MGASA-2019-0343
Advisory lineage Upstream: 1 Downstream: 0
Upstream
Published: 30 Nov 2019, 13:06
Last modified:16 Apr 2026, 04:26
Vulnerability Summary
Overall Risk (default)
minimal
0/100 CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
30 Nov 2019, 13:06
Published
Vulnerability first disclosed
16 Apr 2026, 04:26
Last Modified
Vulnerability information updated
Description
Updated libssh2 packages fix security vulnerability The updated packages fix a security vulnerability: In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subsequent memory read. A crafted SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server. (CVE-2019-17498)
Affected Systems
- mageia•libssh2
< 1.8.2-1.1.mga7
References (6)
- https://advisories.mageia.org/MGASA-2019-0343.html
- https://bugs.mageia.org/show_bug.cgi?id=25704
- https://www.debian.org/lts/security/2019/dla-1991
- https://lists.debian.org/debian-lts-announce/2019/11/msg00010.html
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=943562
- https://security-tracker.debian.org/tracker/CVE-2019-17498