Note:
This project will be discontinued after December 13, 2021. [more]
2019-08-29
nse_libssh2.cc in Nmap 7.70 is subject to a denial of service condition due to a double free when an SSH connection fails, as demonstrated by a leading \n character to ssh-brute.nse or ssh-auth-methods.nse.
| Products | Nmap |
| Type | Double Free (CWE-415) |
| First patch | - None (likely due to unavailable code) |
| Links |
• https://github.com/AMatchandaHaystack/Research/blob/master/Nmap%26libsshDF
• https://github.com/nmap/nmap/issues/1077 • https://seclists.org/nmap-announce/2019/0 • https://github.com/nmap/nmap/issues/1227 • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00075.html |