CVE-2012-4559
Gentoo Linux Security Advisory 201402-26
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Multiple double free vulnerabilities in the (1) agent_sign_data function in agent.c, (2) channel_request function in channels.c, (3) ssh_userauth_pubkey function in auth.c, (4) sftp_parse_attr_3 function in sftp.c, and (5) try_publickey_from_file function in keyfiles.c in libssh before 0.5.3 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.
Múltiples vulnerabilidades de doble liberación en las funciones (1) agent_sign_data en agent.c, (2) channel_request en channels.c, (3) ssh_userauth_pubkey en auth.c, (4) sftp_parse_attr_3 en sftp.c, y (5) try_publickey_from_file en keyfiles.c en libssh antes de v0.5.3 permiten a atacantes remotos provocar una denegación de servicio (caída de la aplicación) y posiblemente ejecutar código de su elección a través de vectores no especificados.
Multiple vulnerabilities have been found in libssh, allowing attackers to execute arbitrary code or cause Denial of Service. Versions less than 0.5.3 are affected.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2012-08-21 CVE Reserved
- 2012-11-30 CVE Published
- 2024-08-06 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-399: Resource Management Errors
CAPEC
References (13)
| URL | Tag | Source |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2012/11/20/3 | Mailing List |
|
| http://www.securityfocus.com/bid/56604 | Vdb Entry | |
| https://bugzilla.redhat.com/show_bug.cgi?id=871612 | X_refsource_misc | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/80218 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Libssh Search vendor "Libssh" | Libssh Search vendor "Libssh" for product "Libssh" | <= 0.5.2 Search vendor "Libssh" for product "Libssh" and version " <= 0.5.2" | - |
Affected
| ||||||
| Libssh Search vendor "Libssh" | Libssh Search vendor "Libssh" for product "Libssh" | 0.4.7 Search vendor "Libssh" for product "Libssh" and version "0.4.7" | - |
Affected
| ||||||
| Libssh Search vendor "Libssh" | Libssh Search vendor "Libssh" for product "Libssh" | 0.4.8 Search vendor "Libssh" for product "Libssh" and version "0.4.8" | - |
Affected
| ||||||
| Libssh Search vendor "Libssh" | Libssh Search vendor "Libssh" for product "Libssh" | 0.5.0 Search vendor "Libssh" for product "Libssh" and version "0.5.0" | - |
Affected
| ||||||
| Libssh Search vendor "Libssh" | Libssh Search vendor "Libssh" for product "Libssh" | 0.5.0 Search vendor "Libssh" for product "Libssh" and version "0.5.0" | rc1 |
Affected
| ||||||
| Libssh Search vendor "Libssh" | Libssh Search vendor "Libssh" for product "Libssh" | 0.5.1 Search vendor "Libssh" for product "Libssh" and version "0.5.1" | - |
Affected
| ||||||