CVE-2019-17498

HIGH

Libssh2 < 1.9.0 - Integer Overflow

Title source: rule
STIX 2.1

Description

In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subsequent memory read. A crafted SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server.

Exploits (1)

nomisec WORKING POC
by Timon-L · poc
https://github.com/Timon-L/3007Project

References (12)

Core 12
Core References
Mailing List, Third Party Advisory vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00026.html
Mailing List, Third Party Advisory mailing-list
https://lists.debian.org/debian-lts-announce/2019/11/msg00010.html
Mailing List, Third Party Advisory mailing-list
https://lists.debian.org/debian-lts-announce/2021/12/msg00013.html

Scores

CVSS v3 8.1
EPSS 0.0121
EPSS Percentile 79.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

Details

CWE
CWE-190
Status published
Products (12)
debian/debian_linux 8.0
debian/debian_linux 9.0
fedoraproject/fedora 30
fedoraproject/fedora 31
libssh2/libssh2 < 1.9.0
netapp/active_iq_unified_manager
netapp/bootstrap_os
netapp/element_software
netapp/hci_management_node
netapp/ontap_select_deploy_administration_utility
... and 2 more
Published Oct 21, 2019
Tracked Since Feb 18, 2026