{"id":"CVE-2019-17498","details":"In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subsequent memory read. A crafted SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server.","modified":"2026-04-02T01:41:52.474067Z","published":"2019-10-21T22:15:10.523Z","related":["MGASA-2019-0343","SUSE-RU-2023:4066-1","SUSE-RU-2023:4192-1","SUSE-SU-2019:14206-1","SUSE-SU-2019:14226-1","SUSE-SU-2019:2900-1","SUSE-SU-2019:2900-2","SUSE-SU-2019:2936-1","SUSE-SU-2020:3551-1","openSUSE-SU-2019:2483-1","openSUSE-SU-2020:2126-1","openSUSE-SU-2020:2129-1","openSUSE-SU-2024:10999-1"],"references":[{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2023/09/msg00006.html"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/22H4Q5XMGS3QNSA7OCL3U7UQZ4NXMR5O/"},{"type":"WEB","url":"http://packetstormsecurity.com/files/172835/libssh2-1.9.0-Out-Of-Bounds-Read.html"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TY7EEE34RFKCTXTMBQQWWSLXZWSCXNDB/"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2019/11/msg00010.html"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2021/12/msg00013.html"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20220909-0004/"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00026.html"},{"type":"FIX","url":"https://github.com/libssh2/libssh2/commit/dedcbd106f8e52d5586b0205bc7677e4c9868f9c"},{"type":"ARTICLE","url":"https://blog.semmle.com/libssh2-integer-overflow-CVE-2019-17498/"},{"type":"EVIDENCE","url":"https://github.com/kevinbackhouse/SecurityExploits/tree/8cbdbbe6363510f7d9ceec685373da12e6fc752d/libssh2/out_of_bounds_read_disconnect_CVE-2019-17498"},{"type":"EVIDENCE","url":"https://github.com/libssh2/libssh2/blob/42d37aa63129a1b2644bf6495198923534322d64/src/packet.c#L480"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/libssh2/libssh2","events":[{"introduced":"0"},{"last_affected":"42d37aa63129a1b2644bf6495198923534322d64"},{"fixed":"dedcbd106f8e52d5586b0205bc7677e4c9868f9c"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.9.0"}]}}],"versions":["RELEASE.0.1","RELEASE.0.10","RELEASE.0.11","RELEASE.0.12","RELEASE.0.13","RELEASE.0.14","RELEASE.0.15","RELEASE.0.16","RELEASE.0.17","RELEASE.0.18","RELEASE.0.3","RELEASE.0.5","RELEASE.0.6","RELEASE.0.7","RELEASE.0.8","RELEASE.1.0","RELEASE.1.1","beforenb-0.14","beforenb2-0.14","libssh2-1.2","libssh2-1.2.1","libssh2-1.2.2","libssh2-1.2.3","libssh2-1.2.4","libssh2-1.2.5","libssh2-1.2.6","libssh2-1.2.7","libssh2-1.2.8","libssh2-1.2.9","libssh2-1.3.0","libssh2-1.4.0","libssh2-1.4.1","libssh2-1.4.2","libssh2-1.4.3","libssh2-1.5.0","libssh2-1.6.0","libssh2-1.7.0","libssh2-1.8.0","libssh2-1.8.1","libssh2-1.8.2","libssh2-1.9.0","start"],"database_specific":{"vanir_signatures":[{"deprecated":false,"id":"CVE-2019-17498-4ecb2cf7","source":"https://github.com/libssh2/libssh2/commit/dedcbd106f8e52d5586b0205bc7677e4c9868f9c","signature_version":"v1","signature_type":"Function","digest":{"function_hash":"261505088534266311445285255293331755792","length":12097},"target":{"file":"src/packet.c","function":"_libssh2_packet_add"}},{"deprecated":false,"id":"CVE-2019-17498-53d4378e","source":"https://github.com/libssh2/libssh2/commit/dedcbd106f8e52d5586b0205bc7677e4c9868f9c","signature_version":"v1","signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["134169250891193118529304932879379553847","205310250524678314934555577121318039325","153129567552562233549023166857273037888","178571371398251300229519893039166702638","72145293158586770308147922030597846856","26729110877010587858654623724348773108","49362216656574584973624410357610951344","321298245864012238897609765862223817780","35928507602771519079905685860166519231","154500373189842991817102946133806428940","165260082386745301364993297193505505821","224084172619535272672790341246973090398","5356660278860416646992393454495665580","215185288519949424268549841841085459888","41027521565758756400721139453438296743","261770080105454089080864056643957326646","112577356930656868917282695859156546607","266091588552765774451985637383685229894","161769171353065646776261864065306578590","106289505878685820278644300603721530175","239192671667185276821494449931361882054","119841806266198942322557246315210598842","185703913995006478349460337437414305001","162441443838476641014842705979708130684","183245701107550523990847736687199011265","50426275079859766355449435496213490799","324037346491845418402829931648401701867","179688840526055267239603553007128508269","264669166455797101183041518857048771469","44646834277421589325966971756374060949","82508341436968592692150147669647547214","79003347772182151645683941089650774376","249863810074470457690593679896838544992","253210672333095990954285753391413575534","336128189688039022752011594700859913608","153291091772006957249977471727743164452","23965398749853137458110744797193196914","269605763674799612557017037989398087974","29582490785044912089364730362447932295","258315015777790198444196601037297632797","152978136810771868822522218180542514737","57312958982436694499078779749389722939","57734602486406847187201186044700211719","51438989373981932051151411266176576083","61635492046474294702511841284264092832","219459798151302566118951099564811896122","141584221698062118268403157313352537570","303446371127046191600335366631671521471","114603074537250694026974277582493472820"]},"target":{"file":"src/packet.c"}}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-17498.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"30"}]},{"events":[{"introduced":"0"},{"last_affected":"31"}]},{"events":[{"introduced":"0"},{"last_affected":"15.1"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0"}]},{"events":[{"introduced":"0"},{"last_affected":"9.0"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H"}]}