CVE-2012-4562Improper Restriction of Operations within the Bounds of a Memory Buffer in Libssh

CWE-1898 documents7 sources
Severity
7.5HIGHNVD
EPSS
6.7%
top 8.70%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Libssh
Timeline
PublishedNov 30
Latest updateMay 17

Description

Multiple integer overflows in libssh before 0.5.3 allow remote attackers to cause a denial of service (infinite loop or crash) and possibly execute arbitrary code via unspecified vectors, which triggers a buffer overflow, infinite loop, or possibly some other unspecified vulnerabilities.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

Debianlibssh/libssh< 0.5.3-1+3
NVDlibssh/libssh0.5.2+4

🔴Vulnerability Details

3
GHSA
GHSA-44f3-h584-r9pm: Multiple integer overflows in libssh before 02022-05-17
OSV
CVE-2012-4562: Multiple integer overflows in libssh before 02012-11-30
CVEList
CVE-2012-4562: Multiple integer overflows in libssh before 02012-11-30

📋Vendor Advisories

2
Ubuntu
libssh vulnerabilities2012-11-26
Debian
CVE-2012-4562: libssh - Multiple integer overflows in libssh before 0.5.3 allow remote attackers to caus...2012

💬Community

2
Bugzilla
CVE-2012-4559 CVE-2012-4560 CVE-2012-4561 CVE-2012-4562 libssh various flaws [fedora-all]2012-11-20
Bugzilla
CVE-2012-4562 libssh: multiple improper overflow checks2012-10-30