| Bug | bullseye | bookworm | trixie | forky | sid | Description |
|---|
| CVE-2025-58181 | vulnerable (no DSA, postponed) | vulnerable | vulnerable | fixed | fixed | SSH servers parsing GSSAPI authentication requests do not validate the ... |
| CVE-2025-47914 | vulnerable (no DSA, postponed) | vulnerable | vulnerable | fixed | fixed | SSH Agent servers do not validate the size of messages when processing ... |
| CVE-2025-47913 | vulnerable (no DSA, postponed) | vulnerable | vulnerable | fixed | fixed | SSH clients receiving SSH_AGENT_SUCCESS when expecting a typed respons ... |
| CVE-2025-22869 | vulnerable (no DSA, ignored) | vulnerable (no DSA) | vulnerable (no DSA) | fixed | fixed | SSH servers which implement file transfer protocols are vulnerable to ... |
| CVE-2024-45337 | vulnerable (no DSA, postponed) | vulnerable (no DSA) | vulnerable | fixed | fixed | Applications and libraries which misuse connection.serverAuthenticate ... |
| CVE-2023-48795 | vulnerable (no DSA) | vulnerable (no DSA) | fixed | fixed | fixed | The SSH transport protocol with certain OpenSSH extensions, found in O ... |
| CVE-2022-27191 | vulnerable (no DSA) | fixed | fixed | fixed | fixed | The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1 ... |
| CVE-2021-43565 | vulnerable (no DSA) | fixed | fixed | fixed | fixed | The x/crypto/ssh package before 0.0.0-20211202192323-5770296d904e of g ... |