Unrated severityNVD Advisory· Published Nov 30, 2012· Updated Apr 29, 2026

CVE-2012-6063

Description

Double free vulnerability in the sftp_mkdir function in sftp.c in libssh before 0.5.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors, a different vector than CVE-2012-4559.

Affected products

Libssh/Libssh6 versions
cpe:2.3:a:libssh:libssh:*:*:*:*:*:*:*:*+ 5 more
- cpe:2.3:a:libssh:libssh:*:*:*:*:*:*:*:*range: <=0.5.2
- cpe:2.3:a:libssh:libssh:0.4.7:*:*:*:*:*:*:*
- cpe:2.3:a:libssh:libssh:0.4.8:*:*:*:*:*:*:*
- cpe:2.3:a:libssh:libssh:0.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:libssh:libssh:0.5.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:libssh:libssh:0.5.1:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.libssh.org/2012/11/20/libssh-0-5-3-security-release/nvdVendor Advisory
git.libssh.org/projects/libssh.git/commit/nvd
www.debian.org/security/2012/dsa-2577nvd
bugzilla.redhat.com/show_bug.cginvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000