CVE-2019-17498

CVE-2019-17498

Name

CVE-2019-17498

Description

In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subsequent memory read. A crafted SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server.

NVD Severity

high

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
Exploit	https://github.com/kevinbackhouse/SecurityExploits/tree/8cbdbbe6363510f7d9ceec685373da12e6fc752d/libssh2/out_of_bounds_read_disconnect_CVE-2019-17498
Exploit	https://github.com/libssh2/libssh2/blob/42d37aa63129a1b2644bf6495198923534322d64/src/packet.c#L480
Exploit	https://blog.semmle.com/libssh2-integer-overflow-CVE-2019-17498/
Third Party Advisory	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TY7EEE34RFKCTXTMBQQWWSLXZWSCXNDB/
Third Party Advisory	http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00026.html
Third Party Advisory	https://lists.debian.org/debian-lts-announce/2019/11/msg00010.html
Third Party Advisory	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22H4Q5XMGS3QNSA7OCL3U7UQZ4NXMR5O/
Patch	https://github.com/libssh2/libssh2/commit/dedcbd106f8e52d5586b0205bc7677e4c9868f9c

Type

URI

Exploit

https://github.com/kevinbackhouse/SecurityExploits/tree/8cbdbbe6363510f7d9ceec685373da12e6fc752d/libssh2/out_of_bounds_read_disconnect_CVE-2019-17498

Exploit

https://github.com/libssh2/libssh2/blob/42d37aa63129a1b2644bf6495198923534322d64/src/packet.c#L480

Exploit

https://blog.semmle.com/libssh2-integer-overflow-CVE-2019-17498/

Third Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TY7EEE34RFKCTXTMBQQWWSLXZWSCXNDB/

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00026.html

Third Party Advisory

https://lists.debian.org/debian-lts-announce/2019/11/msg00010.html

Third Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22H4Q5XMGS3QNSA7OCL3U7UQZ4NXMR5O/

Patch

https://github.com/libssh2/libssh2/commit/dedcbd106f8e52d5586b0205bc7677e4c9868f9c

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:libssh2:libssh2::::::::`	libssh2	>= None	<= 1.9.0

CPE URI

Source package

Min version

Max version

cpe:2.3:a:libssh2:libssh2:*:*:*:*:*:*:*:*

libssh2

>= None

<= 1.9.0

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
libssh2	3.13-main	1.9.0-r1	Natanael Copa <ncopa@alpinelinux.org>	fixed
libssh2	3.12-main	1.9.0-r1	Natanael Copa <ncopa@alpinelinux.org>	fixed
libssh2	3.11-main	1.9.0-r1	Natanael Copa <ncopa@alpinelinux.org>	fixed
libssh2	3.10-main	1.9.0-r1	Natanael Copa <ncopa@alpinelinux.org>	fixed
libssh2	3.14-main	1.9.0-r1	Natanael Copa <ncopa@alpinelinux.org>	fixed

Source package

Branch

Version

Maintainer

Status

libssh2

3.13-main

1.9.0-r1

Natanael Copa <ncopa@alpinelinux.org>

fixed

libssh2

3.12-main