I found this patch :
(not mine)
Le jeu. 11 mars 2021 à 18:49, Sarathe, Omprakash <
omprakash.sarathe_at_siemens.com> a écrit :
> Hi All,
>
>
>
> As per *CVE-2019-17498* there is a vulnerability with libssh2 version
> 1.9.0(Please see below more detail). Can you please confirm the official
> release date of libssh2 having *CVE-2019-17498* vulnerability fix.
>
>
>
>
>
> CVE-2019-17498
>
> *In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in
> packet.c has an integer overflow in a bounds check, enabling an attacker to
> specify an arbitrary (out-of-bounds) offset for a subsequent memory read. A
> crafted SSH server may be able to disclose sensitive information or cause a
> denial of service condition on the client system when a user connects to
> the server.*
>
>
>
>
>
> With Best Regards
>
> Omprakash
>
>
> _______________________________________________
> libssh2-devel https://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel
>
_______________________________________________
libssh2-devel https://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel
Received on 2021-03-11