Integer Overflow Vulnerability in Libssh Affects Multiple Platforms
CVE-2012-4562

Currently unrated

Key Information:

Vendor: Libssh
Status: Libssh
Vendor: CVE Published:; 30 November 2012

What is CVE-2012-4562?

Libssh prior to version 0.5.3 is susceptible to multiple integer overflow vulnerabilities. These flaws enable remote attackers to trigger denial of service conditions, such as infinite loops or application crashes. Additionally, there is potential for execution of arbitrary code through unspecified vectors that exploit these vulnerabilities. It is critical for users of affected libssh versions to apply updates to mitigate associated risks.

References

http://lists.opensuse.org/opensuse-security-announce/2012...

vendor-advisoryx_refsource_SUSE

http://www.debian.org/security/2012/dsa-2577

vendor-advisoryx_refsource_DEBIAN

http://www.mandriva.com/security/advisories?name=MDVSA-20...

vendor-advisoryx_refsource_MANDRIVA

EPSS Score

6% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Nov 30, 2012
Vulnerability Reserved
Aug 21, 2012

JSON