[3.4] libssh2: Wrong calculation of Diffie Helllman secret length (CVE-2016-0787)
During the SSHv2 handshake when libssh2 is to get a suitable value for
‘group order’ in the Diffle Hellman negotiation,
it would pass in number of bytes to a function that expected number of
bits. This would result in the library generating
numbers using only an 8th the number of random bits than what were
intended: 128 or 256 bits instead of 1023 or 2047
Using such drastically reduced amount of random bits for Diffie Hellman weakended the handshake security significantly.
Affected versions:
all versions to and including 1.6.0
Fixed In Version:
libssh2 1.7.0
References:
https://www.libssh2.org/adv\_20160223.html
Patch:
https://www.libssh2.org/CVE-2016-0787.patch
(from redmine: issue id 5178, created on 2016-02-24, closed on 2016-03-01)
- Relations:
- parent #5177 (closed)
- Changesets:
- Revision c4c2b245 on 2016-02-24T15:56:36Z:
main/libssh2: security upgrade to 1.7.0 (CVE-2016-0787). Fixes #5178