Vulnerability Description
Double free vulnerability in the sftp_mkdir function in sftp.c in libssh before 0.5.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors, a different vector than CVE-2012-4559.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Libssh | Libssh | <= 0.5.2 |
Related Weaknesses (CWE)
References
- http://git.libssh.org/projects/libssh.git/commit/?h=v0-5&id=4d8420f3282ed07fc99f
- http://www.debian.org/security/2012/dsa-2577
- http://www.libssh.org/2012/11/20/libssh-0-5-3-security-release/Vendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=871612
- http://git.libssh.org/projects/libssh.git/commit/?h=v0-5&id=4d8420f3282ed07fc99f
- http://www.debian.org/security/2012/dsa-2577
- http://www.libssh.org/2012/11/20/libssh-0-5-3-security-release/Vendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=871612
FAQ
What is CVE-2012-6063?
CVE-2012-6063 is a vulnerability with a CVSS score of 7.5 (HIGH). Double free vulnerability in the sftp_mkdir function in sftp.c in libssh before 0.5.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified v...
How severe is CVE-2012-6063?
CVE-2012-6063 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-6063?
Check the references section above for vendor advisories and patch information. Affected products include: Libssh Libssh.