OpenSSH Vulnerability (wodSFTP / wodSFTP.NET / wodSFTPdll)
We are using software that was built around wodSFTP (WeOnlyDo 220.127.116.11) for both client & host sFTP file transfers. We have found that some packets are randomly flagged by Meraki's IDS (SNORT) as having a signature matching a version of OpenSSH (versions 2.3.1 through 3.3) vulnerable to SSH Overflow vulnerabilities CVE-2002-0639 & CVE-2002-0640.
Does wodSFTP (WeOnlyDo 18.104.22.168) use OpenSSH or is there reason to believe wodSFTP might be vulnerable to these CVEs? We are trying to determine if Meraki's IDS/SNORT is giving us false positive events.