SB2019101722 - Integer overflow in libssh2 (Alpine package)
Published: October 17, 2019
Security Bulletin ID
SB2019101722
Severity
High
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Integer overflow (CVE-ID: CVE-2019-17498)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack or access sensitive information.
The vulnerability exists due to integer overflow in the "SSH_MSG_DISCONNECT" logic in "packet.c" in a bounds check. A remote attacker can specify an arbitrary (out-of-bounds) offset for a subsequent memory read, trigger out-of-bounds read, disclose sensitive information or cause a denial of service condition on the target system when a user connects to the malicious SSH server.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=d33ef701a0f9572919bab33d45f26a7e53ddb156
- https://git.alpinelinux.org/aports/commit/?id=db43cc6825c1432f1f003c621cee428ba844860f
- https://git.alpinelinux.org/aports/commit/?id=6c763143a08a56997ee6f88f9329cfc17d6b56b5
- https://git.alpinelinux.org/aports/commit/?id=7e5d7dd70d3c19875845f534826625d7071f222d
- https://git.alpinelinux.org/aports/commit/?id=abdf2ab6d79a67fd9049354e301836e75be57fce