CVE-2014-0017

EPSS 0.09%

libssh - security update

Published: 3/14/2014Modified: 4/28/2026

Description

The RAND_bytes function in libssh before 0.6.3, when forking is enabled, does not properly reset the state of the OpenSSL pseudo-random number generator (PRNG), which causes the state to be shared between children processes and allows local users to obtain sensitive information by leveraging a pid collision.

Affected packages (2)

Debian/libsshfrom 0, < 0.5.4-3
Debian/libsshfrom 0, < 0.4.5-3+squeeze2

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2014-0017