In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subsequent memory read. A crafted SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
Configuration 6 (hide)
AND |
|
History
12 Jun 2023, 07:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
27 Oct 2022, 21:08
Type | Values Removed | Values Added |
---|---|---|
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20220909-0004/ - Third Party Advisory | |
CPE | cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:* cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:bootstrap_os:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:* |
09 Sep 2022, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
09 Mar 2022, 21:55
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* | |
References | (MLIST) https://lists.debian.org/debian-lts-announce/2019/11/msg00010.html - Mailing List, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22H4Q5XMGS3QNSA7OCL3U7UQZ4NXMR5O/ - Mailing List, Third Party Advisory | |
References | (MISC) https://github.com/libssh2/libssh2/commit/dedcbd106f8e52d5586b0205bc7677e4c9868f9c - Patch, Third Party Advisory | |
References | (MLIST) https://lists.debian.org/debian-lts-announce/2021/12/msg00013.html - Mailing List, Third Party Advisory | |
References | (SUSE) http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00026.html - Mailing List, Third Party Advisory | |
References | (MISC) https://blog.semmle.com/libssh2-integer-overflow-CVE-2019-17498/ - Broken Link |
18 Dec 2021, 02:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2019-10-21 22:15
Updated : 2024-02-04 20:39
NVD link : CVE-2019-17498
Mitre link : CVE-2019-17498
CVE.ORG link : CVE-2019-17498
JSON object : View
Products Affected
debian
- debian_linux
netapp
- element_software
- bootstrap_os
- hci_management_node
- solidfire
- active_iq_unified_manager
- hci_compute_node
- ontap_select_deploy_administration_utility
opensuse
- leap
fedoraproject
- fedora
libssh2
- libssh2
CWE
CWE-190
Integer Overflow or Wraparound