{"api_version":"1","generated_at":"2026-04-22T20:52:18+00:00","cve":"CVE-2021-3634","urls":{"html":"https://cve.report/CVE-2021-3634","api":"https://cve.report/api/cve/CVE-2021-3634.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2021-3634","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2021-3634"},"summary":{"title":"CVE-2021-3634","description":"A flaw has been found in libssh in versions prior to 0.9.6. The SSH protocol keeps track of two shared secrets during the lifetime of the session. One of them is called secret_hash and the other session_id. Initially, both of them are the same, but after key re-exchange, previous session_id is kept and used as an input to new secret_hash. Historically, both of these buffers had shared length variable, which worked as long as these buffers were same. But the key re-exchange operation can also change the key exchange method, which can be based on hash of different size, eventually creating \"secret_hash\" of different size than the session_id has. This becomes an issue when the session_id memory is zeroed or when it is used again during second key re-exchange.","state":"PUBLIC","assigner":"secalert@redhat.com","published_at":"2021-08-31 17:15:00","updated_at":"2023-12-22 10:15:00"},"problem_types":["CWE-787"],"metrics":[],"references":[{"url":"https://security.netapp.com/advisory/ntap-20211004-0003/","name":"https://security.netapp.com/advisory/ntap-20211004-0003/","refsource":"CONFIRM","tags":[],"title":"CVE-2021-3634 libssh Vulnerability in NetApp Products | NetApp Product Security","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SVWAAB2XMKEUMPMDALINKAA4U2QM4LNG/","name":"FEDORA-2021-ec797b6a96","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 35 Update: libssh-0.9.6-1.fc35 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.debian.org/security/2021/dsa-4965","name":"DSA-4965","refsource":"DEBIAN","tags":[],"title":"Debian -- Security Information -- DSA-4965-1 libssh","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVWAAB2XMKEUMPMDALINKAA4U2QM4LNG/","name":"FEDORA-2021-ec797b6a96","refsource":"","tags":[],"title":"[SECURITY] Fedora 35 Update: libssh-0.9.6-1.fc35 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1978810","name":"https://bugzilla.redhat.com/show_bug.cgi?id=1978810","refsource":"MISC","tags":[],"title":"1978810 – (CVE-2021-3634) CVE-2021-3634 libssh: possible heap-based buffer overflow when rekeying","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JKYD3ZRAMDAQX3ZW6THHUF3GXN7FF6B4/","name":"FEDORA-2021-288925ac19","refsource":"","tags":[],"title":"[SECURITY] Fedora 34 Update: libssh-0.9.6-1.fc34 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.oracle.com/security-alerts/cpujan2022.html","name":"https://www.oracle.com/security-alerts/cpujan2022.html","refsource":"MISC","tags":[],"title":"Oracle Critical Patch Update Advisory - January 2022","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DRK67AJCWYYVAGF5SGAHNZXCX3PN3ZFP/","name":"FEDORA-2021-f2a020a065","refsource":"","tags":[],"title":"[SECURITY] Fedora 33 Update: libssh-0.9.6-1.fc33 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DRK67AJCWYYVAGF5SGAHNZXCX3PN3ZFP/","name":"FEDORA-2021-f2a020a065","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 33 Update: libssh-0.9.6-1.fc33 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://security.gentoo.org/glsa/202312-05","name":"GLSA-202312-05","refsource":"","tags":[],"title":"libssh: Multiple Vulnerabilities (GLSA 202312-05) — Gentoo security","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JKYD3ZRAMDAQX3ZW6THHUF3GXN7FF6B4/","name":"FEDORA-2021-288925ac19","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 34 Update: libssh-0.9.6-1.fc34 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2021-3634","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3634","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2021","cve_id":"3634","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"10.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"3634","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"11.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"3634","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"33","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"3634","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"34","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"3634","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"35","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"3634","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"libssh","cpe5":"libssh","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"3634","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"netapp","cpe5":"cloud_backup","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"3634","vulnerable":"1","versionEndIncluding":"8.0.27","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"mysql_workbench","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"3634","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux","cpe6":"8.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"-","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"3634","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"virtualization","cpe6":"4.