ELSA-2019-2136 -- Oracle libssh2ID: oval:org.secpod.oval:def:1504394 | Date: (C)2021-01-10 (M)2023-11-13 |
Class: PATCH | Family: unix |
[1.8.0-3] - sanitize public header file [1.8.0-2] - fix integer overflow in keyboard interactive handling that allows out-of-bounds writes - fix out-of-bounds memory comparison with specially crafted message channel request - fix out-of-bounds reads with specially crafted SSH packets - fix zero-byte allocation in SFTP packet processing resulting in out-of-bounds read - fix integer overflow in SSH packet processing channel resulting in out of bounds write - fix integer overflow in keyboard interactive handling resulting in out of bounds write - fix integer overflow in transport read resulting in out of bounds write [1.8.0-1] - rebase to 1.8.0