In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Tue, 18 Feb 2025 01:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_0

{'score': 4.2, 'vector': 'CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N'}

threat_severity

Low

cvssV3_0

{'score': 6.8, 'vector': 'CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N'}

threat_severity

Moderate


Wed, 12 Feb 2025 23:45:00 +0000

Type Values Removed Values Added
Metrics cvssV3_0

{'score': 3.1, 'vector': 'CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N'}

cvssV3_0

{'score': 4.2, 'vector': 'CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2024-08-04T20:16:24.236Z

Reserved: 2019-01-10T00:00:00

Link: CVE-2019-6110

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2019-01-31T18:29:00.807

Modified: 2024-11-21T04:45:57.737

Link: CVE-2019-6110

cve-icon Redhat

Severity : Moderate

Publid Date: 2018-11-16T00:00:00Z

Links: CVE-2019-6110 - Bugzilla

cve-icon OpenCVE Enrichment

No data.