Opened 4 months ago

Closed 4 months ago

#14853 closed enhancement (fixed)

libssh2 security fix

Reported by: ken@… Owned by: ken@…
Priority: high Milestone: 10.2
Component: BOOK Version: SVN
Severity: normal Keywords:


In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subsequent memory read. A crafted SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server.

This has been fixed upstream but there is no newer release.


Change History (3)

comment:1 by ken@…, 4 months ago

Owner: changed from blfs-book to ken@…
Priority: normalhigh
Status: newassigned

comment:2 by ken@…, 4 months ago

Book updated at r24429.

comment:3 by ken@…, 4 months ago

Resolution: fixed
Status: assignedclosed

Advisory 10.1-023 added.

Note: See TracTickets for help on using tickets.