Description
The kex_agree_methods function in libssh2 before 1.5.0 allows remote servers to cause a denial of service (crash) or have other unspecified impact via crafted length values in an SSH_MSG_KEXINIT packet.
References (8)
Core 8
Core References
Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151943.html
Broken Link vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2015:148
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/73061
Vendor Advisory x_refsource_confirm
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2015/dsa-3182
Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153933.html
Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152362.html
Vendor Advisory x_refsource_confirm
http://www.libssh2.org/adv_20150311.html
Scores
EPSS
0.0350
EPSS Percentile
87.8%
Details
CWE
CWE-20
Status
published
Products (5)
debian/debian_linux
7.0
fedoraproject/fedora
20
fedoraproject/fedora
21
fedoraproject/fedora
22
libssh2/libssh2
< 1.4.3
Published
Mar 13, 2015
Tracked Since
Feb 18, 2026