CVE-2019-17498

HIGH

libssh2 < 1.9.0 - Integer Overflow in SSH_MSG_DISCONNECT Bounds Check

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-17498. PoCs published by Timon-L.

AI-analyzed exploit summary This repository contains a functional exploit PoC for CVE-2019-17498, targeting a setuid program used to update player scores. The code demonstrates a vulnerability in the `adjust_score.c` file, likely involving improper input validation or buffer overflows.

Description

In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subsequent memory read. A crafted SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server.

Exploits (1)

nomisec WORKING POC
by Timon-L · poc
https://github.com/Timon-L/3007Project

This repository contains a functional exploit PoC for CVE-2019-17498, targeting a setuid program used to update player scores. The code demonstrates a vulnerability in the `adjust_score.c` file, likely involving improper input validation or buffer overflows.

Classification
Working Poc 90%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: Custom setuid program (adjust_score)
No auth needed
Prerequisites: Access to the vulnerable setuid binary · Ability to execute the binary
mistral-large-3 · analyzed Feb 19, 2026 Full analysis →

References (12)

Core 12
Core References
Mailing List, Third Party Advisory vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00026.html
Mailing List, Third Party Advisory mailing-list
https://lists.debian.org/debian-lts-announce/2019/11/msg00010.html
Mailing List, Third Party Advisory mailing-list
https://lists.debian.org/debian-lts-announce/2021/12/msg00013.html

Scores

CVSS v3 8.1
EPSS 0.0379
EPSS Percentile 88.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

Details

CWE
CWE-190
Status published
Products (12)
debian/debian_linux 8.0
debian/debian_linux 9.0
fedoraproject/fedora 30
fedoraproject/fedora 31
libssh2/libssh2 < 1.9.0
netapp/active_iq_unified_manager
netapp/bootstrap_os
netapp/element_software
netapp/hci_management_node
netapp/ontap_select_deploy_administration_utility
... and 2 more
Published Oct 21, 2019
Tracked Since Feb 18, 2026