CVE-2019-17498
21.10.2019, 22:15
In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subsequent memory read. A crafted SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| libssh2 | libssh2 | 𝑥 ≤ 1.9.0 |
| opensuse | leap | 15.1 |
| debian | debian_linux | 8.0 |
| debian | debian_linux | 9.0 |
| netapp | active_iq_unified_manager | - |
| netapp | element_software | - |
| netapp | hci_management_node | - |
| netapp | ontap_select_deploy_administration_utility | - |
| netapp | solidfire | - |
| netapp | bootstrap_os | - |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
openSUSE / SLES Releases
openSUSE Product | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| libssh2-1 |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| libssh2-1-32bit |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| libssh2-devel |
|
Red Hat Enterprise Linux Releases
References