I found this patch : https://github.com/Cisco-Talos/clamav-mussels-cookbook/blob/master/recipes/libssh2-1.9-patches/CVE-2019-17498-integer-overflow.patch
(not mine) Le jeu. 11 mars 2021 à 18:49, Sarathe, Omprakash < omprakash.sara...@siemens.com> a écrit : > Hi All, > > > > As per *CVE-2019-17498* there is a vulnerability with libssh2 version > 1.9.0(Please see below more detail). Can you please confirm the official > release date of libssh2 having *CVE-2019-17498* vulnerability fix. > > > > > > CVE-2019-17498 > > *In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in > packet.c has an integer overflow in a bounds check, enabling an attacker to > specify an arbitrary (out-of-bounds) offset for a subsequent memory read. A > crafted SSH server may be able to disclose sensitive information or cause a > denial of service condition on the client system when a user connects to > the server.* > > > > > > With Best Regards > > Omprakash > > > _______________________________________________ > libssh2-devel https://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel >
_______________________________________________ libssh2-devel https://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel
