CVE-2018-7750
- Source
- https://cve.org/CVERecord?id=CVE-2018-7750
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-7750.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2018-7750
- Aliases
- Downstream
- Related
- Published
- 2018-03-13T18:29:00.303Z
- Modified
- 2026-03-15T22:28:47.057011Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
transport.py in the SSH server implementation of Paramiko before 1.17.6, 1.18.x before 1.18.5, 2.0.x before 2.0.8, 2.1.x before 2.1.5, 2.2.x before 2.2.3, 2.3.x before 2.3.2, and 2.4.x before 2.4.1 does not properly check whether authentication is completed before processing other requests, as demonstrated by channel-open. A customized SSH client can simply skip the authentication step.
- References
-
- https://access.redhat.com/errata/RHSA-2018:1328
- https://github.com/paramiko/paramiko/blob/master/sites/www/changelog.rst
- https://usn.ubuntu.com/3603-2/
- https://access.redhat.com/errata/RHSA-2018:0591
- https://access.redhat.com/errata/RHSA-2018:1124
- https://access.redhat.com/errata/RHSA-2018:1525
- https://lists.debian.org/debian-lts-announce/2018/10/msg00018.html
- http://www.securityfocus.com/bid/103713
- https://lists.debian.org/debian-lts-announce/2021/12/msg00025.html
- https://usn.ubuntu.com/3603-1/
- https://access.redhat.com/errata/RHSA-2018:1125
- https://access.redhat.com/errata/RHSA-2018:1213
- https://access.redhat.com/errata/RHSA-2018:1972
- https://access.redhat.com/errata/RHSA-2018:0646
- https://access.redhat.com/errata/RHSA-2018:1274
- https://github.com/paramiko/paramiko/issues/1175
- https://github.com/paramiko/paramiko/commit/fa29bd8446c8eab237f5187d28787727b4610516
- https://www.exploit-db.com/exploits/45712/
Affected packages
Git / github.com/paramiko/paramiko
Affected ranges
- Type
- GIT
- Repo
- https://github.com/paramiko/paramiko
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedIntroducedFixedIntroducedFixedIntroducedFixedIntroducedFixedIntroducedFixedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedFixed
- Database specific
{ "versions": [ { "introduced": "0" }, { "fixed": "1.17.6" }, { "introduced": "1.18.0" }, { "fixed": "1.18.5" }, { "introduced": "2.0.0" }, { "fixed": "2.0.8" }, { "introduced": "2.1.0" }, { "fixed": "2.1.5" }, { "introduced": "2.2.0" }, { "fixed": "2.2.3" }, { "introduced": "2.3.0" }, { "fixed": "2.3.2" }, { "introduced": "0" }, { "last_affected": "2.4.0" }, { "introduced": "0" }, { "last_affected": "2.0" }, { "introduced": "0" }, { "last_affected": "2.4" } ] }
Affected versions
1.*
1.18.0
1.18.1
2.*
2.0.0
2.0.1
2.0.2
2.0.3
2.0.4
2.0.5
2.0.6
2.0.7
v1.*
v1.18.0
v1.18.1
Database specific
unresolved_ranges
[
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "4.5"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "4.6"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "4.1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "6.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "6.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "6.4"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "6.5"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "6.6"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "6.7"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "6.6"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "6.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "9.0"
}
]
}
]
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-7750.json"