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2021-3634","qid":"159812","title":"Oracle Enterprise Linux Security Update for libssh (ELSA-2022-2031)"},{"cve":"CVE-2021-3634","qid":"178780","title":"Debian Security Update for libssh (DSA 4965-1)"},{"cve":"CVE-2021-3634","qid":"183967","title":"Debian Security Update for libssh (CVE-2021-3634)"},{"cve":"CVE-2021-3634","qid":"198472","title":"Ubuntu Security Notification for libssh Vulnerability (USN-5053-1)"},{"cve":"CVE-2021-3634","qid":"240324","title":"Red Hat Update for libssh security (RHSA-2022:2031)"},{"cve":"CVE-2021-3634","qid":"281933","title":"Fedora Security Update for libssh (FEDORA-2021-288925ac19)"},{"cve":"CVE-2021-3634","qid":"281965","title":"Fedora Security Update for libssh (FEDORA-2021-f2a020a065)"},{"cve":"CVE-2021-3634","qid":"501876","title":"Alpine Linux Security Update for libssh"},{"cve":"CVE-2021-3634","qid":"670827","title":"EulerOS Security Update for libssh (EulerOS-SA-2021-2716)"},{"cve":"CVE-2021-3634","qid":"670945","title":"EulerOS Security Update for libssh (EulerOS-SA-2021-2691)"},{"cve":"CVE-2021-3634","qid":"690031","title":"Free Berkeley Software Distribution (FreeBSD) Security Update for libssh (57b1ee25-1a7c-11ec-9376-0800272221cc)"},{"cve":"CVE-2021-3634","qid":"710806","title":"Gentoo Linux libssh Multiple Vulnerabilities (GLSA 202312-05)"},{"cve":"CVE-2021-3634","qid":"755806","title":"SUSE Enterprise Linux Security Update for libssh (SUSE-SU-2024:0539-1)"},{"cve":"CVE-2021-3634","qid":"901107","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for libssh (7274)"},{"cve":"CVE-2021-3634","qid":"940503","title":"AlmaLinux Security Update for libssh (ALSA-2022:2031)"},{"cve":"CVE-2021-3634","qid":"960135","title":"Rocky Linux Security Update for libssh (RLSA-2022:2031)"}]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2021-3634","ASSIGNER":"secalert@redhat.com","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"libssh","version":{"version_data":[{"version_value":"libssh 0.9.6"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-787"}]}]},"references":{"reference_data":[{"refsource":"MISC","name":"https://bugzilla.redhat.com/show_bug.cgi?id=1978810","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1978810"},{"refsource":"DEBIAN","name":"DSA-4965","url":"https://www.debian.org/security/2021/dsa-4965"},{"refsource":"FEDORA","name":"FEDORA-2021-ec797b6a96","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SVWAAB2XMKEUMPMDALINKAA4U2QM4LNG/"},{"refsource":"FEDORA","name":"FEDORA-2021-288925ac19","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JKYD3ZRAMDAQX3ZW6THHUF3GXN7FF6B4/"},{"refsource":"FEDORA","name":"FEDORA-2021-f2a020a065","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DRK67AJCWYYVAGF5SGAHNZXCX3PN3ZFP/"},{"url":"https://www.oracle.com/security-alerts/cpujan2022.html","refsource":"MISC","name":"https://www.oracle.com/security-alerts/cpujan2022.html"},{"refsource":"CONFIRM","name":"https://security.netapp.com/advisory/ntap-20211004-0003/","url":"https://security.netapp.com/advisory/ntap-20211004-0003/"}]},"description":{"description_data":[{"lang":"eng","value":"A flaw has been found in libssh in versions prior to 0.9.6. The SSH protocol keeps track of two shared secrets during the lifetime of the session. One of them is called secret_hash and the other session_id. Initially, both of them are the same, but after key re-exchange, previous session_id is kept and used as an input to new secret_hash. Historically, both of these buffers had shared length variable, which worked as long as these buffers were same. But the key re-exchange operation can also change the key exchange method, which can be based on hash of different size, eventually creating \"secret_hash\" of different size than the session_id has. This becomes an issue when the session_id memory is zeroed or when it is used again during second key re-exchange."}]}},"nvd":{"publishedDate":"2021-08-31 17:15:00","lastModifiedDate":"2023-12-22 10:15:00","problem_types":["CWE-787"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH","baseScore":6.5,"baseSeverity":"MEDIUM"},"exploitabilityScore":2.8,"impactScore":3.6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:N/I:N/A:P","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL","baseScore":4},"severity":"MEDIUM","exploitabilityScore":8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:libssh:libssh:*:*:*:*:*:*:*:*","versionStartIncluding":"0.9.1","versionEndExcluding":"0.9.6","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:-:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:oracle:mysql_workbench:*:*:*:*:*:*:*:*","versionEndIncluding":"8.0.27","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2021","CveId":"3634","Ordinal":"211674","Title":"CVE-2021-3634","CVE":"CVE-2021-3634","Year":"2021"},"notes":[{"CveYear":"2021","CveId":"3634","Ordinal":"1","NoteData":"A flaw has been found in libssh in versions prior to 0.9.6. The SSH protocol keeps track of two shared secrets during the lifetime of the session. One of them is called secret_hash and the other session_id. Initially, both of them are the same, but after key re-exchange, previous session_id is kept and used as an input to new secret_hash. Historically, both of these buffers had shared length variable, which worked as long as these buffers were same. But the key re-exchange operation can also change the key exchange method, which can be based on hash of different size, eventually creating \"secret_hash\" of different size than the session_id has. This becomes an issue when the session_id memory is zeroed or when it is used again during second key re-exchange.","Type":"Description","Title":null},{"CveYear":"2021","CveId":"3634","Ordinal":"2","NoteData":"2021-08-31","Type":"Other","Title":"Published"},{"CveYear":"2021","CveId":"3634","Ordinal":"3","NoteData":"2022-02-07","Type":"Other","Title":"Modified"}]}}}