Debian Libssh2 vulnerabilities

CVE-2023-48795 [MEDIUM] CVE-2023-48795: dropbear - The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH bef... The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabl

CVE-2020-22218 [HIGH] CVE-2020-22218: libssh2 - An issue was discovered in function _libssh2_packet_add in libssh2 1.10.0 allows... An issue was discovered in function _libssh2_packet_add in libssh2 1.10.0 allows attackers to access out of bounds memory. Scope: local bookworm: resolved (fixed in 1.10.0-2) bullseye: resolved (fixed in 1.9.0-2+deb11u1) forky: resolved (fixed in 1.10.0-2) sid: resolved (fixed in 1.10.0-2) trixie: resolved (fixed in 1.10.0-2)

CVE-2019-3859 [CRITICAL] CVE-2019-3859: libssh2 - An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the _libssh... An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the _libssh2_packet_require and _libssh2_packet_requirev functions. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory. Scope: local bookworm: resolved (fixed in 1.8.0-2.1) bullseye: resolved (fixed in 1.8.0-2.1) forky: resolv

CVE-2019-3855 [HIGH] CVE-2019-3855: libssh2 - An integer overflow flaw which could lead to an out of bounds write was discover... An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server. Scope: local bookworm: resolved (fixed in 1.8.0-2.1) bullseye: resolved (fixed in 1.8.

CVE-2019-3862 [HIGH] CVE-2019-3862: libssh2 - An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH... An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit status message and no payload are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory. Scope: local bookworm: resolved (fixed in 1.8.0-2.1) bullseye: resolved (fixed in 1

CVE-2019-3863 [HIGH] CVE-2019-3863: libssh2 - A flaw was found in libssh2 before 1.8.1 creating a vulnerability on the SSH cli... A flaw was found in libssh2 before 1.8.1 creating a vulnerability on the SSH client side. A server could send a multiple keyboard interactive response messages whose total length are greater than unsigned char max characters. This value is used by the SSH client as an index to copy memory causing in an out of bounds memory write error. Scope: local bookworm: resolved

CVE-2019-13115 [HIGH] CVE-2019-13115: libssh2 - In libssh2 before 1.9.0, kex_method_diffie_hellman_group_exchange_sha256_key_exc... In libssh2 before 1.9.0, kex_method_diffie_hellman_group_exchange_sha256_key_exchange in kex.c has an integer overflow that could lead to an out-of-bounds read in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a use

CVE-2019-3856 [HIGH] CVE-2019-3856: libssh2 - An integer overflow flaw, which could lead to an out of bounds write, was discov... An integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 before 1.8.1 in the way keyboard prompt requests are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server. Scope: local bookworm: resolved (fixed in 1.8.0-2.1) bullseye: resolved (fixed in

CVE-2019-3857 [HIGH] CVE-2019-3857: libssh2 - An integer overflow flaw which could lead to an out of bounds write was discover... An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit signal are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server. Scope: local bookworm: resolved (fixed in 1.8.0-2.1) bul

CVE-2019-3858 [MEDIUM] CVE-2019-3858: libssh2 - An out of bounds read flaw was discovered in libssh2 before 1.8.1 when a special... An out of bounds read flaw was discovered in libssh2 before 1.8.1 when a specially crafted SFTP packet is received from the server. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory. Scope: local bookworm: resolved (fixed in 1.8.0-2.1) bullseye: resolved (fixed in 1.8.0-2.1) forky: resolved (fix

CVE-2019-3861 [MEDIUM] CVE-2019-3861: libssh2 - An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH... An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH packets with a padding length value greater than the packet length are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory. Scope: local bookworm: resolved (fixed in 1.8.0-2.1) bullseye: resolved (fixed in 1.8

CVE-2019-3860 [MEDIUM] CVE-2019-3860: libssh2 - An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SFT... An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SFTP packets with empty payloads are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory. Scope: local bookworm: resolved (fixed in 1.8.0-2.1) bullseye: resolved (fixed in 1.8.0-2.1) forky: resolved (fixed in 1.8.

CVE-2019-17498 [HIGH] CVE-2019-17498: libssh2 - In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in packet.c... In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subsequent memory read. A crafted SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connect

CVE-2016-0787 [MEDIUM] CVE-2016-0787: libssh2 - The diffie_hellman_sha256 function in kex.c in libssh2 before 1.7.0 improperly t... The diffie_hellman_sha256 function in kex.c in libssh2 before 1.7.0 improperly truncates secrets to 128 or 256 bits, which makes it easier for man-in-the-middle attackers to decrypt or intercept SSH sessions via unspecified vectors, aka a "bits/bytes confusion bug." Scope: local bookworm: resolved (fixed in 1.5.0-2.1) bullseye: resolved (fixed in 1.5.0-2.1) forky: r

CVE-2015-1782 [MEDIUM] CVE-2015-1782: libssh2 - The kex_agree_methods function in libssh2 before 1.5.0 allows remote servers to ... The kex_agree_methods function in libssh2 before 1.5.0 allows remote servers to cause a denial of service (crash) or have other unspecified impact via crafted length values in an SSH_MSG_KEXINIT packet. Scope: local bookworm: resolved (fixed in 1.4.3-4.1) bullseye: resolved (fixed in 1.4.3-4.1) forky: resolved (fixed in 1.4.3-4.1) sid: resolved (fixed in 1.4.3-4.1)