NVD Vulnerability Detail

CVE-2019-17498

Summary	In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subsequent memory read. A crafted SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server.
Publication Date	Oct. 22, 2019, 7:15 a.m.
Registration Date	Jan. 26, 2021, 11:40 a.m.
Last Update	Nov. 21, 2024, 1:32 p.m.

CVSS3.1 : HIGH
スコア	8.1
Vector	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	低
攻撃に必要な特権レベル(PR)	不要
利用者の関与(UI)	要
影響の想定範囲(S)	変更なし
機密性への影響(C)	高
完全性への影響(I)	なし
可用性への影響(A)	高

CVSS2.0 : MEDIUM
Score	5.8
Vector	AV:N/AC:M/Au:N/C:P/I:N/A:P
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	中
攻撃前の認証要否(Au)	不要
機密性への影響(C)	低
完全性への影響(I)	なし
可用性への影響(A)	低
Get all privileges.	いいえ
Get user privileges	いいえ
Get other privileges	いいえ
User operation required	はい

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:libssh2:libssh2::::::::			1.9.0

Configuration2	or higher	or less	more than	less than
cpe:2.3:o:fedoraproject:fedora:30:::::::*
cpe:2.3:o:fedoraproject:fedora:31:::::::*

Configuration3		or higher	or less	more than	less than
cpe:2.3:o:opensuse:leap:15.1:::::::*

Configuration4	or higher	or less	more than	less than
cpe:2.3:o:debian:debian_linux:8.0:::::::*
cpe:2.3:o:debian:debian_linux:9.0:::::::*

Configuration5	or higher	or less	more than	less than
cpe:2.3:a:netapp:element_software:-:::::::*
cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:::::::*
cpe:2.3:a:netapp:solidfire:-:::::::*
cpe:2.3:a:netapp:hci_management_node:-:::::::*
cpe:2.3:a:netapp:active_iq_unified_manager:-:::::vmware_vsphere::

Configuration6		or higher	or less	more than	less than
cpe:2.3:o:netapp:bootstrap_os:-:::::::*
execution environment
1	cpe:2.3:h:netapp:hci_compute_node:-:::::::*

Related information, measures and tools

No	URL	タグ
1	http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00026.html	Mailing List Third Party Advisory
2	http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00026.html	Mailing List Third Party Advisory
3	http://packetstormsecurity.com/files/172835/libssh2-1.9.0-Out-Of-Bounds-Read.html
4	http://packetstormsecurity.com/files/172835/libssh2-1.9.0-Out-Of-Bounds-Read.html
5	https://blog.semmle.com/libssh2-integer-overflow-CVE-2019-17498/	Broken Link
6	https://blog.semmle.com/libssh2-integer-overflow-CVE-2019-17498/	Broken Link
7	https://github.com/kevinbackhouse/SecurityExploits/tree/8cbdbbe6363510f7d9ceec685373da12e6fc752d/libssh2/out_of_bounds_read_disconnect_CVE-2019-17498	Exploit Third Party Advisory
8	https://github.com/kevinbackhouse/SecurityExploits/tree/8cbdbbe6363510f7d9ceec685373da12e6fc752d/libssh2/out_of_bounds_read_disconnect_CVE-2019-17498	Exploit Third Party Advisory
9	https://github.com/libssh2/libssh2/blob/42d37aa63129a1b2644bf6495198923534322d64/src/packet.c#L480	Exploit Third Party Advisory
10	https://github.com/libssh2/libssh2/blob/42d37aa63129a1b2644bf6495198923534322d64/src/packet.c#L480	Exploit Third Party Advisory
11	https://github.com/libssh2/libssh2/commit/dedcbd106f8e52d5586b0205bc7677e4c9868f9c	Patch Third Party Advisory
12	https://github.com/libssh2/libssh2/commit/dedcbd106f8e52d5586b0205bc7677e4c9868f9c	Patch Third Party Advisory
13	https://lists.debian.org/debian-lts-announce/2019/11/msg00010.html	Mailing List Third Party Advisory
14	https://lists.debian.org/debian-lts-announce/2019/11/msg00010.html	Mailing List Third Party Advisory
15	https://lists.debian.org/debian-lts-announce/2021/12/msg00013.html	Mailing List Third Party Advisory
16	https://lists.debian.org/debian-lts-announce/2021/12/msg00013.html	Mailing List Third Party Advisory
17	https://lists.debian.org/debian-lts-announce/2023/09/msg00006.html
18	https://lists.debian.org/debian-lts-announce/2023/09/msg00006.html
19	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/22H4Q5XMGS3QNSA7OCL3U7UQZ4NXMR5O/
20	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/22H4Q5XMGS3QNSA7OCL3U7UQZ4NXMR5O/
21	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TY7EEE34RFKCTXTMBQQWWSLXZWSCXNDB/
22	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TY7EEE34RFKCTXTMBQQWWSLXZWSCXNDB/
23	https://security.netapp.com/advisory/ntap-20220909-0004/	Third Party Advisory
24	https://security.netapp.com/advisory/ntap-20220909-0004/	Third Party Advisory

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-190	整数オーバーフローまたはラップアラウンド	https://cwe.mitre.org/data/definitions/190.html

JVN Vulnerability Information

libssh2 における整数オーバーフローの脆弱性

Title	libssh2 における整数オーバーフローの脆弱性
Summary	libssh2 には、整数オーバーフローの脆弱性が存在します。
Possible impacts	情報を取得される、およびサービス運用妨害 (DoS) 状態にされる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	Aug. 30, 2019, midnight
Registration Date	Oct. 30, 2019, 1:49 p.m.
Last Update	Oct. 30, 2019, 1:49 p.m.

Affected System

libssh2.org

libssh2 1.9.0 およびそれ以前

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2019-17498	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17498
National Vulnerability Database (NVD)
2	CVE-2019-17498	https://nvd.nist.gov/vuln/detail/CVE-2019-17498

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-190	https://cwe.mitre.org/data/definitions/190.html

ベンダー情報

No	Name	URL
GitHub
1	libssh2/src/packet.c	https://github.com/libssh2/libssh2/blob/42d37aa63129a1b2644bf6495198923534322d64/src/packet.c#L480
2	packet.c: improve message parsing #402	https://github.com/libssh2/libssh2/pull/402/commits/1c6fa92b77e34d089493fe6d3e2c6c8775858b94

Change Log

No	Changed Details	Date of change
1	[2019年10月30日] 掲載	Oct. 30, 2019, 1:49 p.m.