OSSH Information for VU#419241

Multiple vendor SFTP logging format string vulnerability

Status

Not Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References

None

Addendum

The OSSH author indicates:

I'm quite sure that the now very
old ossh does not include a sftp client or server and that it should
thus not be vulnerable.

Either way ossh is old and obsolete and I don't recommend its use.

If you have feedback, comments, or additional information about this vulnerability, please send us email.