rpm package
suse/libssh2_org&distro=SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS
pkg:rpm/suse/libssh2_org&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSS
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-48795 | Med | 5.9 | < 1.11.0-150000.4.22.1 | 1.11.0-150000.4.22.1 | Dec 18, 2023 | The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end | |
| CVE-2020-22218 | — | < 1.9.0-150000.4.16.1 | 1.9.0-150000.4.16.1 | Aug 22, 2023 | An issue was discovered in function _libssh2_packet_add in libssh2 1.10.0 allows attackers to access out of bounds memory. | ||
| CVE-2019-17498 | — | < 1.11.0-150000.4.19.1 | 1.11.0-150000.4.19.1 | Oct 21, 2019 | In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subsequent memory read. A crafted SSH server may be able to disclose sensitive inf |
- affected < 1.11.0-150000.4.22.1fixed 1.11.0-150000.4.22.1
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end
- CVE-2020-22218Aug 22, 2023affected < 1.9.0-150000.4.16.1fixed 1.9.0-150000.4.16.1
An issue was discovered in function _libssh2_packet_add in libssh2 1.10.0 allows attackers to access out of bounds memory.
- CVE-2019-17498Oct 21, 2019affected < 1.11.0-150000.4.19.1fixed 1.11.0-150000.4.19.1
In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subsequent memory read. A crafted SSH server may be able to disclose sensitive inf