Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:DSA-3182-1
HistoryMar 11, 2015 - 12:00 a.m.

libssh2 - security update

2015-03-1100:00:00
Google
osv.dev
7

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

JSON

Mariusz Ziulek reported that libssh2, a SSH2 client-side library, was
reading and using the SSH_MSG_KEXINIT packet without doing sufficient
range checks when negotiating a new SSH session with a remote server. A
malicious attacker could man in the middle a real server and cause a
client using the libssh2 library to crash (denial of service) or
otherwise read and use unintended memory areas in this process.

For the stable distribution (wheezy), this problem has been fixed in
version 1.4.2-1.1+deb7u1.

We recommend that you upgrade your libssh2 packages.

CPENameOperatorVersion
libssh2eq1.4.2-1.1

Related

redhat 1
archlinux 1
securityvulns 2
nessus 14
openvas 12
prion 1
oraclelinux 1
debian 3
ubuntucve 1
cve 1
fedora 3
ibm 2
freebsd 1
debiancve 1
altlinux 1
osv 1
mageia 1
centos 1
veracode 1
hackerone 1
redhat
redhat
(RHSA-2015:2140) Low: libssh2 security and bug fix update
2015-11-19 14:40:31
archlinux
archlinux
libssh2: out-of-bounds read
2015-04-09 00:00:00
securityvulns
securityvulns
[SECURITY] [DSA 3182-1] libssh2 security update
2015-03-15 00:00:00
libssh2 DoS
2015-03-15 00:00:00
nessus
nessus
Mandriva Linux Security Advisory : libssh2 (MDVSA-2015:148-1)
2015-03-30 00:00:00
FreeBSD : libssh2 -- denial of service vulnerability (9770d6ac-614d-11e5-b379-14dae9d210b8)
2015-09-23 00:00:00
Oracle Linux 7 : libssh2 (ELSA-2015-2140)
2015-11-24 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2015:0669-1)
2021-04-19 00:00:00
Mageia: Security Advisory (MGASA-2015-0107)
2022-01-28 00:00:00
RedHat Update for libssh2 RHSA-2015:2140-07
2015-11-20 00:00:00
prion
prion
Stack overflow
2015-03-13 14:59:00
oraclelinux
oraclelinux
libssh2 security and bug fix update
2015-11-23 00:00:00
debian
debian
[SECURITY] [DSA 3182-1] libssh2 security update
2015-03-11 11:04:21
[SECURITY] [DLA 171-1] libssh2 security update
2015-03-14 18:30:24
[SECURITY] [DSA 3182-1] libssh2 security update
2015-03-11 11:04:38
ubuntucve
ubuntucve
CVE-2015-1782
2015-03-13 00:00:00
cve
cve
CVE-2015-1782
2015-03-13 14:59:00
fedora
fedora
[SECURITY] Fedora 20 Update: libssh2-1.5.0-1.fc20
2015-03-30 07:12:45
[SECURITY] Fedora 21 Update: libssh2-1.5.0-1.fc21
2015-03-19 18:44:02
[SECURITY] Fedora 22 Update: libssh2-1.5.0-1.fc22
2015-03-15 10:52:44
ibm
ibm
Security Bulletin: Vulnerability in libssh2 affects PowerKVM (CVE-2015-1782)
2018-06-18 01:30:32
Security Bulletin: Vulnerability in libssh2 affects SAN Volume Controller and Storwize Family (CVE-2015-1782)
2023-03-29 01:48:02
freebsd
freebsd
libssh2 -- denial of service vulnerability
2015-01-25 00:00:00
debiancve
debiancve
CVE-2015-1782
2015-03-13 14:59:00
altlinux
altlinux
Security fix for the ALT Linux 8 package libssh2 version 1.4.3-alt2
2015-11-25 00:00:00
osv
osv
libssh2 - security update
2015-03-14 00:00:00
mageia
mageia
Updated libssh2 packages fix CVE-2015-1782
2015-03-12 18:30:53
centos
centos
libssh2 security update
2015-11-30 19:41:07
veracode
veracode
Denial Of Service (DoS)
2017-01-27 08:55:57
hackerone
hackerone
Imgur: SSRF in https://imgur.com/vidgif/url
2016-02-10 18:53:22

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

JSON
Related for OSV:DSA-3182-1
redhat1archlinux1securityvulns2nessus14openvas12prion1oraclelinux1debian3ubuntucve1cve1fedora3ibm2freebsd1debiancve1altlinux1osv1mageia1centos1veracode1hackerone1