Description
A security vulnerability has been detected in libssh2 up to 1.11.1. The impacted element is the function userauth_password of the file src/userauth.c. Such manipulation of the argument username_len/password_len leads to integer overflow. The attack may be launched remotely. The name of the patch is 256d04b60d80bf1190e96b0ad1e91b2174d744b1. A patch should be applied to remediate this issue.
Mitigation
Minimal update. May introduce new vulnerabilities or breaking changes.
|
 debian 11 | | =1.10.0-1 || =1.10.0-2 || =1.10.0-3 || =1.11.0-1 || =1.11.0-2 || =1.11.0-3 || =1.11.0-4 || =1.11.0-4.1 || =1.11.0-4.1~exp1 || =1.11.0-5 || =1.11.0-6 || =1.11.0-7 || =1.11.1-1 || =1.11.1-2 || =1.11.1-3 || =1.9.0-2 || =1.9.0-2+deb11u1 || =1.9.0-3 | - |
debian 12 | | =1.10.0-3 || =1.11.0-1 || =1.11.0-2 || =1.11.0-3 || =1.11.0-4 || =1.11.0-4.1 || =1.11.0-4.1~exp1 || =1.11.0-5 || =1.11.0-6 || =1.11.0-7 || =1.11.1-1 || =1.11.1-2 || =1.11.1-3 | - |
debian 13 | | =1.11.1-1 || =1.11.1-2 || =1.11.1-3 | - |
debian 14 | | =1.11.1-1 || =1.11.1-2 || >=0 <1.11.1-3 | 1.11.1-3 |
 rpm rhel6 | | - | - |
rpm rhel7 | | - | - |
 alpine v3.20 | | | 1.11.0-r3 |
alpine v3.21 | | | 1.11.1-r1 |
alpine v3.22 | | | 1.11.1-r1 |
alpine v3.23 | | | 1.11.1-r2 |
