CNNVD-202510-765 Information
CNNVD ID
CNNVD-202510-765
Related CVE
- CNNVD Published: 2025-10-06
Description (Chinese)
OpenSSH(OpenBSD Secure Shell)是加拿大OpenBSD开源的一套用于安全访问远程计算机的连接工具。该工具是SSH协议的开源实现,支持对所有的传输进行加密,可有效阻止窃听、连接劫持以及其他网络级的攻击。 OpenSSH 10.1之前版本存在安全漏洞,该漏洞源于ssh:// URI中允许字符,可能导致代码执行。
Description (English)
OpenSSH (OpenBSD Security Shell) is a set of connection tools for secure access to remote computers from OpenBSD, Canada. The tool is the open source of the SSH protocol and supports the encryption of all transmissions, effectively preventing wiretapping, hijacking and other cyber-level attacks. There is a security loophole in the previous version of OpenSSH 10.1, which originates from the permitted characters in ssh://URI and may lead to code execution.
Hazard Level
Critical
Vulnerability Type
其他
Affected Vendor
OpenBSD
Published
2025-10-06
Last Modified
2026-02-24
References
https://www.openwall.com/lists/oss-security/2025/10/06/1 https://marc.info/?l=openssh-unix-dev&m=175974522032149&w=2 https://www.openssh.com/releasenotes.html#10.1p1 https://vigilance.fr/vulnerability/OpenSSH-code-execution-via-Usernames-Control-Characters-48396