|
|
Log in / Subscribe / Register

libssh2: information leak

Package(s):libssh2 CVE #(s):CVE-2015-1782
Created:March 11, 2015 Updated:December 22, 2015
Description: From the Debian advisory:

Mariusz Ziulek reported that libssh2, a SSH2 client-side library, was reading and using the SSH_MSG_KEXINIT packet without doing sufficient range checks when negotiating a new SSH session with a remote server. A malicious attacker could man in the middle a real server and cause a client using the libssh2 library to crash (denial of service) or otherwise read and use unintended memory areas in this process.

Alerts:
Scientific Linux SLSA-2015:2140-7 libssh2 2015-12-21
Oracle ELSA-2015-2140 libssh2 2015-11-23
Red Hat RHSA-2015:2140-07 libssh2 2015-11-19
Fedora FEDORA-2015-3791 libssh2 2015-03-30
Mandriva MDVSA-2015:148 libssh2 2015-03-29
Mandriva MDVSA-2015:148-1 libssh2 2015-03-29
Fedora FEDORA-2015-3797 libssh2 2015-03-19
openSUSE openSUSE-SU-2015:0534-1 libssh2_org 2015-03-19
Debian-LTS DLA-171-1 libssh2 2015-03-14
Mageia MGASA-2015-0107 libssh2 2015-03-12
Debian DSA-3182-1 libssh2 2015-03-11
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds