{"id":"CVE-2019-17498","details":"In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subsequent memory read. A crafted SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server.","modified":"2026-05-15T12:03:42.899508107Z","published":"2019-10-21T22:15:10.523Z","related":["SUSE-RU-2023:4066-1","SUSE-RU-2023:4192-1","SUSE-SU-2019:14206-1","SUSE-SU-2019:14226-1","SUSE-SU-2019:2900-1","SUSE-SU-2019:2900-2","SUSE-SU-2019:2936-1","SUSE-SU-2020:3551-1","openSUSE-SU-2019:2483-1","openSUSE-SU-2020:2126-1","openSUSE-SU-2020:2129-1","openSUSE-SU-2024:10999-1"],"database_specific":{"unresolved_ranges":[{"source":"CPE_FIELD","extracted_events":[{"last_affected":"8.0"},{"last_affected":"9.0"}],"cpes":["cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"],"vendor_product":"debian:debian_linux"},{"source":"CPE_FIELD","extracted_events":[{"last_affected":"30"},{"last_affected":"31"}],"cpes":["cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*","cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*"],"vendor_product":"fedoraproject:fedora"},{"source":"CPE_FIELD","extracted_events":[{"last_affected":"1.9.0"}],"cpes":["cpe:2.3:a:libssh2:libssh2:*:*:*:*:*:*:*:*"],"vendor_product":"libssh2:libssh2"},{"source":"CPE_FIELD","extracted_events":[{"last_affected":"15.1"}],"cpes":["cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*"],"vendor_product":"opensuse:leap"}]},"references":[{"type":"WEB","url":"http://packetstormsecurity.com/files/172835/libssh2-1.9.0-Out-Of-Bounds-Read.html"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2023/09/msg00006.html"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/22H4Q5XMGS3QNSA7OCL3U7UQZ4NXMR5O/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TY7EEE34RFKCTXTMBQQWWSLXZWSCXNDB/"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00026.html"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2019/11/msg00010.html"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2021/12/msg00013.html"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20220909-0004/"},{"type":"FIX","url":"https://github.com/libssh2/libssh2/commit/dedcbd106f8e52d5586b0205bc7677e4c9868f9c"},{"type":"ARTICLE","url":"https://blog.semmle.com/libssh2-integer-overflow-CVE-2019-17498/"},{"type":"EVIDENCE","url":"https://github.com/kevinbackhouse/SecurityExploits/tree/8cbdbbe6363510f7d9ceec685373da12e6fc752d/libssh2/out_of_bounds_read_disconnect_CVE-2019-17498"},{"type":"EVIDENCE","url":"https://github.com/libssh2/libssh2/blob/42d37aa63129a1b2644bf6495198923534322d64/src/packet.c#L480"}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H"}]}