Inappropriate Encoding for Output Context

CVE-2019-6110

Medium

6.8/10

Summary

In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred.

Attack Complexity: HIGH
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: REQUIRED
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: NONE

CWE-838 - Inappropriate Encoding for Output Context

The software uses or specifies an encoding when generating output to a downstream component, but the specified encoding is not the same as the encoding that is expected by the downstream component.

References

Advisory Timeline

Published Jan 31, 2019

Inappropriate Encoding for Output Context

CVE-2019-6110

Summary

CWE-838 - Inappropriate Encoding for Output Context

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS