Your submission was sent successfully! Close

CVE-2015-1782

Published: 13 March 2015

The kex_agree_methods function in libssh2 before 1.5.0 allows remote servers to cause a denial of service (crash) or have other unspecified impact via crafted length values in an SSH_MSG_KEXINIT packet.

From the Ubuntu security team

It was discovered that libssh2 mishandled certain input. If libssh2 were used to connect to a malicious or compromised SSH server, the server could cause the client to crash.

Priority

Medium

Status

Package Release Status
libssh2
Launchpad, Ubuntu, Debian
artful Not vulnerable
(1.5.0-1)
bionic Not vulnerable
(1.5.0-1)
cosmic Not vulnerable
(1.5.0-1)
disco Not vulnerable
(1.5.0-1)
lucid Ignored
(reached end-of-life)
precise Does not exist
(precise was needed)
trusty
Released (1.4.3-2ubuntu0.2)
upstream
Released (1.5.0)
utopic Ignored
(reached end-of-life)
vivid Does not exist

wily Not vulnerable
(1.5.0-1)
xenial Not vulnerable
(1.5.0-1)
yakkety Not vulnerable
(1.5.0-1)
zesty Not vulnerable
(1.5.0-1)
Patches:
upstream: http://www.libssh2.org/CVE-2015-1782.patch