libssh2:ssh2_client_fuzzer: Heap-buffer-overflow in _libssh2_ntohu32

Project: https://github.com/cmeister2/libssh2.git Detailed Report: https://oss-fuzz.com/testcase?key=5196894417977344 Project: libssh2 Fuzzing Engine: libFuzzer Fuzz Target: ssh2clientfuzzer Job Type: libfuzzerasanlibssh2 Platform Id: linux Crash Type: Heap-buffer-overflow READ 1 Crash Address:...

CentOS 7 : libssh2 (CESA-2019:2136)

An update for libssh2 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

DEBIAN-CVE-2017-18594

nselibssh2.cc in Nmap 7.70 is subject to a denial of service condition due to a double free when an SSH connection fails, as demonstrated by a leading \n character to ssh-brute.nse or ssh-auth-methods.nse...

CVE-2017-18594

nselibssh2.cc in Nmap 7.70 is subject to a denial of service condition due to a double free when an SSH connection fails, as demonstrated by a leading \n character to ssh-brute.nse or ssh-auth-methods.nse...

libssh2:ssh2_client_fuzzer: Crash in _libssh2_packet_add

Project: https://github.com/cmeister2/libssh2.git Detailed Report: https://oss-fuzz.com/testcase?key=5670522204979200 Project: libssh2 Fuzzing Engine: libFuzzer Fuzz Target: ssh2clientfuzzer Job Type: libfuzzerasanlibssh2 Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x61110004e7ff...

libssh2:ssh2_client_fuzzer: Heap-buffer-overflow in kex_agree_methods

Project: https://github.com/cmeister2/libssh2.git Detailed Report: https://oss-fuzz.com/testcase?key=5129964331991040 Project: libssh2 Fuzzing Engine: libFuzzer Fuzz Target: ssh2clientfuzzer Job Type: libfuzzerasanlibssh2 Platform Id: linux Crash Type: Heap-buffer-overflow READ 1 Crash Address:...

libssh2:ssh2_client_fuzzer: Crash in _libssh2_ntohu32

Project: https://github.com/cmeister2/libssh2.git Detailed Report: https://oss-fuzz.com/testcase?key=5705819873607680 Project: libssh2 Fuzzing Engine: libFuzzer Fuzz Target: ssh2clientfuzzer Job Type: libfuzzerasanlibssh2 Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x60200a000116...

libssh2:ssh2_client_fuzzer: Heap-buffer-overflow in _libssh2_ntohu32

Project: https://github.com/cmeister2/libssh2.git Detailed Report: https://oss-fuzz.com/testcase?key=5651535966502912 Project: libssh2 Fuzzing Engine: libFuzzer Fuzz Target: ssh2clientfuzzer Job Type: libfuzzerasanlibssh2 Platform Id: linux Crash Type: Heap-buffer-overflow READ 1 Crash Address:...

Scientific Linux Security Update : libssh2 on SL7.x x86_64 (20190806)

The following packages have been upgraded to a later upstream version: libssh2 1.8.0. Security Fixes : - libssh2: Zero-byte allocation with a specially crafted SFTP packed leading to an out-of-bounds read CVE-2019-3858 - libssh2: Out-of-bounds reads with specially crafted SSH packets CVE-2019-386...

Critical Photon OS Security Update - PHSA-2019-0026

Updates of 'expat', 'postgresql', 'u-boot', 'grub2', 'haproxy', 'linux-esx', 'zeromq', 'linux', 'mysql', 'linux- secure', 'linux-aws', 'binutils', 'libssh2' packages of Photon OS have been released...

Amazon Linux AMI : libssh2 (ALAS-2019-1254)

An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.CVE-2019-3855 An integer...

libssh2 security, bug fix, and enhancement update

1.8.0-3 - sanitize public header file detected by rpmdiff 1.8.0-2 - fix integer overflow in keyboard interactive handling that allows out-of-bounds writes CVE-2019-3863 - fix out-of-bounds memory comparison with specially crafted message channel request CVE-2019-3862 - fix out-of-bounds reads wit...

CentOS 7 : libssh2 (CESA-2019:1884)

An update for libssh2 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

RHEL 7 : libssh2 (RHSA-2019:2399)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:2399 advisory. The libssh2 packages provide a library that implements the SSH2 protocol. Security Fixes: libssh2: Integer overflow in transport read...

RHEL 7 : libssh2 (RHSA-2019:2136)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:2136 advisory. The libssh2 packages provide a library that implements the SSH2 protocol. The following packages have been upgraded to a later upstream...

Fedora 30 : libssh2 (2019-9d85600fc7)

A vulnerability was discovered in libssh2 before 1.9.0, kexmethoddiffiehellmangroupexchangesha256keyexchange in kex.c has an integer overflow that could lead to an out-of-bounds write in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execut...

Oracle Linux 7 : libssh2 (ELSA-2019-1884)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2019-1884 advisory. 1.4.3-12.0.1.el76.3 - Bump and rebuild. 1.4.3-12.el76.3 - fix out-of-bounds memory comparison with specially crafted message channel request CVE-2019-3862 Tenab...

Fedora 29 : libssh2 (2019-5885663621)

A vulnerability was discovered in libssh2 before 1.9.0, kexmethoddiffiehellmangroupexchangesha256keyexchange in kex.c has an integer overflow that could lead to an out-of-bounds write in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execut...

Scientific Linux Security Update : libssh2 on SL7.x x86_64 (20190729)

Security Fixes : - libssh2: Out-of-bounds memory comparison with specially crafted message channel request CVE-2019-3862 C Tenable Network Security, Inc. The descriptive text is C Scientific Linux. include'compat.inc'; if description scriptid127727; scriptversion"1.4";...

Amazon Linux 2 : libssh2 (ALAS-2019-1263)

An out of bounds read flaw was discovered in libssh2 when a specially crafted SFTP packet is received from the server. A remote attacker who compromises a SSH server may be able to cause a denial of service or read data in the client memory. CVE-2019-3858 An out of bounds read flaw was discovered...