Multiple Vulnerabilities in libssh Affecting Remote Code Execution
CVE-2012-4559

Currently unrated

Key Information:

Vendor

Libssh

Status
Libssh
Vendor
CVE Published:
30 November 2012

What is CVE-2012-4559?

libssh versions prior to 0.5.3 contain multiple double free vulnerabilities in various functions including agent_sign_data, channel_request, ssh_userauth_pubkey, sftp_parse_attr_3, and try_publickey_from_file. These flaws may allow remote attackers to cause a denial of service through application crashes and possibly execute arbitrary code via unspecified vectors. It is crucial to patch affected versions to mitigate potential exploits.

References

https://bugzilla.redhat.com/show_bug.cgi?id=871612
x_refsource_MISC
http://www.debian.org/security/2012/dsa-2577
vendor-advisoryx_refsource_DEBIAN
http://www.mandriva.com/security/advisories?name=MDVSA-20...
vendor-advisoryx_refsource_MANDRIVA

EPSS Score

5% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.