CVE-2014-2653

The verify_host_key function in sshconnect.c in the client in OpenSSH 6.6 and earlier allows remote servers to trigger the skipping of SSHFP DNS RR checking by presenting an unacceptable HostCertificate.

Published : 2014-03-27 10:55 Updated : 2017-01-07 02:59

5.8
CVSS Score More info
Score 5.8 / 10
5.8
Vendor Product Version URI
Openbsd Openssh 6.0 cpe:/a:openbsd:openssh:6.0
Openbsd Openssh 6.1 cpe:/a:openbsd:openssh:6.1
Openbsd Openssh 6.4 cpe:/a:openbsd:openssh:6.4
Openbsd Openssh 6.5 cpe:/a:openbsd:openssh:6.5
Openbsd Openssh 6.2 cpe:/a:openbsd:openssh:6.2
Openbsd Openssh 6.3 cpe:/a:openbsd:openssh:6.3
Openbsd Openssh 6.6 cpe:/a:openbsd:openssh:6.6
  1. Openbsd (1) Search CVE
    1. Openssh (7) Search CVE
      1. 6.0
      2. 6.1
      3. 6.4
      4. 6.5
      5. 6.2
      6. 6.3
      7. 6.6

CWE

ID Name Description Links
CWE-20 Improper Input Validation The product does not validate or incorrectly validates input that can affect the control flow or data flow of a program. CVE

History of changes

Date Event
2014-03-27 10:55

New CVE