VDB
CVE-2021-3634
CVE-2021-3634
PUBLISHED
Es existiert eine Schwachstelle in libssh. Der Fehler besteht aufgrund eines Heap-Puffer-Überlaufs, wenn ein Rekey mit dem Schlüsselaustauschalgorithmus angefordert wird, der einen Digest unterschiedlicher Größe verwendet. Ein entfernter authentisierter Angreifer kann diese Schwachstelle ausnutzen, um Sicherheitsmaßnahmen zu umgehen.
EPSS 0.11% · 28.7th percentile
Risk Scores
EPSS Score
0.11%
28.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dell | Dell PowerProtect Data Domain | |
| Dell | Dell PowerProtect Data Domain OS | |
| Dell | Dell PowerProtect Data Domain <8.1.0.0 | |
| Dell | Dell PowerProtect Data Domain <7.10.1.40 | |
| Ubuntu | Ubuntu Linux | |
| Avaya | Avaya Aura Communication Manager | |
| Avaya | Avaya Aura Application Enablement Services | |
| Avaya | Avaya Aura Session Manager | |
| Debian | Debian Linux | |
| Avaya | Avaya Aura System Manager | |
| SUSE | SUSE Linux | |
| Avaya | Avaya Aura Experience Portal | |
| EMC | EMC Avamar | |
| Dell | Dell PowerProtect Data Domain <7.13.1.10 | |
| Dell | Dell PowerProtect Data Domain <7.7.5.50 | |
| Gentoo | Gentoo Linux | |
| Dell | Dell PowerProtect Data Domain Management Center | |
| Red Hat | Red Hat Enterprise Linux | |
| IBM | IBM QRadar SIEM 7.5 | |
| IBM | IBM QRadar SIEM 7.4 |
…and 1 more
Timeline
- CVE Published
- Sep 1, 2021 EPSS Score
- Oct 5, 2021 EPSS Score
- Oct 11, 2021 EPSS Score
- Oct 29, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 8, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- Apr 21, 2022 EPSS Score
- Jun 17, 2022 EPSS Score
- Oct 12, 2022 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2021/wid-sec-w-2022-0001.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0001 advisory
- https://www.libssh.org/security/advisories/CVE-2021-3634.txt advisory
- https://ubuntu.com/security/notices/USN-5053-1 advisory
- https://www.debian.org/security/2021/dsa-4965 advisory
- https://access.redhat.com/errata/RHSA-2022:4863 advisory
- https://access.redhat.com/errata/RHSA-2022:4880 advisory
- https://access.redhat.com/errata/RHSA-2022:4692 advisory
- https://access.redhat.com/errata/RHSA-2022:4690 advisory
- https://access.redhat.com/errata/RHSA-2022:4691 advisory
- https://access.redhat.com/errata/RHSA-2022:4671 advisory
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-operator-and-queue-manager-container-images-are-vulnerable-to-multiple-vulnerabilities-from-gzip-jackson-databind-libssh-gnutls-nettle-and-zlib/ advisory
- https://access.redhat.com/errata/RHSA-2022:4956 advisory
- https://access.redhat.com/errata/RHSA-2022:4985 advisory
- https://access.redhat.com/errata/RHSA-2022:2031 advisory
- https://downloads.avaya.com/css/P8/documents/101081750 advisory
- https://access.redhat.com/errata/RHSA-2022:5188 advisory
- https://access.redhat.com/errata/RHSA-2022:5483 advisory
- https://access.redhat.com/errata/RHSA-2022:5525 advisory
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-application-framework-base-image-is-vulnerable-to-using-components-with-known-vulnerabilities-3/ advisory
…and 8 more