#14853 closed enhancement (fixed)
libssh2 security fix
| Reported by: | Owned by: | ||
|---|---|---|---|
| Priority: | high | Milestone: | 11.0 |
| Component: | BOOK | Version: | SVN |
| Severity: | normal | Keywords: | |
| Cc: |
Description
In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subsequent memory read. A crafted SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server.
This has been fixed upstream but there is no newer release.
CVE-2019-17498
Change History (4)
comment:1 by , 3 years ago
| Owner: | changed from to |
|---|---|
| Priority: | normal → high |
| Status: | new → assigned |
comment:2 by , 3 years ago
Note:
See TracTickets
for help on using tickets.
Book updated at r24429.