Vulnerability Description
In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subsequent memory read. A crafted SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Libssh2 | Libssh2 | <= 1.9.0 |
| Fedoraproject | Fedora | 30 |
| Opensuse | Leap | 15.1 |
| Debian | Debian Linux | 8.0 |
| Netapp | Active Iq Unified Manager | - |
| Netapp | Element Software | - |
| Netapp | Hci Management Node | - |
| Netapp | Ontap Select Deploy Administration Utility | - |
| Netapp | Solidfire | - |
| Netapp | Bootstrap Os | - |
| Netapp | Hci Compute Node | - |
Related Weaknesses (CWE)
References
- http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00026.htmlMailing ListThird Party Advisory
- http://packetstormsecurity.com/files/172835/libssh2-1.9.0-Out-Of-Bounds-Read.htm
- https://blog.semmle.com/libssh2-integer-overflow-CVE-2019-17498/Broken Link
- https://github.com/kevinbackhouse/SecurityExploits/tree/8cbdbbe6363510f7d9ceec68ExploitThird Party Advisory
- https://github.com/libssh2/libssh2/blob/42d37aa63129a1b2644bf6495198923534322d64ExploitThird Party Advisory
- https://github.com/libssh2/libssh2/commit/dedcbd106f8e52d5586b0205bc7677e4c9868fPatchThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2019/11/msg00010.htmlMailing ListThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2021/12/msg00013.htmlMailing ListThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2023/09/msg00006.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://security.netapp.com/advisory/ntap-20220909-0004/Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00026.htmlMailing ListThird Party Advisory
- http://packetstormsecurity.com/files/172835/libssh2-1.9.0-Out-Of-Bounds-Read.htm
- https://blog.semmle.com/libssh2-integer-overflow-CVE-2019-17498/Broken Link
FAQ
What is CVE-2019-17498?
CVE-2019-17498 is a vulnerability with a CVSS score of 8.1 (HIGH). In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a su...
How severe is CVE-2019-17498?
CVE-2019-17498 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-17498?
Check the references section above for vendor advisories and patch information. Affected products include: Libssh2 Libssh2, Fedoraproject Fedora, Opensuse Leap, Debian Debian Linux, Netapp Active Iq Unified Manager.