SB2019072204 - Integer overflow in libssh2

Description

This security bulletin contains information about 1 security vulnerability.

1) Integer overflow (CVE-ID: CVE-2019-13115)

The vulnerability allows a remote attacker to execute arbitrary code or cause a denial of service (DoS) condition on a targeted system.

The vulnerability exists due to integer overflow in the "kex_method_diffie_hellman_group_exchange_sha256_key_exchange" function in the "kex.c" file. A remote attacker can trick a victim to connect to an attacker-controlled Secure Shell (SSH) server, which would allow the attacker to send packets that submit malicious input to the targeted system, trigger integer overflow leading to an out-of-bounds write condition and execute arbitrary code or cause a DoS condition.

Remediation

Install update from vendor's website.

References

• https://blog.semmle.com/libssh2-integer-overflow/
• https://github.com/libssh2/libssh2/compare/02ecf17...42d37aa
• https://github.com/libssh2/libssh2/pull/350
• https://libssh2.org/changes.html