Your submission was sent successfully! Close

CVE-2019-17498

Published: 21 October 2019

In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subsequent memory read. A crafted SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server.

From the Ubuntu security team

It was discovered that libssh2 incorrectly handled bound checks in SSH_MSG_DISCONNECT. A remote attacker could possibly use this issue to cause a denial of service or obtain sensitive information.

Priority

Medium

CVSS 3 base score: 8.1

Status

Package Release Status
libssh2
Launchpad, Ubuntu, Debian
bionic Needed

disco Ignored
(reached end-of-life)
eoan Ignored
(reached end-of-life)
focal Needed

groovy Ignored
(reached end-of-life)
hirsute Not vulnerable
(1.9.0-1)
impish Not vulnerable
(1.9.0-1)
jammy Not vulnerable
(1.9.0-1)
precise Does not exist

trusty Needs triage

upstream
Released (1.9.0-1, 1.4.3-4.1+deb8u6)
xenial Ignored
(end of standard support, was needed)
Patches:
upstream: https://github.com/libssh2/libssh2/pull/402/commits/1c6fa92b77e34d089493fe6d3e2c6c8775858b94