Debian: DLA-3559-1 Moderate: Libssh2 Denial Of Service Issue
debian lts
September 8, 2023
Vulnerabilities were found in libssh2, a client-side C library implementing the SSH2 protocol, which could lead to denial of service or remote information disclosure
Topics Covered
Summary
CVE-2019-13115
Kevin Backhouse discovered an integer overflow vulnerability in kex.c's
kex_method_diffie_hellman_group_exchange_sha256_key_exchange()
function, which could lead to an out-of-bounds read in the way
packets are read from the server. A remote attacker who compromises
an SSH server may be able to disclose sensitive information or cause
a denial of service condition on the client system when a user
connects to the server.
CVE-2019-17498
Kevin Backhouse discovered that the SSH_MSG_DISCONNECT logic in
packet.c has an integer overflow in a bounds check, thereby enabling
an attacker to specify an arbitrary (out-of-bounds) offset for a
subsequent memory read. A malicious SSH server may be able to
disclose sensitive information or cause a denial of service
condition on the client system when a user connects to the server.
CVE-2020-22218
An issue was discovered in function _libssh2_packet_add(), which
PREVIOUS
NEXT
Package: libssh2
Version: 1.8.0-2.1+deb10u1
CVE ID: CVE-2019-13115 CVE-2019-17498 CVE-2020-22218
Debian Bug: 932329 943562
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!