The libssh implements abstract layer for message digest (MD) operations implemented by different supported crypto backends. The return values from these were not properly checked, which could cause in low-memory situations failures, NULL dereferences, crashes or at worst usage of the uninitialized memory as an input for the KDF. In this case, non-matching keys will result in decryption/integrity failures, terminating connection.
Created libssh tracking bugs for this issue: Affects: epel-all [bug 2255157] Affects: fedora-all [bug 2255159] Created libssh2 tracking bugs for this issue: Affects: epel-all [bug 2255158] Affects: fedora-all [bug 2255160] Created mingw-libssh2 tracking bugs for this issue: Affects: fedora-all [bug 2255161]
This vulnerability in the libssh abstract layer for message digest operations is deemed to have a low impact due to several mitigating factors. Primarily, the absence of proper checks on return values from supported crypto backends may lead to low-memory situations, failures, NULL dereferences, crashes, or the utilization of uninitialized memory in the Key Derivation Function (KDF). While these potential consequences could disrupt the system, their likelihood is considered low, contributing to the low impact classification. The maintainers of libssh, in conjunction with Red Hat, have assigned a CVSS3.1 score of 3.7 to this vulnerability. While the score acknowledges the existence of a vulnerability, the assigned value falls within the lower range of the scale, indicating a relatively modest level of risk. Moreover, the practical exploitability of this vulnerability is characterized as theoretical and highly unlikely to yield tangible results. The difficulty in successfully exploiting the flaw adds a layer of security, further diminishing the potential impact. While acknowledging the risk of non-matching keys leading to decryption/integrity failures and connection termination, the combination of the low likelihood of exploitation and the relatively lower severity score results in an overall assessment of low impact.