Описание
There's a vulnerability in the libssh package where when a libssh consumer passes in an unexpectedly large input buffer to ssh_get_fingerprint_hash() function. In such cases the bin_to_base64() function can experience an integer overflow leading to a memory under allocation, when that happens it's possible that the program perform out of bounds write leading to a heap corruption. This issue affects only 32-bits builds of libssh.
Отчет
Red Hat Product Security classified this vulnerability as having a Moderate severity. This happens because of the complexity of the attack, the possible misusage of the libssh API and the fact the attacker may not have full control over the positions and contents written into the heap. No supported Red Hat products are affected by this issue since only 32-bit builds are vulnerable.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | libssh | Not affected | ||
| Red Hat Enterprise Linux 6 | libssh2 | Not affected | ||
| Red Hat Enterprise Linux 7 | libssh2 | Not affected | ||
| Red Hat Enterprise Linux 8 | libssh | Not affected | ||
| Red Hat Enterprise Linux 9 | libssh | Not affected | ||
| Red Hat OpenShift Container Platform 4 | rhcos | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
4.5 Medium
CVSS3
Связанные уязвимости
There's a vulnerability in the libssh package where when a libssh consumer passes in an unexpectedly large input buffer to ssh_get_fingerprint_hash() function. In such cases the bin_to_base64() function can experience an integer overflow leading to a memory under allocation, when that happens it's possible that the program perform out of bounds write leading to a heap corruption. This issue affects only 32-bits builds of libssh.
There's a vulnerability in the libssh package where when a libssh consumer passes in an unexpectedly large input buffer to ssh_get_fingerprint_hash() function. In such cases the bin_to_base64() function can experience an integer overflow leading to a memory under allocation, when that happens it's possible that the program perform out of bounds write leading to a heap corruption. This issue affects only 32-bits builds of libssh.
There's a vulnerability in the libssh package where when a libssh cons ...
There's a vulnerability in the libssh package where when a libssh consumer passes in an unexpectedly large input buffer to ssh_get_fingerprint_hash() function. In such cases the bin_to_base64() function can experience an integer overflow leading to a memory under allocation, when that happens it's possible that the program perform out of bounds write leading to a heap corruption. This issue affects only 32-bits builds of libssh.
EPSS
4.5 Medium
CVSS3