VDB
GCVE-110-MAGEIA-2015-209
GCVE-110-MAGEIA-2015-209
Advisory Published
Updated libssh packages fix security vulnerability:
libssh versions 0.5.1 and above, but before 0.6.5, have a logical error in the
handling of a SSH_MSG_NEWKEYS and SSH_MSG_KEXDH_REPLY package. A detected
error did not set the session into the error state correctly and further
processed the packet which leads to a null pointer dereference. This is the
packet after the initial key exchange and doesn't require authentication.
This could be used for a Denial of Service (DoS) attack (CVE-2015-3146).
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | libssh | 0 (affected), 0.5.5-2.3.mga4 (unaffected), 0 (affected), 0.5.5-2.3.mga4 (unaffected) | — |
| Mageia | gnome-session | 0 (affected), 3.14.0-6.1.mga5 (unaffected) | — |
| Mageia | gnome-shell-extensions | 3.14.3-1.1.mga5 (unaffected), 0 (affected) | — |
Aliases
References
Browse GCVE Records
73,118 records in the GCVE database · Updated July 16, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.