libssh2.so is vulnerable to denial of service. A malicious server is able to crash the process by sending malicious SSH packet with a padding length value greater than the packet length, which would result in an out-of-bounds read when the packet is decompressed.
CPE | Name | Operator | Version |
---|---|---|---|
libssh2.so | eq | 1.0.1 | |
libssh2 | eq | 1.4.3__12.el7 | |
libssh2 | eq | 1.4.3__12.el7_6.3 | |
libssh2 | eq | 1.4.3__12.el7_6.2 | |
libssh2 | le | 1.4.3.3 |