Integer overflow in libssh2
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2019-13115 |
| CWE-ID | CWE-190 |
| Exploitation vector | Network |
| Public exploit | Public exploit code for vulnerability #1 is available. |
| Vulnerable software Subscribe |
libssh2 Client/Desktop applications / Software for system administration |
| Vendor | libssh2.org |
Security Bulletin
This security bulletin contains one medium risk vulnerability.
1) Integer overflow
EUVDB-ID: #VU19258
Risk: Medium
CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2019-13115
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code or cause a denial of service (DoS) condition on a targeted system.
The vulnerability exists due to integer overflow in the "kex_method_diffie_hellman_group_exchange_sha256_key_exchange" function in the "kex.c" file. A remote attacker can trick a victim to connect to an attacker-controlled Secure Shell (SSH) server, which would allow the attacker to send packets that submit malicious input to the targeted system, trigger integer overflow leading to an out-of-bounds write condition and execute arbitrary code or cause a DoS condition.
Install updates from vendor's website.
Vulnerable software versionslibssh2: 0.1 - 1.8.2
External linkshttp://blog.semmle.com/libssh2-integer-overflow/
http://github.com/libssh2/libssh2/compare/02ecf17...42d37aa
http://github.com/libssh2/libssh2/pull/350
http://libssh2.org/changes.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
