Highlights
Denial of Service: 55 prior fixes. Scrutinize any change in this area.
common-session.c: most-fixed (14 issues). Treat as high-risk during review.
49 high-severity fixes in this history; regressions here are high-impact.
Recurring patterns
The bug types that recur here, drawn from past fixes, not open vulnerabilities.
Auth Bypass: Parsing of the authorized_keys file has historically been prone to split-line parser differentials, missing null-byte validation, and uncaptured return values during key checks, enabling remote attackers to bypass public key constraints or authentication entirely.
Privilege Escalation: Failure to drop privileges to the target user's UID/GID before opening and reading authorized_keys files historically allowed unprivileged clients to coerce the root daemon into accessing privileged or restricted paths.
Path Traversal: The scp client has been vulnerable to malicious servers writing arbitrary files or modifying local directories due to incomplete destination directory existence checks and weak validation of incoming filenames against glob patterns.