libssh2 through 1.11.1, fixed in commit 7acf3df contains an out-of-bounds write vulnerability in ssh2_transport_read() that fails to enforce upper bounds on packet_length field. Remote attackers can send crafted SSH packets with excessively large packet_length values to corrupt heap memory and achieve remote code execution.
| Vendor | Product | Versions |
|---|---|---|
| libssh2 | libssh2 | 0 |
Downstream vendors/products affected by this vulnerability
| Vendor | Product | Source | Confidence |
|---|---|---|---|
| open source | libssh2 | cert_advisory | 90% |
Updated severity to CRITICAL, marked patch as null, added new IOC URL, and included new CVE tags.
Updated severity to CRITICAL and CVSS score to 9.2.
Updated severity to HIGH, added affected version 1.11.1, and provided new patch version 1.11.1-3 along with additional CWE and tags.
Updated severity to HIGH, marked exploit as available, and added Denial of Service tag.
Updated severity to CRITICAL, changed exploit availability to false, and added a more detailed description of the vulnerability.
Initial creation
