CVE-2018-7749

NameCVE-2018-7749
DescriptionThe SSH server implementation of AsyncSSH before 1.12.1 does not properly check whether authentication is completed before processing other requests. A customized SSH client can simply skip the authentication step.
SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs892787

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
python-asyncssh (PTS)bullseye2.5.0-0.1fixed
bullseye (security)2.5.0-0.1+deb11u1fixed
bookworm2.10.1-2+deb12u2fixed
bookworm (security)2.10.1-2+deb12u1fixed
trixie2.20.0-1fixed
forky, sid2.21.1-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
python-asyncsshsource(unstable)1.12.1-1892787

Notes

https://github.com/ronf/asyncssh/commit/16e6ebfa893167c7d9d3f6dc7a2c0d197e47f43a
Search for package or bug name: Reporting problems