CVE-2014-2653
MEDIUM6.5EPSS 2.1%Published: 3/27/2014Modified: 5/29/2026
Description
The verify_host_key function in sshconnect.c in the client in OpenSSH 6.6 and earlier allows remote servers to trigger the skipping of SSHFP DNS RR checking by presenting an unacceptable HostCertificate.
Affected packages (1)
- Debian/opensshfrom 0, < 1:6.6p1-1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N |