Integer Overflow or Wraparound in libssh2

Do your applications use this vulnerable package? Test your applications

Overview

In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subsequent memory read. A crafted SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server.

References

Debian Security Announcement
Debian Security Tracker
FEDORA
Fedora Security Update
GitHub Additional Information
GitHub Commit
MISC
MISC
MISC
OpenSuse Security Announcement

Attack Vector

Network
Attack Complexity

Low
Privileges Required

None
User Interaction

Required
Scope

Unchanged
Confidentiality

High
Integrity

None
Availability

High

CVE: CVE-2019-17498
CWE: CWE-190
Snyk ID: SNYK-DEBIAN10-LIBSSH2-474372
Disclosed: 21 Oct, 2019
Published: 25 Oct, 2019

Integer Overflow or Wraparound
Affecting libssh2 package, versions *

Overview

References

CVSS Score

Integer Overflow or Wraparound Affecting libssh2 package, versions *

Overview

References

Integer Overflow or Wraparound
Affecting libssh2 package, versions *