CVE-2019-17498

libssh2: integer overflow in SSH_MSG_DISCONNECT logic in packet.c

Severity Score

8.1

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subsequent memory read. A crafted SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server.

En libssh2 versión v1.9.0 y anteriores, la lógica de la función SSH_MSG_DISCONNECT en el archivo packet.c presenta un desbordamiento de enteros en una comprobación de límites, lo que permite a un atacante especificar un desplazamiento arbitrario (fuera de límites) para una lectura de memoria posterior. Un servidor SSH diseñado puede ser capaz de revelar información confidencial o causar una condición de denegación de servicio en el sistema del cliente cuando un usuario conecta con el servidor.

Red Hat OpenShift Do is a simple CLI tool for developers to create, build, and deploy applications on OpenShift. The odo tool is completely client-based and requires no server within the OpenShift cluster for deployment. It detects changes to local code and deploys it to the cluster automatically, giving instant feedback to validate changes in real-time. It supports multiple programming languages and frameworks. Red Hat OpenShift Do openshift/odo-init-image 1.1.3 is a container image that is used as part of the InitContainer setup that provisions odo components.

*Credits: N/A

CVSS Scores

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

Partial

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2019-10-11 CVE Reserved
2019-10-21 CVE Published
2022-12-26 First Exploit
2024-08-05 CVE Updated
2025-06-16 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-190: Integer Overflow or Wraparound
CWE-400: Uncontrolled Resource Consumption

CAPEC

References (16)

URL	Tag	Source
http://packetstormsecurity.com/files/172835/libssh2-1.9.0-Out-Of-Bounds-Read.html
https://blog.semmle.com/libssh2-integer-overflow-CVE-2019-17498	Broken Link
https://lists.debian.org/debian-lts-announce/2019/11/msg00010.html	Mailing List
https://lists.debian.org/debian-lts-announce/2021/12/msg00013.html	Mailing List
https://lists.debian.org/debian-lts-announce/2023/09/msg00006.html	Mailing List
https://security.netapp.com/advisory/ntap-20220909-0004	Third Party Advisory

URL	Date	SRC
https://packetstorm.news/files/id/172835	2023-06-12
https://github.com/Timon-L/3007Project	2022-12-26
https://github.com/kevinbackhouse/SecurityExploits/tree/8cbdbbe6363510f7d9ceec685373da12e6fc752d/libssh2/out_of_bounds_read_disconnect_CVE-2019-17498	2024-08-05
https://github.com/libssh2/libssh2/blob/42d37aa63129a1b2644bf6495198923534322d64/src/packet.c#L480	2024-08-05

URL	Date	SRC
https://github.com/libssh2/libssh2/commit/dedcbd106f8e52d5586b0205bc7677e4c9868f9c	2023-11-07

URL	Date	SRC
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00026.html	2023-11-07
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/22H4Q5XMGS3QNSA7OCL3U7UQZ4NXMR5O	2023-11-07
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TY7EEE34RFKCTXTMBQQWWSLXZWSCXNDB	2023-11-07
https://access.redhat.com/security/cve/CVE-2019-17498	2021-03-22
https://bugzilla.redhat.com/show_bug.cgi?id=1766898	2021-03-22

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Netapp Search vendor "Netapp"	Bootstrap Os Search vendor "Netapp" for product "Bootstrap Os"	-	-	Affected	in	Netapp Search vendor "Netapp"	Hci Compute Node Search vendor "Netapp" for product "Hci Compute Node"	-	-	Safe
Libssh2 Search vendor "Libssh2"		Libssh2 Search vendor "Libssh2" for product "Libssh2"				<= 1.9.0 Search vendor "Libssh2" for product "Libssh2" and version " <= 1.9.0"		-		Affected
Fedoraproject Search vendor "Fedoraproject"		Fedora Search vendor "Fedoraproject" for product "Fedora"				30 Search vendor "Fedoraproject" for product "Fedora" and version "30"		-		Affected
Fedoraproject Search vendor "Fedoraproject"		Fedora Search vendor "Fedoraproject" for product "Fedora"				31 Search vendor "Fedoraproject" for product "Fedora" and version "31"		-		Affected
Opensuse Search vendor "Opensuse"		Leap Search vendor "Opensuse" for product "Leap"				15.1 Search vendor "Opensuse" for product "Leap" and version "15.1"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0"		-		Affected
Netapp Search vendor "Netapp"		Active Iq Unified Manager Search vendor "Netapp" for product "Active Iq Unified Manager"				-		vmware_vsphere		Affected
Netapp Search vendor "Netapp"		Element Software Search vendor "Netapp" for product "Element Software"				-		-		Affected
Netapp Search vendor "Netapp"		Hci Management Node Search vendor "Netapp" for product "Hci Management Node"				-		-		Affected
Netapp Search vendor "Netapp"		Ontap Select Deploy Administration Utility Search vendor "Netapp" for product "Ontap Select Deploy Administration Utility"				-		-		Affected
Netapp Search vendor "Netapp"		Solidfire Search vendor "Netapp" for product "Solidfire"				-		-		Affected