FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-11-01 00:46:00 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
6e58e1e9-2636-413e-9f84-4c0e21143628libssh2 -- multiple issues

libssh2 developers report:

  • Defend against possible integer overflows in comp_method_zlib_decomp.
  • Defend against writing beyond the end of the payload in _libssh2_transport_read().
  • Sanitize padding_length - _libssh2_transport_read().
  • This prevents an underflow resulting in a potential out-of-bounds read if a server sends a too-large padding_length, possibly with malicious intent.
  • Prevent zero-byte allocation in sftp_packet_read() which could lead to an out-of-bounds read.
  • Check the length of data passed to sftp_packet_add() to prevent out-of-bounds reads.
  • Add a required_size parameter to sftp_packet_require et. al. to require callers of these functions to handle packets that are too short.
  • Additional length checks to prevent out-of-bounds reads and writes in _libssh2_packet_add().

Discovery 2019-03-14
Entry 2019-04-18
Modified 2019-07-07
libssh2
< 1.8.1,3

linux-c6-libssh2
< 1.4.2_7

linux-c7-libssh2
< 1.4.3_3

https://github.com/libssh2/libssh2/releases/tag/libssh2-1.8.1
https://libssh2.org/CVE-2019-3855.html
https://libssh2.org/CVE-2019-3856.html
https://libssh2.org/CVE-2019-3857.html
https://libssh2.org/CVE-2019-3858.html
https://libssh2.org/CVE-2019-3859.html
https://libssh2.org/CVE-2019-3860.html
https://libssh2.org/CVE-2019-3861.html
https://libssh2.org/CVE-2019-3862.html
https://libssh2.org/CVE-2019-3863.html
CVE-2019-3855
CVE-2019-3856
CVE-2019-3857
CVE-2019-3858
CVE-2019-3859
CVE-2019-3860
CVE-2019-3861
CVE-2019-3862
CVE-2019-3863
9770d6ac-614d-11e5-b379-14dae9d210b8libssh2 -- denial of service vulnerability

Mariusz Ziulek reports:

A malicious attacker could man in the middle a real server and cause libssh2 using clients to crash (denial of service) or otherwise read and use completely unintended memory areas in this process.


Discovery 2015-01-25
Entry 2015-09-22
Modified 2015-09-22
libssh2
< 1.5.0,2

http://www.libssh2.org/adv_20150311.html
https://trac.libssh2.org/ticket/294
CVE-2015-1782