Out of Bounds Memory Access in libssh2 1.10.0 by libssh2
CVE-2020-22218

7.5HIGH

Key Information:

Vendor: Libssh2
Status: Libssh2
Vendor: CVE Published:; 22 August 2023

What is CVE-2020-22218?

A vulnerability was identified in libssh2 version 1.10.0, specifically in the function _libssh2_packet_add. This flaw allows attackers to manipulate memory access, potentially leading to unauthorized access or manipulation of data. The vulnerability poses a risk of memory corruption, which could be exploited to execute arbitrary code or disrupt the normal operation of applications relying on this library. It is crucial for users and administrators to apply the necessary security patches to mitigate the risks associated with this vulnerability.

References

https://github.com/libssh2/libssh2/pull/476

https://lists.debian.org/debian-lts-announce/2023/09/msg0...

mailing-list

https://security.netapp.com/advisory/ntap-20231006-0002/

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 22, 2023
Vulnerability Reserved
Aug 13, 2020

CVE-2020-22218 Data

JSON

Libssh2

What is CVE-2020-22218?

References

CVSS V3.1

Timeline