#VU80523 Out-of-bounds write in libssh2 - CVE-2020-22218


Vulnerability identifier: #VU80523

Vulnerability risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2020-22218

CWE-ID: CWE-787

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
libssh2
Client/Desktop applications / Software for system administration

Vendor: libssh2.org

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to usage of an uninitialized value within the _libssh2_transport_read() function in transport.c. A remote attacker can pass specially crafted input to the application, trigger memory corruption and perform a denial of service (DoS) attack.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

libssh2: 1.9.0

External links
https://github.com/libssh2/libssh2/pull/476
https://github.com/libssh2/libssh2/commit/0b44e558f311671f6e6d14c559bc1c9bda59b8df

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Dell SmartFabric Storage Software update for third-party components
Multiple vulnerabilities in PeopleSoft Enterprise PeopleTools
Multiple vulnerabilities in Dell XtremIO X2
Denial of service in F5OS libssh2 component
Denial of service in F5 BIG-IQ Centralized Management libssh2 component
Denial of service in F5 BIG-IP libssh2
Multiple vulnerabilities in Dell ObjectScale
Multiple vulnerabilities in Dell SmartFabric OS10
CentOS 7 update for libssh2
Multiple vulnerabilities in IBM Storage Defender - Data Protect