#VU80523 Out-of-bounds write in libssh2


Published: 2023-09-07

Vulnerability identifier: #VU80523

Vulnerability risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-22218

CWE-ID: CWE-787

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
libssh2
Client/Desktop applications / Software for system administration

Vendor: libssh2.org

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to usage of an uninitialized value within the _libssh2_transport_read() function in transport.c. A remote attacker can pass specially crafted input to the application, trigger memory corruption and perform a denial of service (DoS) attack.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

libssh2: 1.9.0

External links
http://github.com/libssh2/libssh2/pull/476
http://github.com/libssh2/libssh2/commit/0b44e558f311671f6e6d14c559bc1c9bda59b8df

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


CentOS 7 update for libssh2
Multiple vulnerabilities in IBM Storage Defender - Data Protect
Multiple vulnerabilities in Dell EMC Enterprise SONiC
Multiple vulnerabilities in Juniper Secure Analytics (JSA)
Multiple vulnerabilities in IBM QRadar SIEM
Multiple vulnerabilities in Oracle Linux
Red Hat Enterprise Linux 7 update for libssh2
Amazon Linux AMI update for libssh2
SUSE update for libssh2_org
Ubuntu update for libssh2