An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SFTP packets with empty payloads are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.
Published Date: Monday 25th of March 2019 03:29:01 PM
Modified Date: Monday 15th of April 2019 08:31:39 AM
Network Access Vector:
The attacker does not require local network access or local access.
Authentication is not required to access and exploit the vulnerability.
The attack can be performed manually and requires little skill or additional information gathering.
There is reduced performance or interruptions in resource availability.
There is no impact to the integrity of the system.
There is considerable information disclosure.