execution

[2.9p1,3.3]
  • C
CVE-2000-0525

[1.2,2.1]
  • H
Race Condition

[0,4.4)