CVE-2018-7749

NameCVE-2018-7749
DescriptionThe SSH server implementation of AsyncSSH before 1.12.1 does not properly check whether authentication is completed before processing other requests. A customized SSH client can simply skip the authentication step.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs892787

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
python-asyncssh (PTS)buster (security), buster, buster (lts)1.12.2-1+deb10u1fixed
bullseye2.5.0-0.1fixed
bullseye (security)2.5.0-0.1+deb11u1fixed
bookworm (security), bookworm2.10.1-2+deb12u1fixed
sid, trixie2.19.0-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
python-asyncsshsource(unstable)1.12.1-1892787

Notes

https://github.com/ronf/asyncssh/commit/16e6ebfa893167c7d9d3f6dc7a2c0d197e47f43a

Search for package or bug name: Reporting problems