Integer Overflow or Wraparound

Affecting libssh2 package, versions <1.9.0-r1

Report new vulnerabilities
Do your applications use this vulnerable package? Test your applications

Overview

Affected versions of this package are vulnerable to Integer Overflow or Wraparound. In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subsequent memory read. A crafted SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server.

Remediation

Upgrade libssh2 to version or higher.

References

CVSS Score

8.1
high severity
  • Attack Vector
    Network
  • Attack Complexity
    Low
  • Privileges Required
    None
  • User Interaction
    Required
  • Scope
    Unchanged
  • Confidentiality
    High
  • Integrity
    None
  • Availability
    High
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
CVE
CVE-2019-17498
CWE
CWE-190
Snyk ID
SNYK-ALPINE39-LIBSSH2-1072330
Disclosed
21 Oct, 2019
Published
02 Feb, 2021