In libssh2 v1.9.0 and earlier versions, the SSHMSGDISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subsequent memory read. A crafted SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server.
{ "vanir_signatures": [ { "signature_version": "v1", "signature_type": "Function", "source": "https://github.com/libssh2/libssh2/commit/dedcbd106f8e52d5586b0205bc7677e4c9868f9c", "target": { "function": "_libssh2_packet_add", "file": "src/packet.c" }, "id": "CVE-2019-17498-4ecb2cf7", "digest": { "function_hash": "261505088534266311445285255293331755792", "length": 12097.0 }, "deprecated": false }, { "signature_version": "v1", "signature_type": "Line", "source": "https://github.com/libssh2/libssh2/commit/dedcbd106f8e52d5586b0205bc7677e4c9868f9c", "target": { "file": "src/packet.c" }, "id": "CVE-2019-17498-53d4378e", "digest": { "threshold": 0.9, "line_hashes": [ "134169250891193118529304932879379553847", "205310250524678314934555577121318039325", "153129567552562233549023166857273037888", "178571371398251300229519893039166702638", "72145293158586770308147922030597846856", "26729110877010587858654623724348773108", "49362216656574584973624410357610951344", "321298245864012238897609765862223817780", "35928507602771519079905685860166519231", "154500373189842991817102946133806428940", "165260082386745301364993297193505505821", "224084172619535272672790341246973090398", "5356660278860416646992393454495665580", "215185288519949424268549841841085459888", "41027521565758756400721139453438296743", "261770080105454089080864056643957326646", "112577356930656868917282695859156546607", "266091588552765774451985637383685229894", "161769171353065646776261864065306578590", "106289505878685820278644300603721530175", "239192671667185276821494449931361882054", "119841806266198942322557246315210598842", "185703913995006478349460337437414305001", "162441443838476641014842705979708130684", "183245701107550523990847736687199011265", "50426275079859766355449435496213490799", "324037346491845418402829931648401701867", "179688840526055267239603553007128508269", "264669166455797101183041518857048771469", "44646834277421589325966971756374060949", "82508341436968592692150147669647547214", "79003347772182151645683941089650774376", "249863810074470457690593679896838544992", "253210672333095990954285753391413575534", "336128189688039022752011594700859913608", "153291091772006957249977471727743164452", "23965398749853137458110744797193196914", "269605763674799612557017037989398087974", "29582490785044912089364730362447932295", "258315015777790198444196601037297632797", "152978136810771868822522218180542514737", "57312958982436694499078779749389722939", "57734602486406847187201186044700211719", "51438989373981932051151411266176576083", "61635492046474294702511841284264092832", "219459798151302566118951099564811896122", "141584221698062118268403157313352537570", "303446371127046191600335366631671521471", "114603074537250694026974277582493472820" ] }, "deprecated": false } ] }