Описание
There's a vulnerability in the libssh package where when a libssh consumer passes in an unexpectedly large input buffer to ssh_get_fingerprint_hash() function. In such cases the bin_to_base64() function can experience an integer overflow leading to a memory under allocation, when that happens it's possible that the program perform out of bounds write leading to a heap corruption. This issue affects only 32-bits builds of libssh.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 0.11.2-1 |
| esm-infra/bionic | released | 0.8.0~20170825.94fa1e38-1ubuntu0.7+esm4 |
| esm-infra/focal | released | 0.9.3-2ubuntu2.5+esm1 |
| esm-infra/xenial | released | 0.6.3-4.3ubuntu0.6+esm2 |
| jammy | released | 0.9.6-2ubuntu0.22.04.4 |
| noble | released | 0.10.6-2ubuntu0.1 |
| oracular | released | 0.10.6-3ubuntu1.1 |
| plucky | released | 0.11.1-1ubuntu0.1 |
| upstream | released | 0.11.2 |
Показывать по
4.5 Medium
CVSS3
Связанные уязвимости
There's a vulnerability in the libssh package where when a libssh consumer passes in an unexpectedly large input buffer to ssh_get_fingerprint_hash() function. In such cases the bin_to_base64() function can experience an integer overflow leading to a memory under allocation, when that happens it's possible that the program perform out of bounds write leading to a heap corruption. This issue affects only 32-bits builds of libssh.
There's a vulnerability in the libssh package where when a libssh consumer passes in an unexpectedly large input buffer to ssh_get_fingerprint_hash() function. In such cases the bin_to_base64() function can experience an integer overflow leading to a memory under allocation, when that happens it's possible that the program perform out of bounds write leading to a heap corruption. This issue affects only 32-bits builds of libssh.
There's a vulnerability in the libssh package where when a libssh cons ...
There's a vulnerability in the libssh package where when a libssh consumer passes in an unexpectedly large input buffer to ssh_get_fingerprint_hash() function. In such cases the bin_to_base64() function can experience an integer overflow leading to a memory under allocation, when that happens it's possible that the program perform out of bounds write leading to a heap corruption. This issue affects only 32-bits builds of libssh.
Уязвимость функции ssh_get_fingerprint_hash() библиотеки libssh, позволяющая нарушителю выполнить произвольный код
4.5 Medium
CVSS3