CVE-2019-17498 vulnerability in Libssh2 and Other Products
Published on October 21, 2019

In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subsequent memory read. A crafted SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server.

Vendor Advisory Vendor Advisory Vendor Advisory NVD

Products Associated with CVE-2019-17498

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2019-17498 are published in these products:

Libssh2

Debian Linux

Fedora Project Fedora

OpenSuse Leap

NetApp Element Software

NetApp Ontap Select Deploy Administration Utility

NetApp Solidfire

NetApp Hci Management Node

NetApp Active Iq Unified Manager

Exploit Probability

EPSS

2.20%

Percentile

84.20%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2019-17498 vulnerability in Libssh2 and Other ProductsPublished on October 21, 2019

Products Associated with CVE-2019-17498

Exploit Probability

CVE-2019-17498 vulnerability in Libssh2 and Other Products
Published on October 21, 2019