libssh2.so is vulnerable to denial of service. A malicious server is able to crash the process from an out-of-bounds read by sending malicious response packet to various commands such as the sha1
and sha226
key exchange, user auth list, user auth password, public key auth etc.
CPE | Name | Operator | Version |
---|---|---|---|
libssh2.so | le | 1.0.1-1.9.0-5.epel8.playground.x86_64.debug | |
libssh2 | le | 1.4.3.3 |