VDB

GCVE-110-MAGEIA-2015-209

GCVE-110-MAGEIA-2015-209
Advisory Published
Vulnetix · Advisory published May 11, 2015
Updated libssh packages fix security vulnerability: libssh versions 0.5.1 and above, but before 0.6.5, have a logical error in the handling of a SSH_MSG_NEWKEYS and SSH_MSG_KEXDH_REPLY package. A detected error did not set the session into the error state correctly and further processed the packet which leads to a null pointer dereference. This is the packet after the initial key exchange and doesn't require authentication. This could be used for a Denial of Service (DoS) attack (CVE-2015-3146).

Affected Products

VendorProductVersionsPlatforms
Mageialibssh0 (affected), 0.5.5-2.3.mga4 (unaffected), 0 (affected), 0.5.5-2.3.mga4 (unaffected)
Mageiagnome-session0 (affected), 3.14.0-6.1.mga5 (unaffected)
Mageiagnome-shell-extensions3.14.3-1.1.mga5 (unaffected), 0 (affected)

Browse GCVE Records

73,118 records in the GCVE database · Updated July 16, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›