CVE-2019-17498 — Integer Overflow or Wraparound in Libssh2
Severity
8.1HIGHNVD
EPSS
1.2%
top 20.98%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedOct 21
Latest updateOct 15
Description
In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subsequent memory read. A crafted SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:HExploitability: 2.8 | Impact: 5.2
Affected Packages4 packages
Also affects: Debian Linux 8.0, 9.0, Fedora 30, 31
Patches
🔴Vulnerability Details
4📋Vendor Advisories
5Oracle▶
Oracle Oracle Health Sciences Applications Risk Matrix: InForm Publisher (libssh2) — CVE-2019-17498↗2023-10-15
Microsoft▶
In libssh2 v1.9.0 and earlier versions the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subs↗2019-10-08
Debian▶
CVE-2019-17498: libssh2 - In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in packet.c...↗2019
💬Community
7Bugzilla▶
CVE-2019-17498 libssh2: integer overflow in SSH_MSG_DISCONNECT logic in packet.c [fedora-all]↗2019-10-30
Bugzilla▶
CVE-2019-17498 mingw-libssh2: libssh2: integer overflow in SSH_MSG_DISCONNECT logic in packet.c [fedora-all]↗2019-10-30
Bugzilla
▶
Bugzilla▶
CVE-2019-17498 mingw-libssh2: libssh2: integer overflow in SSH_MSG_DISCONNECT logic in packet.c [epel-7]↗2019-10-30
Bugzilla▶
CVE-2019-17498 mingw-libssh2: libssh2: integer overflow in SSH_MSG_DISCONNECT logic in packet.c [fedora-all]↗2019-10-30