And already committed on the master branch : https://github.com/libssh2/libssh2/pull/402
I hope that one day there will be an official release :) Micka, Le jeu. 11 mars 2021 à 19:28, Micka <mickamus...@gmail.com> a écrit : > I found this patch : > > > https://github.com/Cisco-Talos/clamav-mussels-cookbook/blob/master/recipes/libssh2-1.9-patches/CVE-2019-17498-integer-overflow.patch > > (not mine) > > Le jeu. 11 mars 2021 à 18:49, Sarathe, Omprakash < > omprakash.sara...@siemens.com> a écrit : > >> Hi All, >> >> >> >> As per *CVE-2019-17498* there is a vulnerability with libssh2 version >> 1.9.0(Please see below more detail). Can you please confirm the official >> release date of libssh2 having *CVE-2019-17498* vulnerability fix. >> >> >> >> >> >> CVE-2019-17498 >> >> *In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in >> packet.c has an integer overflow in a bounds check, enabling an attacker to >> specify an arbitrary (out-of-bounds) offset for a subsequent memory read. A >> crafted SSH server may be able to disclose sensitive information or cause a >> denial of service condition on the client system when a user connects to >> the server.* >> >> >> >> >> >> With Best Regards >> >> Omprakash >> >> >> _______________________________________________ >> libssh2-devel https://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel >> >
_______________________________________________ libssh2-devel https://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel
