Multiple SSH2 servers and clients do not properly handle strings with
null characters in them when the string length is specified by a
length field, which could allow remote attackers to cause a denial of
service or possibly execute arbitrary code due to interactions with
the use of null-terminated strings as implemented using languages such
as C, as demonstrated by the SSHredder SSH protocol test suite.
Note:References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
VULNWATCH:20021216 R7-0009: Vulnerabilities in SSH2 Implementations from Multiple Vendors
Disclaimer: The entry creation date may reflect when
the CVE-ID was allocated or reserved, and does not
necessarily indicate when this vulnerability was
discovered, shared with the affected vendor, publicly
disclosed, or updated in CVE.