OpenSSH Vulnerability (wodSFTP / wodSFTP.NET / wodSFTPdll)
We are using software that was built around wodSFTP (WeOnlyDo 22.214.171.124) for both client & host sFTP file transfers. We have found that some packets are randomly flagged by Meraki's IDS (SNORT) as having a signature matching a version of OpenSSH (versions 2.3.1 through 3.3) vulnerable to SSH Overflow vulnerabilities CVE-2002-0639 & CVE-2002-0640.
Does wodSFTP (WeOnlyDo 126.96.36.199) use OpenSSH or is there reason to believe wodSFTP might be vulnerable to these CVEs? We are trying to determine if Meraki's IDS/SNORT is giving us false positive events.