Sara Golemon

3 exploits Active since Mar 2017
CVE-2019-17498 WRITEUP HIGH WRITEUP
libssh2 < 1.9.0 - Integer Overflow in SSH_MSG_DISCONNECT Bounds Check
In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subsequent memory read. A crafted SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server.
CVSS 8.1
CVE-2017-7189 WRITEUP HIGH WRITEUP
PHP 7.0.0-7.0.15 - Improper Input Validation in fsockopen Address Parsing
main/streams/xp_socket.c in PHP 7.x before 2017-03-07 misparses fsockopen calls, such as by interpreting fsockopen('127.0.0.1:80', 443) as if the address/port were 127.0.0.1:80:443, which is later truncated to 127.0.0.1:80. This behavior has a security risk if the explicitly provided port number (i.e., 443 in this example) is hardcoded into an application as a security policy, but the hostname argument (i.e., 127.0.0.1:80 in this example) is obtained from untrusted input.
CVSS 7.5
CVE-2017-7272 WRITEUP HIGH WRITEUP
PHP < 7.1.3 - Server-Side Request Forgery via fsockopen/pfsockopen Port Parsing
PHP through 7.1.11 enables potential SSRF in applications that accept an fsockopen or pfsockopen hostname argument with an expectation that the port number is constrained. Because a :port syntax is recognized, fsockopen will use the port number that is specified in the hostname argument, instead of the port number in the second argument of the function.
CVSS 7.4