CVE-2012-6063
Published: 30 November 2012
Double free vulnerability in the sftp_mkdir function in sftp.c in libssh before 0.5.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors, a different vector than CVE-2012-4559.
Notes
Author | Note |
---|---|
mdeslaur | was included in CVE-2012-4559 patch |
Priority
Status
Package | Release | Status |
---|---|---|
libssh Launchpad, Ubuntu, Debian |
hardy |
Ignored
(reached end-of-life)
|
lucid |
Not vulnerable
(0.4.2-1ubuntu1.1)
|
|
oneiric |
Not vulnerable
(0.5.2-1ubuntu0.11.10.1)
|
|
precise |
Not vulnerable
(0.5.2-1ubuntu0.12.04.1)
|
|
quantal |
Not vulnerable
(0.5.2-1ubuntu0.12.10.1)
|
|
raring |
Not vulnerable
(0.5.3-1)
|
|
upstream |
Needs triage
|