Lucene search

K
freebsdFreeBSD6E58E1E9-2636-413E-9F84-4C0E21143628
HistoryMar 14, 2019 - 12:00 a.m.

libssh2 -- multiple issues

2019-03-1400:00:00
vuxml.freebsd.org
5

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.046 Low

EPSS

Percentile

92.4%

libssh2 developers report:

Defend against possible integer overflows in comp_method_zlib_decomp.
Defend against writing beyond the end of the payload in _libssh2_transport_read().
Sanitize padding_length - _libssh2_transport_read().
This prevents an underflow resulting in a potential out-of-bounds read if a server sends a too-large padding_length, possibly with malicious intent.
Prevent zero-byte allocation in sftp_packet_read() which could lead to an out-of-bounds read.
Check the length of data passed to sftp_packet_add() to prevent out-of-bounds reads.
Add a required_size parameter to sftp_packet_require et. al. to require callers of these functions to handle packets that are too short.
Additional length checks to prevent out-of-bounds reads and writes in _libssh2_packet_add().

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchlibssh2< 1.8.1,3UNKNOWN
FreeBSDanynoarchlinux-c6-libssh2< 1.4.2_7UNKNOWN
FreeBSDanynoarchlinux-c7-libssh2< 1.4.3_3UNKNOWN

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.046 Low

EPSS

Percentile

92.4%

Related for 6E58E1E9-2636-413E-9F84-4C0E21143628