Your submission was sent successfully! Close

CVE-2017-18594

Published: 29 August 2019

nse_libssh2.cc in Nmap 7.70 is subject to a denial of service condition due to a double free when an SSH connection fails, as demonstrated by a leading \n character to ssh-brute.nse or ssh-auth-methods.nse.

Priority

Low

CVSS 3 base score: 7.5

Status

Package Release Status
nmap
Launchpad, Ubuntu, Debian
bionic Needs triage

disco Ignored
(reached end-of-life)
eoan Not vulnerable
(7.80+dfsg1-1)
focal Not vulnerable
(7.80+dfsg1-1)
groovy Not vulnerable
(7.80+dfsg1-1)
hirsute Not vulnerable
(7.80+dfsg1-1)
impish Not vulnerable
(7.80+dfsg1-1)
jammy Not vulnerable
(7.80+dfsg1-1)
precise Ignored
(end of ESM support, was needs-triage)
trusty Needs triage

upstream
Released (7.80+dfsg1-1)
xenial Needs triage

Patches:
upstream: https://github.com/nmap/nmap/commit/350bbe0597d37ad67abe5fef8fba984707b4e9ad