Enquiry about Remediation against Terrapin attack
Jan Ehrhardt
phpdev at ehrhardt.nl
Fri Feb 2 00:20:40 CET 2024
R V S, Ramya - Dell Team via libssh2-devel (Mon, 22 Jan 2024 10:21:45
+0000):
>Currently we are using libssh2 1.11.0, the latest as stated in the official site.
>
>With reference to the CVEs logged, CVE-2023-48795, CVE-2023-46445, CVE-2023-46446
>against the Novel Terrapin attack, I would like to understand if the remediation
>for these have been implemented? If so, which version of libssh2 can be used to
>remediate from the vulnerability?
It has been fixed on Dec 19, 2023, for an upcoming 1.11.1 release:
https://github.com/libssh2/libssh2/commit/d34d9258b8420b19ec3f97b4cc5bf7aa7d98e35a
I am also waiting for this release.
--
Jan
More information about the libssh2-devel
mailing list