SecPod SCAP Repo, a repository of SCAP Content (CVE, CCE, CPE, CWE, OVAL and XCCDF)

Download | Alert*

CVE

CVE-2019-17498

In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subsequent memory read. A crafted SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:		CVSS V2 Severity:
CVSS Score : 8.1		CVSS Score : 5.8
Exploit Score: 2.8		Exploit Score: 8.6
Impact Score: 5.2		Impact Score: 4.9

CVSS V3 Metrics:		CVSS V2 Metrics:
Attack Vector: NETWORK		Access Vector: NETWORK
Attack Complexity: LOW		Access Complexity: MEDIUM
Privileges Required: NONE		Authentication: NONE
User Interaction: REQUIRED		Confidentiality: PARTIAL
Scope: UNCHANGED		Integrity: NONE
Confidentiality: HIGH		Availability: PARTIAL
Integrity: NONE
Availability: HIGH

Reference:

FEDORA-2019-91529f19e4

FEDORA-2019-ec04c34768

https://lists.debian.org/debian-lts-announce/2019/11/msg00010.html

https://lists.debian.org/debian-lts-announce/2021/12/msg00013.html

https://lists.debian.org/debian-lts-announce/2023/09/msg00006.html

http://packetstormsecurity.com/files/172835/libssh2-1.9.0-Out-Of-Bounds-Read.html

https://blog.semmle.com/libssh2-integer-overflow-CVE-2019-17498/

https://github.com/kevinbackhouse/SecurityExploits/tree/8cbdbbe6363510f7d9ceec685373da12e6fc752d/libssh2/out_of_bounds_read_disconnect_CVE-2019-17498

https://github.com/libssh2/libssh2/blob/42d37aa63129a1b2644bf6495198923534322d64/src/packet.c#L480

https://github.com/libssh2/libssh2/commit/dedcbd106f8e52d5586b0205bc7677e4c9868f9c

https://security.netapp.com/advisory/ntap-20220909-0004/

openSUSE-SU-2019:2483


30479



423868



250039



909



195882



282