CVE-2008-5161

LOW EPSS 96.4%
Published Nov 19, 200817y ago · Modified Jun 16, 20262w ago
3.7 CVSS 3.1
Low
Find Similar
Published Nov 19, 2008 17y ago
Last Modified Jun 16, 2026 2w ago

Description

Error handling in the SSH protocol in (1) SSH Tectia Client and Server and Connector 4.0 through 4.4.11, 5.0 through 5.2.4, and 5.3 through 5.3.8; Client and Server and ConnectSecure 6.0 through 6.0.4; Server for Linux on IBM System z 6.0.4; Server for IBM z/OS 5.5.1 and earlier, 6.0.0, and 6.0.1; and Client 4.0-J through 4.3.3-J and 4.0-K through 4.3.10-K; and (2) OpenSSH 4.7p1 and possibly other versions, when using a block cipher algorithm in Cipher Block Chaining (CBC) mode, makes it easier for remote attackers to recover certain plaintext data from an arbitrary block of ciphertext in an SSH session via unknown vectors.

CVSS Details

Base Score
3.7
Exploitability
2.2
Impact
1.4
Vector string
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Attack Vector Network
Attack Complexity High
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality Low
Integrity None
Availability None

Threat Intelligence

EPSS Exploit Probability
96.4% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 2

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor Information Exposure
CWE-329

Affected Products 167

VendorProductVersionRange
openbsdopenssh4.7p1any
sshtectia_client4.0any
sshtectia_client4.0.1any
sshtectia_client4.0.3any
sshtectia_client4.0.4any
sshtectia_client4.0.5any
sshtectia_client4.2any
sshtectia_client4.2.1any
sshtectia_client4.3any
sshtectia_client4.3.1any
sshtectia_client4.3.1jany
sshtectia_client4.3.2any
sshtectia_client4.3.2jany
sshtectia_client4.3.3any
sshtectia_client4.3.4any
sshtectia_client4.3.5any
sshtectia_client4.3.6any
sshtectia_client4.3.7any
sshtectia_client4.3.8kany
sshtectia_client4.3.9kany
sshtectia_client4.4any
sshtectia_client4.4.1any
sshtectia_client4.4.2any
sshtectia_client4.4.3any
sshtectia_client4.4.4any
sshtectia_client4.4.6any
sshtectia_client4.4.7any
sshtectia_client4.4.8any
sshtectia_client4.4.9any
sshtectia_client4.4.10any
sshtectia_client4.4.11any
sshtectia_client5.0.0any
sshtectia_client5.0.0fany
sshtectia_client5.0.1any
sshtectia_client5.0.1fany
sshtectia_client5.0.2any
sshtectia_client5.0.2fany
sshtectia_client5.0.3any
sshtectia_client5.0.3fany
sshtectia_client5.1.0any
sshtectia_client5.1.1any
sshtectia_client5.1.2any
sshtectia_client5.1.3any
sshtectia_client5.2.0any
sshtectia_client5.2.1any
sshtectia_client5.2.2any
sshtectia_client5.2.3any
sshtectia_client5.2.4any
sshtectia_client5.3.0any
sshtectia_client5.3.1any
sshtectia_client5.3.2any
sshtectia_client5.3.3any
sshtectia_client5.3.5any
sshtectia_client5.3.6any
sshtectia_client5.3.7any
sshtectia_client5.3.8any
sshtectia_client6.0.0any
sshtectia_client6.0.1any
sshtectia_client6.0.2any
sshtectia_client6.0.3any
sshtectia_client6.0.4any
sshtectia_connector4.0.7any
sshtectia_connector4.1.2any
sshtectia_connector4.1.3any
sshtectia_connector4.1.5any
sshtectia_connector4.2.0any
sshtectia_connector4.3.0any
sshtectia_connector4.3.4any
sshtectia_connector4.3.5any
sshtectia_connector4.4.0any
sshtectia_connector4.4.2any
sshtectia_connector4.4.4any
sshtectia_connector4.4.6any
sshtectia_connector4.4.7any
sshtectia_connector4.4.9any
sshtectia_connector4.4.10any
sshtectia_connector5.0.0any
sshtectia_connector5.0.1any
sshtectia_connector5.0.2any
sshtectia_connector5.0.3any
sshtectia_connector5.1.0any
sshtectia_connector5.1.1any
sshtectia_connector5.1.2any
sshtectia_connector5.1.3any
sshtectia_connector5.2.2any
sshtectia_connector5.3.0any
sshtectia_connector5.3.1any
sshtectia_connector5.3.2any
sshtectia_connector5.3.3any
sshtectia_connector5.3.7any
sshtectia_connector5.3.8any
sshtectia_connectsecure6.0.0any
sshtectia_connectsecure6.0.1any
sshtectia_connectsecure6.0.2any
sshtectia_connectsecure6.0.3any
sshtectia_connectsecure6.0.4any
sshtectia_server4.0any
sshtectia_server4.0.3any
sshtectia_server4.0.4any
sshtectia_server4.0.5any
sshtectia_server4.0.7any
sshtectia_server4.1.2any
sshtectia_server4.1.3any
sshtectia_server4.1.5any
sshtectia_server4.2.0any
sshtectia_server4.2.1any
sshtectia_server4.2.2any
sshtectia_server4.3any
sshtectia_server4.3.0any
sshtectia_server4.3.1any
sshtectia_server4.3.2any
sshtectia_server4.3.3any
sshtectia_server4.3.4any
sshtectia_server4.3.5any
sshtectia_server4.3.6any
sshtectia_server4.3.7any
sshtectia_server4.4any
sshtectia_server4.4.0any
sshtectia_server4.4.1any
sshtectia_server4.4.2any
sshtectia_server4.4.4any
sshtectia_server4.4.5any
sshtectia_server4.4.6any
sshtectia_server4.4.7any
sshtectia_server4.4.8any
sshtectia_server4.4.9any
sshtectia_server4.4.10any
sshtectia_server4.4.11any
sshtectia_server5.0.0any
sshtectia_server5.0.1any
sshtectia_server5.0.2any
sshtectia_server5.0.3any
sshtectia_server5.1.0any
sshtectia_server5.1.1any
sshtectia_server5.1.1any
sshtectia_server5.1.2any
sshtectia_server5.1.3any
sshtectia_server5.2.0any
sshtectia_server5.2.0any
sshtectia_server5.2.1any
sshtectia_server5.2.2any
sshtectia_server5.2.2any
sshtectia_server5.2.3any
sshtectia_server5.2.4any
sshtectia_server5.3.0any
sshtectia_server5.3.0any
sshtectia_server5.3.1any
sshtectia_server5.3.2any
sshtectia_server5.3.3any
sshtectia_server5.3.4any
sshtectia_server5.3.5any
sshtectia_server5.3.6any
sshtectia_server5.3.7any
sshtectia_server5.3.8any
sshtectia_server5.4.0any
sshtectia_server5.4.1any
sshtectia_server5.4.2any
sshtectia_server5.5.0any
sshtectia_server5.5.1any
sshtectia_server6.0.0any
sshtectia_server6.0.0any
sshtectia_server6.0.1any
sshtectia_server6.0.1any
sshtectia_server6.0.2any
sshtectia_server6.0.3any
sshtectia_server6.0.4any
sshtectia_server6.0.4any

References 40

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.