Double Free Vulnerability in libssh Affects Remote Operations
CVE-2012-6063

Currently unrated

Key Information:

Vendor: Libssh
Status: Libssh
Vendor: CVE Published:; 30 November 2012

What is CVE-2012-6063?

A double free vulnerability exists in the sftp_mkdir function within libssh versions prior to 0.5.3. This flaw allows remote attackers to potentially crash the service, resulting in a denial of service or even executing arbitrary code through unspecified vectors. Proper mitigation includes updating to the latest version where the vulnerability has been addressed.

References

https://bugzilla.redhat.com/show_bug.cgi?id=871612

x_refsource_MISC

http://www.debian.org/security/2012/dsa-2577

vendor-advisoryx_refsource_DEBIAN

http://www.libssh.org/2012/11/20/libssh-0-5-3-security-re...

x_refsource_CONFIRM

Timeline

Vulnerability published
Nov 30, 2012
Vulnerability Reserved
Nov 30, 2012

JSON

Libssh

What is CVE-2012-6063?

References

Timeline