libssh2 security update

CentOS Errata and Security Advisory CESA-2020:3915 An update for libssh2 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

CentOS 7 : libssh2 (RHSA-2020:3915)

The remote CentOS Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:3915 advisory. - In libssh2 v1.9.0 and earlier versions, the SSHMSGDISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an...

libssh2 security update

1.8.0-4 - fix integer overflow in SSHMSGDISCONNECT logic CVE-2019-17498 1.8.0-3 - sanitize public header file detected by rpmdiff 1.8.0-2 - fix integer overflow in keyboard interactive handling that allows out-of-bounds writes CVE-2019-3863 - fix out-of-bounds memory comparison with specially...

Denial Of Service (DoS)

libssh2 is vulnerable to denial of service. The vulnerability exists through an integer overflow in SSHMSGDISCONNECT logic in packet.c which allows an attacker to cause an application crash...

RHEL 7 : libssh2 (RHSA-2020:3915)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:3915 advisory. The libssh2 packages provide a library that implements the SSH2 protocol. Security Fixes: libssh2: integer overflow in SSHMSGDISCONNECT logic in...

libssh2: integer overflow in SSH_MSG_DISCONNECT logic in packet.c

In libssh2 v1.9.0 and earlier versions, the SSHMSGDISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary out-of-bounds offset for a subsequent memory read. A crafted SSH server may be able to disclose sensitive information or cause a...

Moderate: Red Hat Security Advisory: libssh2 security update

An update for libssh2 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

CVE-2019-17498 affecting package libssh2 1.9.0-1

CVE-2019-17498 affecting package libssh2 1.9.0-1. A patched version of the package is available...

In libssh2 v1.9.0 and earlier versions the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subsequent memory read. A crafted SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server.

...

Security Bulletin: IBM Integrated Management Module II (IMM2) is affected by multiple vulnerabilities in libssh2

Summary The following vulnerabilities in libssh2 have been addressed by IBM Integrated Management Module II IMM2. Vulnerability Details CVEID: CVE-2019-3857 DESCRIPTION: libssh2 could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow. By sending a...

Security Bulletin: IBM Integrated Management Module II (IMM2) is affected by a vulnerability in libssh2 (CVE-2016-0787)

Summary The following vulnerability in libssh2 has been addressed by IBM Integrated Management Module II IMM2. Vulnerability Details CVEID: CVE-2016-0787 DESCRIPTION: libssh2 could provide weaker than expected security, caused by a type confusion error during the SSHv2 handshake resulting in the...

PT-2020-6930 · Libssh2 +6 · Libssh2 +6

Name of the Vulnerable Software and Affected Versions: libssh2 version 1.10.0 Description: An issue was discovered in the libssh2 packet add function that allows attackers to access out of bounds memory, potentially leading to a denial of service. This issue is related to a buffer overflow in the...

libssh2 < 1.8.1 Integer Overflow Vulnerability.

An integer overflow condition exists in libssh2 before 1.8.1 due to the way packets are read from the server. An authenticated, local attacker can exploit this if they have already compromised an SSH server. The attacker may be able to execute code on the system of users who connect to the SSH...

Huawei EulerOS: Security Advisory for libssh2 (EulerOS-SA-2020-1405)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP3 : libssh2 (EulerOS-SA-2020-1405)

According to the version of the libssh2 package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A flaw was found with the libssh API function sshscpnew in versions before 0.9.3 and before 0.8.8. When the libssh SCP client connects to a server,...

CVE-2019-3859

An out of bounds read flaw was discovered in libssh2 in the libssh2packetrequire and libssh2packetrequirev functions. A remote attacker who compromises a SSH server may be able to cause a denial of service or read data in the client memory...

CVE-2019-3858

An out of bounds read flaw was discovered in libssh2 when a specially crafted SFTP packet is received from the server. A remote attacker who compromises a SSH server may be able to cause a denial of service or read data in the client memory...

CVE-2019-3855

An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server...

CVE-2019-3860

An out of bounds read flaw was discovered in libssh2 in the way SFTP packets with empty payloads are parsed. A remote attacker who compromises a SSH server may be able to cause a denial of service or read data in the client memory...

EulerOS Virtualization 3.0.2.2 : libssh2 (EulerOS-SA-2020-1282)

According to the version of the libssh2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - In libssh2 v1.9.0 and earlier versions, the SSHMSGDISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling a...