PT-2019-6253 · Libssh2+6 · Libssh2+6
Kevin Backhouse
·
Publicado
2019-07-01
·
Atualizado
2025-10-27
·
CVE-2019-17498
CVSS v2.0
8.8
Alta
| Vetor | AV:N/AC:M/Au:N/C:C/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
libssh2 versions 1.9.0 and earlier
Description
The issue is related to an integer overflow in the SSH MSG DISCONNECT logic in packet.c, which enables an attacker to specify an arbitrary offset for a subsequent memory read. This could allow a crafted SSH server to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server.
Recommendations
For libssh2 versions 1.9.0 and earlier, consider disabling the
packet.c component until a patch is available to prevent potential exploitation. Restrict access to the SSH server to minimize the risk of sensitive information disclosure or denial of service. As a temporary workaround, avoid using the vulnerable packet.c logic in the SSH MSG DISCONNECT handling until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exploit
DoS
Integer Overflow
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Alt Linux
Astra Linux
Centos
Red Hat
Suse
Ubuntu
Libssh2