DEBIAN-CVE-2026-3497

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/CVE-2026-3497

Import Source

https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2026-3497.json

JSON Data

https://api.osv.dev/v1/vulns/DEBIAN-CVE-2026-3497

Upstream

CVE-2026-3497

Published

2026-03-12T19:16:19.910Z

Modified

2026-04-16T19:00:12.610906Z

Severity

6.9 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X CVSS Calculator

Summary

[none]

Details

Vulnerability in the OpenSSH GSSAPI delta included in various Linux distributions. This vulnerability affects the GSSAPI patches added by various Linux distributions and does not affect the OpenSSH upstream project itself. The usage of sshpktdisconnect() on an error, which does not terminate the process, allows an attacker to send an unexpected GSSAPI message type during the GSSAPI key exchange to the server, which will call the underlying function and continue the execution of the program without setting the related connection variables. As the variables are not initialized to NULL the code later accesses those uninitialized variables, accessing random memory, which could lead to undefined behavior. The recommended workaround is to use sshpacket_disconnect() instead, which does terminate the process. The impact of the vulnerability depends heavily on the compiler flag hardening configuration.

References

https://security-tracker.debian.org/tracker/CVE-2026-3497

Affected packages

Debian:11 / openssh

Package

Name: openssh
Purl: pkg:deb/debian/openssh?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:8.4p1-5+deb11u6

Affected versions

1:8.*

1:8.4p1-5

1:8.4p1-5+deb11u1

1:8.4p1-5+deb11u2

1:8.4p1-5+deb11u3

1:8.4p1-5+deb11u4

1:8.4p1-5+deb11u5

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2026-3497.json"

Debian:12 / openssh

Package

Name: openssh
Purl: pkg:deb/debian/openssh?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:9.2p1-2+deb12u9

Affected versions

1:9.*

1:9.2p1-2

1:9.2p1-2+deb12u1

1:9.2p1-2+deb12u2

1:9.2p1-2+deb12u3

1:9.2p1-2+deb12u4

1:9.2p1-2+deb12u5

1:9.2p1-2+deb12u6

1:9.2p1-2+deb12u7

1:9.2p1-2+deb12u8

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2026-3497.json"

Debian:13 / openssh

Package

Name: openssh
Purl: pkg:deb/debian/openssh?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:10.0p1-7+deb13u2

Affected versions

1:10.*

1:10.0p1-7

1:10.0p1-7+deb13u1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2026-3497.json"

Debian:14 / openssh

Package

Name: openssh
Purl: pkg:deb/debian/openssh?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:10.2p1-6

Affected versions

1:10.*

1:10.0p1-7

1:10.0p1-8

1:10.1p1-1

1:10.1p1-2

1:10.2p1-1

1:10.2p1-2~bpo13+1

1:10.2p1-2

1:10.2p1-3

1:10.2p1-4

1:10.2p1-5

1:10.2p1-6~bpo13+1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2026-3497.json"