Your submission was sent successfully! Close

CVE-2012-6063

Published: 30 November 2012

Double free vulnerability in the sftp_mkdir function in sftp.c in libssh before 0.5.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors, a different vector than CVE-2012-4559.

Notes

AuthorNote
mdeslaur
was included in CVE-2012-4559 patch
Priority

Medium

Status

Package Release Status
libssh
Launchpad, Ubuntu, Debian
hardy Ignored
(reached end-of-life)
lucid Not vulnerable
(0.4.2-1ubuntu1.1)
oneiric Not vulnerable
(0.5.2-1ubuntu0.11.10.1)
precise Not vulnerable
(0.5.2-1ubuntu0.12.04.1)
quantal Not vulnerable
(0.5.2-1ubuntu0.12.10.1)
raring Not vulnerable
(0.5.3-1)
upstream Needs triage