A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. A malicious client could create channels without first performing authentication, resulting in unauthorized access.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Wed, 16 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.79577}

epss

{'score': 0.79855}


cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2024-08-05T07:54:35.801Z

Reserved: 2018-05-09T00:00:00

Link: CVE-2018-10933

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2018-10-17T12:29:00.650

Modified: 2024-11-21T03:42:20.323

Link: CVE-2018-10933

cve-icon Redhat

Severity : Important

Publid Date: 2018-10-16T12:00:00Z

Links: CVE-2018-10933 - Bugzilla

cve-icon OpenCVE Enrichment

No data.