CVE-2007-1654

Name of the Vulnerable Software and Affected Versions: NetSieben SSH Library (ne7ssh) versions prior to 1.2.1

Description: The issue is related to a buffer overflow in the Ne7sshSftp::addOpenHandle function, which can be triggered by user-assisted remote SFTP servers. This can cause a denial of service (crash) or possibly allow the execution of arbitrary code via multiple file transfers. The vulnerability is specifically related to multiple open file handles in SFTP put and get operations.

Recommendations: For versions prior to 1.2.1, update to version 1.2.1 or later to resolve the issue. As a temporary workaround, consider restricting the number of open file handles in SFTP operations to minimize the risk of exploitation.