CVE-2012-4562
published 2012-11-30CVE-2012-4562: Multiple integer overflows in libssh before 0.5.3 allow remote attackers to cause a denial of service (infinite loop or crash) and possibly execute arbitrary…
PriorityP346high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
12.85%
95.8th percentile
Multiple integer overflows in libssh before 0.5.3 allow remote attackers to cause a denial of service (infinite loop or crash) and possibly execute arbitrary code via unspecified vectors, which triggers a buffer overflow, infinite loop, or possibly some other unspecified vulnerabilities.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | libssh | < libssh 0.5.3-1 (bookworm) | libssh 0.5.3-1 (bookworm) |
| libssh | libssh | <= 0.5.2 | — |
| libssh | libssh | — | — |
| libssh | libssh | — | — |
| libssh | libssh | — | — |
| libssh | libssh | — | — |
| libssh | libssh | >= 0 < 0.5.3-1 | 0.5.3-1 |
| libssh | libssh | >= 0 < 0.5.3-1 | 0.5.3-1 |
| libssh | libssh | >= 0 < 0.5.3-1 | 0.5.3-1 |
| libssh | libssh | >= 0 < 0.5.3-1 | 0.5.3-1 |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv7.5HIGH
vendor_debian7.5HIGH
vendor_ubuntu6.8MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-44f3-h584-r9pm: Multiple integer overflows in libssh before 0
ghsa_unreviewed·2022-05-17
CVE-2012-4562 [HIGH] GHSA-44f3-h584-r9pm: Multiple integer overflows in libssh before 0
Multiple integer overflows in libssh before 0.5.3 allow remote attackers to cause a denial of service (infinite loop or crash) and possibly execute arbitrary code via unspecified vectors, which triggers a buffer overflow, infinite loop, or possibly some other unspecified vulnerabilities.
OSV
CVE-2012-4562: Multiple integer overflows in libssh before 0
osv·2012-11-30·CVSS 7.5
CVE-2012-4562 [HIGH] CVE-2012-4562: Multiple integer overflows in libssh before 0
Multiple integer overflows in libssh before 0.5.3 allow remote attackers to cause a denial of service (infinite loop or crash) and possibly execute arbitrary code via unspecified vectors, which triggers a buffer overflow, infinite loop, or possibly some other unspecified vulnerabilities.
Ubuntu
libssh vulnerabilities
vendor_ubuntu·2012-11-26·CVSS 6.8
CVE-2012-4559 [MEDIUM] libssh vulnerabilities
Title: libssh vulnerabilities
Summary: linssh could be made to crash or run programs if it received specially
crafted network traffic.
Xi Wang and Florian Weimer discovered that libssh incorrectly handled
memory. A remote attacker could use this to cause libssh to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2012-4559, CVE-2012-4560, CVE-2012-4561, CVE-2012-4562)
Instructions: In general, a standard system update will make all the necessary changes.
Debian
CVE-2012-4562: libssh - Multiple integer overflows in libssh before 0.5.3 allow remote attackers to caus...
vendor_debian·2012·CVSS 7.5
CVE-2012-4562 [HIGH] CVE-2012-4562: libssh - Multiple integer overflows in libssh before 0.5.3 allow remote attackers to caus...
Multiple integer overflows in libssh before 0.5.3 allow remote attackers to cause a denial of service (infinite loop or crash) and possibly execute arbitrary code via unspecified vectors, which triggers a buffer overflow, infinite loop, or possibly some other unspecified vulnerabilities.
Scope: local
bookworm: resolved (fixed in 0.5.3-1)
bullseye: resolved (fixed in 0.5.3-1)
forky: resolved (fixed in 0.5.3-1)
sid: resolved (fixed in 0.5.3-1)
trixie: resolved (fixed in 0.5.3-1)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2012-4559 CVE-2012-4560 CVE-2012-4561 CVE-2012-4562 libssh various flaws [fedora-all]
bugzilla·2012-11-20·CVSS 6.8
CVE-2012-4559 [MEDIUM] CVE-2012-4559 CVE-2012-4560 CVE-2012-4561 CVE-2012-4562 libssh various flaws [fedora-all]
CVE-2012-4559 CVE-2012-4560 CVE-2012-4561 CVE-2012-4562 libssh various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please use the bodhi submission link
noted in the next comment(s). This will include the bug IDs of this
tracking bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field when available.
Please note: th
Bugzilla
CVE-2012-4562 libssh: multiple improper overflow checks
bugzilla·2012-10-30·CVSS 7.5
CVE-2012-4562 [HIGH] CVE-2012-4562 libssh: multiple improper overflow checks
CVE-2012-4562 libssh: multiple improper overflow checks
Florian Weimer of the Red Hat Product Security Team reported many instances of overflow checks in libssh's buffer.c that were incorrect:
if ((buffer->pos + hostlen) > buffer->used) {
This should probably be:
if (hostlen > buffer->used - buffer->pos) {
It seems this could be used to trigger a large memory allocation which is immediately freed, so this is mostly harmless (not exploitable for code execution or denial of service).
A similar problem occurs in buffer_add_data():
if (buffer->allocated used + len)) {
len should stand on its own.
Likewise in buffer_prepend_data():
if (buffer->allocated used - buffer->pos + len)) {
And buffer_pass_bytes(), buffer_pass_bytes_end(), buffer_get_mpint():
if(buffer->used pos+len)
if
http://lists.fedoraproject.org/pipermail/package-announce/2012-November/093313.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2012-November/093474.htmlhttp://lists.opensuse.org/opensuse-security-announce/2012-11/msg00015.htmlhttp://lists.opensuse.org/opensuse-security-announce/2012-12/msg00002.htmlhttp://lists.opensuse.org/opensuse-updates/2012-12/msg00016.htmlhttp://lists.opensuse.org/opensuse-updates/2013-01/msg00021.htmlhttp://www.debian.org/security/2012/dsa-2577http://www.libssh.org/2012/11/20/libssh-0-5-3-security-release/http://www.mandriva.com/security/advisories?name=MDVSA-2012:175http://www.openwall.com/lists/oss-security/2012/11/20/3http://www.securityfocus.com/bid/56604http://www.ubuntu.com/usn/USN-1640-1https://bugzilla.redhat.com/show_bug.cgi?id=871620https://exchange.xforce.ibmcloud.com/vulnerabilities/80221http://lists.fedoraproject.org/pipermail/package-announce/2012-November/093313.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2012-November/093474.htmlhttp://lists.opensuse.org/opensuse-security-announce/2012-11/msg00015.htmlhttp://lists.opensuse.org/opensuse-security-announce/2012-12/msg00002.htmlhttp://lists.opensuse.org/opensuse-updates/2012-12/msg00016.htmlhttp://lists.opensuse.org/opensuse-updates/2013-01/msg00021.htmlhttp://www.debian.org/security/2012/dsa-2577http://www.libssh.org/2012/11/20/libssh-0-5-3-security-release/http://www.mandriva.com/security/advisories?name=MDVSA-2012:175http://www.openwall.com/lists/oss-security/2012/11/20/3http://www.securityfocus.com/bid/56604http://www.ubuntu.com/usn/USN-1640-1https://bugzilla.redhat.com/show_bug.cgi?id=871620https://exchange.xforce.ibmcloud.com/vulnerabilities/80221
2012-11-30
Published