INFSA-2024:3166: OpenSSH security update
Information about definition
Identificator: INFSA-2024:3166
Type: security
Release date: 2024-08-23 18:53:20 UTC
Information about package
OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server.
Vulnerabilities description
- CVE-2020-15778
scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that they intentionally omit validation of "anomalous argument transfers" because that could "stand a great chance of breaking existing workflows."
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2020-15778
|
no information | 7.8 | no information |
Updated packages