Описание
nse_libssh2.cc in Nmap 7.70 is subject to a denial of service condition due to a double free when an SSH connection fails, as demonstrated by a leading \n character to ssh-brute.nse or ssh-auth-methods.nse.
Отчет
Red Hat Enterprise Linux 8 is shipped with a vulnerable version of nmap sources, however, the libssh2 module is explicitly excluded from compilation, and is thus not affected. A future update may fix the source. Red Hat Enterprise Linux 7 and older are shipped with nmap-6.40 and older, which do not contain the libssh2 module.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | nmap | Not affected | ||
| Red Hat Enterprise Linux 6 | nmap | Not affected | ||
| Red Hat Enterprise Linux 7 | nmap | Not affected | ||
| Red Hat Enterprise Linux 8 | nmap | Not affected |
Показывать по
Дополнительная информация
Статус:
4.3 Medium
CVSS3
Связанные уязвимости
nse_libssh2.cc in Nmap 7.70 is subject to a denial of service condition due to a double free when an SSH connection fails, as demonstrated by a leading \n character to ssh-brute.nse or ssh-auth-methods.nse.
nse_libssh2.cc in Nmap 7.70 is subject to a denial of service condition due to a double free when an SSH connection fails, as demonstrated by a leading \n character to ssh-brute.nse or ssh-auth-methods.nse.
nse_libssh2.cc in Nmap 7.70 is subject to a denial of service conditio ...
nse_libssh2.cc in Nmap 7.70 is subject to a denial of service condition due to a double free when an SSH connection fails, as demonstrated by a leading \n character to ssh-brute.nse or ssh-auth-methods.nse.
4.3 Medium
CVSS3