What is GHSA-pxrc-fqc7-h5rw?

GHSA-pxrc-fqc7-h5rw is a security advisory published by GitHub Security Advisories with High severity. The hash_buffer function in schnorr.c in OpenSSH through 6.4, when Makefile.inc is modified to...

Which CVE IDs does GHSA-pxrc-fqc7-h5rw cover?

GHSA-pxrc-fqc7-h5rw covers the following CVE IDs: CVE-2014-1692. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-pxrc-fqc7-h5rw?

GHSA-pxrc-fqc7-h5rw has a CVSS v3 base score of 7.3, published by GitHub Security Advisories.

GHSA-pxrc-fqc7-h5rwHighCVSS 7.3

The hash_buffer function in schnorr.c in OpenSSH through 6.4, when Makefile.inc is modified to...

Vendor

GitHub Security Advisories

Published

May 13, 2022

Last Modified

May 28, 2026

🔗 CVE IDs covered (1)

CVE-2014-1692 →

📋 Description

The hash_buffer function in schnorr.c in OpenSSH through 6.4, when Makefile.inc is modified to enable the J-PAKE protocol, does not initialize certain data structures, which might allow remote attackers to cause a denial of service (memory corruption) or have unspecified other impact via vectors that trigger an error condition.

🔗 References (14)

https://nvd.nist.gov/vuln/detail/CVE-2014-1692
https://exchange.xforce.ibmcloud.com/vulnerabilities/90819
http://marc.info/?l=bugtraq&m=141576985122836&w=2
http://marc.info/?l=bugtraq&m=144050155601375&w=2
http://openwall.com/lists/oss-security/2014/01/29/10
http://openwall.com/lists/oss-security/2014/01/29/2
http://osvdb.org/102611
http://secunia.com/advisories/60184
http://www-01.ibm.com/support/docview.wss?uid=isg3T1020637
http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/Attic/schnorr.c.diff?r1=1.9;r2=1.10;f=h
http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/schnorr.c#rev1.10
http://www.securityfocus.com/bid/65230
http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/Attic/schnorr.c.diff?r1=1.9%3Br2=1.10%3Bf=h
https://github.com/advisories/GHSA-pxrc-fqc7-h5rw