FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-11-23 16:00:18 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
6e58e1e9-2636-413e-9f84-4c0e21143628	libssh2 -- multiple issues libssh2 developers report: Defend against possible integer overflows in comp_method_zlib_decomp. Defend against writing beyond the end of the payload in _libssh2_transport_read(). Sanitize padding_length - _libssh2_transport_read(). This prevents an underflow resulting in a potential out-of-bounds read if a server sends a too-large padding_length, possibly with malicious intent. Prevent zero-byte allocation in sftp_packet_read() which could lead to an out-of-bounds read. Check the length of data passed to sftp_packet_add() to prevent out-of-bounds reads. Add a required_size parameter to sftp_packet_require et. al. to require callers of these functions to handle packets that are too short. Additional length checks to prevent out-of-bounds reads and writes in _libssh2_packet_add(). Discovery 2019-03-14 Entry 2019-04-18 Modified 2019-07-07 libssh2 < 1.8.1,3 linux-c6-libssh2 < 1.4.2_7 linux-c7-libssh2 < 1.4.3_3 https://github.com/libssh2/libssh2/releases/tag/libssh2-1.8.1 https://libssh2.org/CVE-2019-3855.html https://libssh2.org/CVE-2019-3856.html https://libssh2.org/CVE-2019-3857.html https://libssh2.org/CVE-2019-3858.html https://libssh2.org/CVE-2019-3859.html https://libssh2.org/CVE-2019-3860.html https://libssh2.org/CVE-2019-3861.html https://libssh2.org/CVE-2019-3862.html https://libssh2.org/CVE-2019-3863.html CVE-2019-3855 CVE-2019-3856 CVE-2019-3857 CVE-2019-3858 CVE-2019-3859 CVE-2019-3860 CVE-2019-3861 CVE-2019-3862 CVE-2019-3863
9770d6ac-614d-11e5-b379-14dae9d210b8	libssh2 -- denial of service vulnerability Mariusz Ziulek reports: A malicious attacker could man in the middle a real server and cause libssh2 using clients to crash (denial of service) or otherwise read and use completely unintended memory areas in this process. Discovery 2015-01-25 Entry 2015-09-22 Modified 2015-09-22 libssh2 < 1.5.0,2 http://www.libssh2.org/adv_20150311.html https://trac.libssh2.org/ticket/294 CVE-2015-1782

VuXML ID

Description

6e58e1e9-2636-413e-9f84-4c0e21143628

libssh2 -- multiple issues

libssh2 developers report:

Defend against possible integer overflows in comp_method_zlib_decomp.

Defend against writing beyond the end of the payload in _libssh2_transport_read().

Sanitize padding_length - _libssh2_transport_read().

This prevents an underflow resulting in a potential out-of-bounds read if a server sends a too-large padding_length, possibly with malicious intent.

Prevent zero-byte allocation in sftp_packet_read() which could lead to an out-of-bounds read.

Check the length of data passed to sftp_packet_add() to prevent out-of-bounds reads.

Add a required_size parameter to sftp_packet_require et. al. to require callers of these functions to handle packets that are too short.

Additional length checks to prevent out-of-bounds reads and writes in _libssh2_packet_add().

Discovery 2019-03-14
Entry 2019-04-18
Modified 2019-07-07
libssh2

< 1.8.1,3

linux-c6-libssh2

< 1.4.2_7

linux-c7-libssh2

< 1.4.3_3

https://github.com/libssh2/libssh2/releases/tag/libssh2-1.8.1
https://libssh2.org/CVE-2019-3855.html
https://libssh2.org/CVE-2019-3856.html
https://libssh2.org/CVE-2019-3857.html
https://libssh2.org/CVE-2019-3858.html
https://libssh2.org/CVE-2019-3859.html
https://libssh2.org/CVE-2019-3860.html
https://libssh2.org/CVE-2019-3861.html
https://libssh2.org/CVE-2019-3862.html
https://libssh2.org/CVE-2019-3863.html
CVE-2019-3855
CVE-2019-3856
CVE-2019-3857
CVE-2019-3858
CVE-2019-3859
CVE-2019-3860
CVE-2019-3861
CVE-2019-3862
CVE-2019-3863

9770d6ac-614d-11e5-b379-14dae9d210b8

libssh2 -- denial of service vulnerability

Mariusz Ziulek reports:

A malicious attacker could man in the middle a real server and cause libssh2 using clients to crash (denial of service) or otherwise read and use completely unintended memory areas in this process.

Discovery 2015-01-25
Entry 2015-09-22
Modified 2015-09-22
libssh2

< 1.5.0,2

http://www.libssh2.org/adv_20150311.html
https://trac.libssh2.org/ticket/294
CVE-2015-1782