SB2019101627 - Integer overflow in libssh2 (Alpine package)
Published: October 16, 2019
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Integer overflow (CVE-ID: CVE-2019-13115)
CWE-ID: CWE-190 - Integer overflow
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Green
The vulnerability allows a remote attacker to execute arbitrary code or cause a denial of service (DoS) condition on a targeted system.
The vulnerability exists due to integer overflow in the "kex_method_diffie_hellman_group_exchange_sha256_key_exchange" function in the "kex.c" file. A remote attacker can trick a victim to connect to an attacker-controlled Secure Shell (SSH) server, which would allow the attacker to send packets that submit malicious input to the targeted system, trigger integer overflow leading to an out-of-bounds write condition and execute arbitrary code or cause a DoS condition.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=d33ef701a0f9572919bab33d45f26a7e53ddb156
- https://git.alpinelinux.org/aports/commit/?id=db43cc6825c1432f1f003c621cee428ba844860f
- https://git.alpinelinux.org/aports/commit/?id=7e5d7dd70d3c19875845f534826625d7071f222d
- https://git.alpinelinux.org/aports/commit/?id=abdf2ab6d79a67fd9049354e301836e75be57fce
- https://git.alpinelinux.org/aports/commit/?id=eb32016b72283ff74dce8fb3cc88dd08388e5c7d
- https://git.alpinelinux.org/aports/commit/?id=f5dad6eecb361cad9925f93fb5731a369e1e0687
- https://git.alpinelinux.org/aports/commit/?id=21ea819c6bacbd5db33f986891363128655a77e1
- https://git.alpinelinux.org/aports/commit/?id=67790854e429c3bc73b13862d83ae4ce21b38f98
- https://git.alpinelinux.org/aports/commit/?id=9c414d1b72c4b7778b41503b5d9d4cc448a6a5c5