libssh2.so is vulnerable to denial of service. A malicious server is able to crash the process by sending a malicious SFTP packet with zero value for the payload length, causing zero-byte allocation that results in an out-of-bounds read.
CPE | Name | Operator | Version |
---|---|---|---|
libssh2.so | le | 1.0.1-1 | |
libssh2 | eq | 1.4.3__12.el7 | |
libssh2 | eq | 1.4.3__12.el7_6.3 | |
libssh2 | eq | 1.4.3__12.el7_6.2 | |
libssh2 | le | 1.4.3.3 |