CVE-2017-18594

Published: 29 August 2019

nse_libssh2.cc in Nmap 7.70 is subject to a denial of service condition due to a double free when an SSH connection fails, as demonstrated by a leading \n character to ssh-brute.nse or ssh-auth-methods.nse.

Priority

Low

CVSS 3 base score: 7.5

Status

Package Release Status
nmap
Launchpad, Ubuntu, Debian
Upstream
Released (7.80+dfsg1-1)
Ubuntu 20.10 (Groovy Gorilla) Not vulnerable
(7.80+dfsg1-1)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(7.80+dfsg1-1)
Ubuntu 18.04 LTS (Bionic Beaver) Needs triage

Ubuntu 16.04 LTS (Xenial Xerus) Needs triage

Ubuntu 14.04 ESM (Trusty Tahr) Needs triage

Ubuntu 12.04 ESM (Precise Pangolin) Needs triage

Patches:
Upstream: https://github.com/nmap/nmap/commit/350bbe0597d37ad67abe5fef8fba984707b4e9ad