CVE-2012-4559Double Free in Libssh

CWE-39913 documents7 sources
Severity
7.5HIGHNVD
NVD6.8CNA6.8OSV6.8
EPSS
5.0%
top 10.23%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Libssh
Timeline
PublishedNov 30
Latest updateMay 17

Description

Multiple double free vulnerabilities in the (1) agent_sign_data function in agent.c, (2) channel_request function in channels.c, (3) ssh_userauth_pubkey function in auth.c, (4) sftp_parse_attr_3 function in sftp.c, and (5) try_publickey_from_file function in keyfiles.c in libssh before 0.5.3 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages2 packages

Debianlibssh/libssh< 0.5.3-1+3
NVDlibssh/libssh0.5.2+4

🔴Vulnerability Details

6
GHSA
GHSA-fgm4-g835-pxpp: Double free vulnerability in the sftp_mkdir function in sftp2022-05-17
GHSA
GHSA-px93-6r58-rr4j: Multiple double free vulnerabilities in the (1) agent_sign_data function in agent2022-05-17
CVEList
CVE-2012-4559: Multiple double free vulnerabilities in the (1) agent_sign_data function in agent2012-11-30
OSV
CVE-2012-4559: Multiple double free vulnerabilities in the (1) agent_sign_data function in agent2012-11-30
OSV
CVE-2012-6063: Double free vulnerability in the sftp_mkdir function in sftp2012-11-30

📋Vendor Advisories

3
Ubuntu
libssh vulnerabilities2012-11-26
Debian
CVE-2012-6063: libssh - Double free vulnerability in the sftp_mkdir function in sftp.c in libssh before ...2012
Debian
CVE-2012-4559: libssh - Multiple double free vulnerabilities in the (1) agent_sign_data function in agen...2012

💬Community

2
Bugzilla
CVE-2012-4559 CVE-2012-4560 CVE-2012-4561 CVE-2012-4562 libssh various flaws [fedora-all]2012-11-20
Bugzilla
CVE-2012-4559 CVE-2012-6063 libssh: multiple double free() flaws2012-10-30