CVE-2014-1692 in OpenSSH
摘要 (英语)
The hash_buffer function in schnorr.c in OpenSSH through 6.4, when Makefile.inc is modified to enable the J-PAKE protocol, does not initialize certain data structures, which might allow remote attackers to cause a denial of service (memory corruption) or have unspecified other impact via vectors that trigger an error condition.
预定
2014-01-29
披露
2014-01-29
条目
VulDB provides additional information and datapoints for this CVE:
| 标识符 | 漏洞 | CWE | 可利用 | 对策 | CVE |
|---|---|---|---|---|---|
| 12124 | OpenSSH J-PAKE Protocol schnorr.c hash_buffer 内存损坏 | 119 | 未定义 | 官方修复 | CVE-2014-1692 |