Описание
libssh 0.9.4 has a NULL pointer dereference in tftpserver.c if ssh_buffer_new returns NULL.
A flaw was found in libssh. A NULL pointer dereference in tftpserver.c if ssh_buffer_new returns NULL.
Отчет
libssh2 as shipped with Red Hat Enterprise Linux 6, 7, and 8 are NOT affected by this flaw; libssh2 and libssh are different codebases and libssh2 does not contain the vulnerable code. Red Hat Product Security has set the impact of this flaw to Low because there is no demonstrated way for an attacker to reliably force a NULL pointer dereference via a code path in the affected libssh code.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | libssh2 | Not affected | ||
| Red Hat Enterprise Linux 7 | libssh | Fix deferred | ||
| Red Hat Enterprise Linux 7 | libssh2 | Not affected | ||
| Red Hat Enterprise Linux 8 | libssh2 | Not affected | ||
| Red Hat Enterprise Linux 8 | libssh | Fixed | RHSA-2021:4387 | 09.11.2021 |
| Red Hat Enterprise Linux 8 | libssh | Fixed | RHSA-2021:4387 | 09.11.2021 |
| Red Hat Virtualization 4 for Red Hat Enterprise Linux 8 | redhat-virtualization-host | Fixed | RHSA-2021:4750 | 19.11.2021 |
Показывать по
Дополнительная информация
Статус:
5.9 Medium
CVSS3
Связанные уязвимости
libssh 0.9.4 has a NULL pointer dereference in tftpserver.c if ssh_buffer_new returns NULL.
libssh 0.9.4 has a NULL pointer dereference in tftpserver.c if ssh_buffer_new returns NULL.
libssh 0.9.4 has a NULL pointer dereference in tftpserver.c if ssh_buf ...
libssh 0.9.4 has a NULL pointer dereference in tftpserver.c if ssh_buffer_new returns NULL.
5.9 Medium
CVSS3