An gano wani rauni (CVE-2-2) a cikin ɗakin karatu na libssh (kada a ruɗe shi da libssh2021), wanda aka tsara don ƙara abokin ciniki da goyan bayan uwar garke don ka'idar SSHv3634 zuwa shirye-shiryen C, wanda ke haifar da buffer ambaliya yayin fara aiwatar da rekey. ta amfani da maɓalli mai mahimmanci wanda ke amfani da algorithm na hashing daban-daban. An daidaita batun a cikin sakin 0.9.6.
Mahimmancin matsalar ita ce maɓalli na aikin sauya fasalin yana ba da damar yin amfani da hashes na sirri tare da girman simintin gyare-gyare wanda ya bambanta da ainihin algorithm da aka yi amfani da shi. A wannan yanayin, ƙwaƙwalwar ajiyar zanta a cikin libssh an keɓe shi bisa ainihin girman hash ɗin, kuma yin amfani da girman hash mai girma yana kaiwa ga sake rubuta bayanai sama da iyakar da aka keɓe. A matsayin hanyar tsaro ta koma baya, zaku iya iyakance jerin goyan bayan hanyoyin musayar maɓalli zuwa algorithms masu girman zanta iri ɗaya. Misali, don ɗaure zuwa SHA256, zaku iya ƙara zuwa lambar: rc = ssh_options_set(s->ssh.session, SSH_OPTIONS_KEY_EXCHANGE, "diffie-hellman-group14-sha256,curve25519-sha256,ecdh-sha2-nist);p256");
source: budenet.ru