SSH Communications Security Information for VU#945216
SSH CRC32 attack detection code contains remote integer overflow
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
This vulnerability was addressed in Secure Shell 1.2.32, available at
In addition, SSH Communications has released a public statment regarding this vulnerability; for more information, please visit
It is important to note that versions 2.x and 3.x of SSH Secure Shell do not serve as replacements for the SSH1 protocol. Rather, they rely upon an existing installation of Secure Shell 1.x to handle SSH1 connections. Thus, installing a version 2.x or 3.x server does not obviate the need to maintain installations of Secure Shell 1.x.
If you have feedback, comments, or additional information about this vulnerability, please send us email.