Fluid Attacks Database

Description

Double free vulnerability in the sftp_mkdir function in sftp.c in libssh before 0.5.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors, a different vector than CVE-2012-4559.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 14	libssh	>=0 <0.5.3-1	0.5.3-1
debian 13	libssh	>=0 <0.5.3-1	0.5.3-1
debian 12	libssh	>=0 <0.5.3-1	0.5.3-1
debian 11	libssh	>=0 <0.5.3-1	0.5.3-1

Aliases

1. CVE-2012-60632. NVD-2012-60633. OSV-DEBIAN-2012-60634. OSV-2012-60635. SECURITY-TRACKER-CVE-2012-6063

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.