Design/Logic Flaw

2019-01-3118:29:00

PRIOn knowledge base

www.prio-n.com

244

6.4 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

59.9%

JSON

An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (or Man-in-The-Middle attacker) can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being transferred. This affects refresh_progress_meter() in progressmeter.c.

CPENameOperatorVersion
ubuntu_linuxeq16.04
ubuntu_linuxeq14.04
ubuntu_linuxeq18.04
ubuntu_linuxeq18.10
debian_linuxeq8.0
debian_linuxeq9.0
fedoraeq30
m10-1_firmwareeq< xcp2361
m10-1_firmwareeq< xcp3070
m10-4_firmwareeq< xcp2361

Name	Operator	Version
ubuntu_linux	eq	16.04
ubuntu_linux	eq	14.04
ubuntu_linux	eq	18.04
ubuntu_linux	eq	18.10
debian_linux	eq	8.0
debian_linux	eq	9.0
fedora	eq	30
m10-1_firmware	eq	< xcp2361
m10-1_firmware	eq	< xcp3070
m10-4_firmware	eq	< xcp2361