Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Libssh2
(Libssh2)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 15 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2019-07-16 | CVE-2019-13115 | In libssh2 before 1.9.0, kex_method_diffie_hellman_group_exchange_sha256_key_exchange in kex.c has an integer overflow that could lead to an out-of-bounds read in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server. This is related to an _libssh2_check_length mistake, and is different from the various issues fixed in... | Debian_linux, Traffix_systems_signaling_delivery_controller, Fedora, Libssh2, Cloud_backup, E\-Series_santricity_os_controller, Ontap_select_deploy_administration_utility | 8.1 | ||
| 2019-10-21 | CVE-2019-17498 | In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subsequent memory read. A crafted SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server. | Debian_linux, Fedora, Libssh2, Active_iq_unified_manager, Bootstrap_os, Element_software, Hci_management_node, Ontap_select_deploy_administration_utility, Solidfire, Leap | 8.1 | ||
| 2023-08-22 | CVE-2020-22218 | An issue was discovered in function _libssh2_packet_add in libssh2 1.10.0 allows attackers to access out of bounds memory. | Libssh2 | 7.5 | ||
| 2015-03-13 | CVE-2015-1782 | The kex_agree_methods function in libssh2 before 1.5.0 allows remote servers to cause a denial of service (crash) or have other unspecified impact via crafted length values in an SSH_MSG_KEXINIT packet. | Debian_linux, Fedora, Libssh2 | N/A | ||
| 2016-04-13 | CVE-2016-0787 | The diffie_hellman_sha256 function in kex.c in libssh2 before 1.7.0 improperly truncates secrets to 128 or 256 bits, which makes it easier for man-in-the-middle attackers to decrypt or intercept SSH sessions via unspecified vectors, aka a "bits/bytes confusion bug." | Debian_linux, Fedora, Libssh2, Opensuse | 5.9 |