> A malicious server could send a specially crafted packet which could result in an unchecked integer overflow. The value would then be used to allocate memory causing a possible memory write out of bounds error (CWE-130). [1]
Maybe now we can put a stop to all these ssh bots crawling the internet. Just setup a malicious ssh server ;). This CVE was part of a larger release of nine separate security advisories concerning libssh2 [2].
All of the CVEs give credit to "Chris Coulson of Canonical Ltd.". Nice job Chris. Looks like they've probably developed a fuzzer targeting client packet handling. I wouldn't be surprised if we see more bugs pop up as a result of this attention.
Bugs coming out of Canonical and Red Hat are usually the result of customer issues. When I worked for a big company we reported the things we found to Red Hat as part of our enterprise support and they investigated and disclosed to the author.
Nice catch. Didn't see that. Thanks for posting that. Yeah, pretty amazing these bugs are still kicking around even for something that has been looked at pretty critically. Makes this even more impressive.
Libssh2 has not been looked at critically. Are you mixing it up with openssh? Its sadly neglected although with a slight pickup as it did a release to fix 9 CVEs. There will be many more.
> A malicious server could send a specially crafted packet which could result in an unchecked integer overflow. The value would then be used to allocate memory causing a possible memory write out of bounds error (CWE-130). [1]
Maybe now we can put a stop to all these ssh bots crawling the internet. Just setup a malicious ssh server ;). This CVE was part of a larger release of nine separate security advisories concerning libssh2 [2].
[1] https://www.libssh2.org/CVE-2019-3855.html
[2] https://www.openwall.com/lists/oss-security/2019/03/18/3