Remote Code Execution (RCE) Affecting openssh package, versions [0,]


Severity

Recommended
0.0
high
0
10

CVSS assessment by Snyk's Security Team. Learn more

Threat Intelligence

EPSS
7.03% (94th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-CONAN-OPENSSH-10078657
  • published8 May 2025
  • disclosed22 Aug 2001
  • creditUnknown

Introduced: 22 Aug 2001

CVE-2001-0572  (opens in a new tab)
CWE-94  (opens in a new tab)

How to fix?

There is no fixed version for openssh.

Overview

Affected versions of this package are vulnerable to Remote Code Execution (RCE). The SSH protocols 1 and 2 (aka SSH-2) as implemented in OpenSSH and other packages have various weaknesses which can allow a remote attacker to obtain the following information via sniffing: (1) password lengths or ranges of lengths, which simplifies brute force password guessing, (2) whether RSA or DSA authentication is being used, (3) the number of authorized_keys in RSA authentication, or (4) the lengths of shell commands.

CVSS Base Scores

version 3.1