CVE-2018-3737

High

sshpk is vulnerable to ReDoS when parsing crafted invalid public keys.

hackerone·CWE-770·Published 2018-06-07

CVSS

7.5

EPSS

0.02

KEV

Exploits

cve.orgen

70 chars

sshpk is vulnerable to ReDoS when parsing crafted invalid public keys.

NVDen

70 chars

sshpk is vulnerable to ReDoS when parsing crafted invalid public keys.

OSV.deven

204 chars

Versions of `sshpk` before 1.13.2 or 1.14.1 are vulnerable to regular expression denial of service when parsing crafted invalid public keys. ## Recommendation Update to version 1.13.2, 1.14.1 or later.

GHSAen

204 chars

NVDes

140 chars

sshpk es vulnerable a una denegación de servicio con expresiones regulares (ReDoS) cuando se parsean claves públicas manipuladas no válidas.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	5.0	10.0	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P
3.1	Primary	NVD	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H