SSH Communications Security Information for VU#945216

SSH CRC32 attack detection code contains remote integer overflow



Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References



This vulnerability was addressed in Secure Shell 1.2.32, available at

In addition, SSH Communications has released a public statment regarding this vulnerability; for more information, please visit

It is important to note that versions 2.x and 3.x of SSH Secure Shell do not serve as replacements for the SSH1 protocol. Rather, they rely upon an existing installation of Secure Shell 1.x to handle SSH1 connections. Thus, installing a version 2.x or 3.x server does not obviate the need to maintain installations of Secure Shell 1.x.

If you have feedback, comments, or additional information about this vulnerability, please send us email.