PT-2015-5441 · Libssh2+4 · Libssh2+4

Mariusz Ziulek

Published

2015-03-10

Updated

2024-06-15

CVE-2015-1782

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions libssh2 versions prior to 1.5.0

Description The issue allows remote servers to cause a denial of service (crash) or have other unspecified impact via crafted length values in an SSH MSG KEXINIT packet. This is related to the kex agree methods function in libssh2.

Recommendations For versions prior to 1.5.0, update to version 1.5.0 or later to resolve the issue. As a temporary workaround, consider restricting access to SSH services to minimize the risk of exploitation.

Fix

DoS

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

ALT-PU-2015-2026

ALT-PU-2018-2261

CESA-2015_2140

CVE-2015-1782

DLA-171-1

DSA-3182-1

MGASA-2015-0107

OPENSUSE-SU-2024:10190-1

RHSA-2015:2140

RHSA-2015_2140

SUSE-RU-2023:4066-1

SUSE-SU-2015:0669-1

SUSE-SU-2015:0676-1

SUSE-SU-2015_0669-1

SUSE-SU-2015_0676-1

Affected Products

Alt Linux

Centos

Red Hat

Suse

Libssh2

PT-2015-5441 · Libssh2+4 · Libssh2+4

CVE-2015-1782

Weakness Enumeration

Related Identifiers

Affected Products

References · 50