Out Of Bounds Read

libssh2.so is vulnerable to denial of service. A malicious server is able to crash the process by sending malicious SSH packet with a padding length value greater than the packet length, which would result in an out-of-bounds read when the packet is decompressed...

Denial Of Service (DoS)

libssh2.so is vulnerable to denial of service. A malicious server is able to crash the process from an out-of-bounds read by sending an empty payload response packet to various commands such as read directory, file status, status vfs and symlink etc...

Denial Of Service (DoS)

libssh2.so is vulnerable to denial of service. A malicious server is able to crash the process from an out-of-bounds read by sending malicious response packet to various commands such as the sha1 and sha226 key exchange, user auth list, user auth password, public key auth etc...

Denial Of Service (DoS)

libssh2.so is vulnerable to denial of service. A malicious server is able to crash the process by sending a malicious SFTP packet with zero value for the payload length, causing zero-byte allocation that results in an out-of-bounds read...

Denial Of Service (DoS)

libssh2.so is vulnerable to denial of service. A malicious server could send a SSHMSGCHANNELREQUEST packet with an exit signal message having a length of maximum unsigned integer value. This results in a length value of 1, which would cause a memory write out of bounds error or zero byte allocati...

Denial Of Service (DoS)

libssh2.so is vulnerable to denial of service. An integer overflow in the keyboard interactive handling allows a malicious server to crash the process resulted from an unchecked integer that leads to an out-of-bounds write error...

Denial Of Service (DoS)

libssh2.so is vulnerable to denial of service. A malicious server is able to cause a crash resulted from an unchecked integer overflow by sending a malicious packet to cause an out-of-bounds write error...

Slackware 14.2 / current : libssh2 (SSA:2019-077-01)

New libssh2 packages are available for Slackware 14.2 and -current to fix security issues. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory 2019-077-01. The text itself is copyright C Slackware Linux, Inc...

[slackware-security] libssh2

New libssh2 packages are available for Slackware 14.2 and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: patches/packages/libssh2-1.8.1-i586-1slack14.2.txz: Upgraded. Fixed several security issues. For more information, see:...

libssh2 Multiple Security Vulnerabilities

Description libssh2 is prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code, perform unauthorized actions, cause denial-of-service conditions, retrieve sensitive information; other attacks may also be possible. Technologies Affected Oracle Linux...

libssh2 -- multiple issues

libssh2 developers report: Defend against possible integer overflows in compmethodzlibdecomp. Defend against writing beyond the end of the payload in libssh2transportread. Sanitize paddinglength - libssh2transportread. This prevents an underflow resulting in a potential out-of-bounds read if a...

[SECURITY] [DSA 4377-3] rssh security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4377-3 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 22, 2019 https://www.debian.org/security/faq - -...

Security Bulletin: Vulnerability in libssh2 affects IBM Flex System Chassis Management Module (CVE-2016-0787)

Summary IBM Flex System Chassis Management Module CMM has addressed the following vulnerability in libssh2. Vulnerability Details Summary IBM Flex System Chassis Management Module CMM has addressed the following vulnerability in libssh2. Vulnerability Details CVE-ID: CVE-2016-0787 Description:...

Security Bulletin: Vulnerability in libssh2 affect IBM Flex System FC3171 8Gb SAN Switch & SAN Pass-thru Firmware and QLogic Virtual Fabric Extension Module for IBM BladeCenter (CVE-2016-0787)

Summary Vulnerability in libssh2 affects IBM Flex System FC3171 8Gb SAN Switch & SAN Pass-thru Firmware and QLogic Virtual Fabric Extension Module for IBM BladeCenter. Vulnerability Details Summary Vulnerability in libssh2 affects IBM Flex System FC3171 8Gb SAN Switch & SAN Pass-thru Firmware and...

Weak Diffie-Hellman Handshake Due To Truncated Secret Length

libssh2 is vulnerable to weak handshakes. The vulnerability happens because diffiehellmansha256 function in kex.c in libssh2 generates secret key of length 128 or 256 bits instead of 1023 or 2047 bits, allowing the attackers to intercept or decrypt SSH sessions using bits/bytes confusion bug...

Security Bulletin: A vulnerability in libssh2 affects PowerKVM (CVE-2016-0787)

Summary PowerKVM is affected by a vulnerability in libssh2. This vulnerability is now fixed. Vulnerability Details CVEID: CVE-2016-0787 DESCRIPTION: libssh2 could provide weaker than expected security, caused by a type confusion error during the SSHv2 handshake resulting in the generation of a...

Security Bulletin: Vulnerability in libssh2 affects PowerKVM (CVE-2015-1782)

Summary A vulnerability in libssh2 CVE-2015-1782 affects PowerKVM. Vulnerability Details CVEID: CVE-2015-1782 DESCRIPTION: libssh2 is vulnerable to a denial of service, caused by an error in kexagreemethods function. By sending a specially-craftedlity to cause the system to stop responding...

Security Bulletin: IBM Security Access Manager for Mobile is affected by a vulnerability in libssh2 (CVE-2016-0787)

Summary A vulnerability in libssh2 affects IBM Security Access Manager for Mobile. Vulnerability Details CVEID: CVE-2016-0787 DESCRIPTION: libssh2 could provide weaker than expected security, caused by a type confusion error during the SSHv2 handshake resulting in the generation of a reduced amou...

Security Bulletin: libssh2 vulnerability affects IBM Identity Security Governance (CVE-2016-0787)

Summary A libssh2 could provide weaker than expected security vulnerability affects IBM Identity Security Governance Vulnerability Details CVEID: CVE-2016-0787 DESCRIPTION: libssh2 could provide weaker than expected security, caused by a type confusion error during the SSHv2 handshake resulting i...

Security Bulletin: A vulnerability in libssh2 affects IBM Security Network Protection (CVE-2016-0787)

Summary The libssh2 packages provide a library that implements the SSHv2 protocol. A security vulnerability has been discovered in libssh2 used with IBM Security Network Protection. Vulnerability Details CVEID: CVE-2016-0787 DESCRIPTION: libssh2 could provide weaker than expected security, caused...