CVE-2015-1782 — MEDIUM (6.8)

Q: How severe is CVE-2015-1782?

CVE-2015-1782 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2015-1782?

Check the references section above for vendor advisories and patch information. Affected products include: Debian Debian Linux, Libssh2 Libssh2, Fedoraproject Fedora.

Vulnerability Description

The kex_agree_methods function in libssh2 before 1.5.0 allows remote servers to cause a denial of service (crash) or have other unspecified impact via crafted length values in an SSH_MSG_KEXINIT packet.

CVSS Score

6.8

MEDIUM

AV:N/AC:M/Au:N/C:P/I:P/A:P

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Debian	Debian Linux	7.0
Libssh2	Libssh2	<= 1.4.3
Fedoraproject	Fedora	20

Related Weaknesses (CWE)

CWE-20

References

http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151943.htmlThird Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152362.htmlThird Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153933.htmlThird Party Advisory
http://www.debian.org/security/2015/dsa-3182Third Party Advisory
http://www.libssh2.org/adv_20150311.htmlVendor Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2015:148Broken Link
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.h
http://www.securityfocus.com/bid/73061
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151943.htmlThird Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152362.htmlThird Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153933.htmlThird Party Advisory
http://www.debian.org/security/2015/dsa-3182Third Party Advisory
http://www.libssh2.org/adv_20150311.htmlVendor Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2015:148Broken Link
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.h

FAQ

What is CVE-2015-1782?

CVE-2015-1782 is a vulnerability with a CVSS score of 6.8 (MEDIUM). The kex_agree_methods function in libssh2 before 1.5.0 allows remote servers to cause a denial of service (crash) or have other unspecified impact via crafted length values in an SSH_MSG_KEXINIT packe...

How severe is CVE-2015-1782?

CVE-2015-1782 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2015-1782?

Check the references section above for vendor advisories and patch information. Affected products include: Debian Debian Linux, Libssh2 Libssh2, Fedoraproject Fedora.