CNNVD-202601-975 Information
Jan 06, 2026
cve
CNNVD ID
CNNVD-202601-975
Related CVE
- CNNVD Published: 2026-01-06
Description (Chinese)
wolfSSH是wolfSSL开源的一个小型、快速、可移植的 SSH 实现,包括对 SCP 和 SFTP 的支持。 wolfSSH 1.4.21及之前版本存在安全漏洞,该漏洞源于密钥交换状态机可被操纵,可能导致客户端密码泄露、发送虚假签名或跳过用户身份验证。
Description (English)
WolfSSH is a small, fast, portable SSH from the WolfSSL open source, including support for SCP and SFTP. There is a security loophole in the wolfSSH 1.4.21 and earlier versions, which stems from the manipulation of the key exchange, which may lead to the disclosure of the client ’ s password, the sending of false signatures or the skipping of user identification.
Hazard Level
Low
Vulnerability Type
其他
Affected Vendor
wolfSSL
Published
2026-01-06
Last Modified
2026-02-24
References
https://github.com/wolfSSL/wolfssh/pull/855
Patch
https://www.wolfssl.com/download/
Share on: