CVE-2019-17498

In libssh2 v1.9.0 and earlier versions, the SSHMSGDISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary out-of-bounds offset for a subsequent memory read. A crafted SSH server may be able to disclose sensitive information or cause a...

CVE-2019-17498

In libssh2 v1.9.0 and earlier versions, the SSHMSGDISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary out-of-bounds offset for a subsequent memory read. A crafted SSH server may be able to disclose sensitive information or cause a...

CVE-2019-17498

In libssh2 v1.9.0 and earlier versions, the SSHMSGDISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary out-of-bounds offset for a subsequent memory read. A crafted SSH server may be able to disclose sensitive information or cause a...

NewStart CGSL CORE 5.04 / MAIN 5.04 : libssh2 Multiple Vulnerabilities (NS-SA-2019-0205)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has libssh2 packages installed that are affected by multiple vulnerabilities: - An out of bounds read flaw was discovered in libssh2 before 1.8.1 when a specially crafted SFTP packet is received from the server. A remote attack...

NewStart CGSL CORE 5.04 / MAIN 5.04 : libssh2 Vulnerability (NS-SA-2019-0183)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has libssh2 packages installed that are affected by a vulnerability: - An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSHMSGCHANNELREQUEST packets with an exit status message and no payload are...

Amazon Linux 2 : libssh2 (ALAS-2019-1303)

An out of bounds read flaw was discovered in libssh2 in the way SSHMSGCHANNELREQUEST packets with an exit status message and no payload are parsed. A remote attacker who compromises a SSH server may be able to cause a denial of service or read data in the client memory. CVE-2019-3862 C Tenable...

Medium: libssh2

Issue Overview: An out of bounds read flaw was discovered in libssh2 in the way SSHMSGCHANNELREQUEST packets with an exit status message and no payload are parsed. A remote attacker who compromises a SSH server may be able to cause a denial of service or read data in the client memory...

About the security content of Xcode 11.0 - Apple Support

About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page. Apple security documents reference...

Critical Photon OS Security Update - PHSA-2019-0196

Updates of 'oniguruma', 'ruby', 'git', 'libmspack', 'libxslt', 'subversion', 'libssh2' packages of Photon OS have been released...

Photon OS 3.0: Libssh2 PHSA-2019-3.0-0026

An update of the libssh2 package has been released. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2019-3.0-0026. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

NewStart CGSL CORE 5.05 / MAIN 5.05 : libssh2 Vulnerability (NS-SA-2019-0172)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has libssh2 packages installed that are affected by a vulnerability: - An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSHMSGCHANNELREQUEST packets with an exit status message and no payload are...

NewStart CGSL MAIN 4.06 : libssh2 Multiple Vulnerabilities (NS-SA-2019-0179)

The remote NewStart CGSL host, running version MAIN 4.06, has libssh2 packages installed that are affected by multiple vulnerabilities: - An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. A remot...

libssh2:ssh2_client_fuzzer: Heap-buffer-overflow in _libssh2_ntohu32

Project: https://github.com/cmeister2/libssh2.git Detailed Report: https://oss-fuzz.com/testcase?key=5641535651053568 Project: libssh2 Fuzzing Engine: libFuzzer Fuzz Target: ssh2clientfuzzer Job Type: libfuzzerasanlibssh2 Platform Id: linux Crash Type: Heap-buffer-overflow READ 1 Crash Address:...

libssh2:ssh2_client_fuzzer: Heap-buffer-overflow in _libssh2_ntohu32

Project: https://github.com/cmeister2/libssh2.git Detailed Report: https://oss-fuzz.com/testcase?key=5196894417977344 Project: libssh2 Fuzzing Engine: libFuzzer Fuzz Target: ssh2clientfuzzer Job Type: libfuzzerasanlibssh2 Platform Id: linux Crash Type: Heap-buffer-overflow READ 1 Crash Address:...

CentOS 7 : libssh2 (CESA-2019:2136)

An update for libssh2 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

DEBIAN-CVE-2017-18594

nselibssh2.cc in Nmap 7.70 is subject to a denial of service condition due to a double free when an SSH connection fails, as demonstrated by a leading \n character to ssh-brute.nse or ssh-auth-methods.nse...

CVE-2017-18594

nselibssh2.cc in Nmap 7.70 is subject to a denial of service condition due to a double free when an SSH connection fails, as demonstrated by a leading \n character to ssh-brute.nse or ssh-auth-methods.nse...

libssh2:ssh2_client_fuzzer: Crash in _libssh2_packet_add

Project: https://github.com/cmeister2/libssh2.git Detailed Report: https://oss-fuzz.com/testcase?key=5670522204979200 Project: libssh2 Fuzzing Engine: libFuzzer Fuzz Target: ssh2clientfuzzer Job Type: libfuzzerasanlibssh2 Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x61110004e7ff...

libssh2:ssh2_client_fuzzer: Heap-buffer-overflow in kex_agree_methods

Project: https://github.com/cmeister2/libssh2.git Detailed Report: https://oss-fuzz.com/testcase?key=5129964331991040 Project: libssh2 Fuzzing Engine: libFuzzer Fuzz Target: ssh2clientfuzzer Job Type: libfuzzerasanlibssh2 Platform Id: linux Crash Type: Heap-buffer-overflow READ 1 Crash Address:...

libssh2:ssh2_client_fuzzer: Crash in _libssh2_ntohu32

Project: https://github.com/cmeister2/libssh2.git Detailed Report: https://oss-fuzz.com/testcase?key=5705819873607680 Project: libssh2 Fuzzing Engine: libFuzzer Fuzz Target: ssh2clientfuzzer Job Type: libfuzzerasanlibssh2 Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x60200a000116...