Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2012-4562

Multiple integer overflows in libssh before 0.5.3 allow remote attackers to cause a denial of service (infinite loop or crash) and possibly execute arbitrary code via unspecified vectors, which triggers a buffer overflow, infinite loop, or possibly some other unspecified vulnerabilities.

Related bugs and status

CVE-2012-4562 (Candidate) is related to these bugs:

Bug #1082328: Several CVE in version < 0.5.3

		In	Importance	Status
1082328	Several CVE in version < 0.5.3	libssh (Ubuntu)	High	Fix Released
1082328	Several CVE in version < 0.5.3	libssh (Ubuntu Lucid)	Medium	Fix Released
1082328	Several CVE in version < 0.5.3	libssh (Ubuntu Oneiric)	Medium	Fix Released
1082328	Several CVE in version < 0.5.3	libssh (Ubuntu Quantal)	Medium	Fix Released
1082328	Several CVE in version < 0.5.3	libssh (Ubuntu Precise)	Medium	Fix Released
1082328	Several CVE in version < 0.5.3	libssh (Ubuntu Raring)	High	Fix Released

See the

CVE page on Mitre.org for more details.

References

MLIST: [oss-security] 2012112...
MISC: https://bugzilla.redha...
CONFIRM: http://www.libssh.org/...
BID: 56604
DEBIAN: DSA-2577
SUSE: SUSE-SU-2012:1520
SUSE: openSUSE-SU-2012:1620
SUSE: openSUSE-SU-2012:1622
UBUNTU: USN-1640-1
SUSE: openSUSE-SU-2013:0130
FEDORA: FEDORA-2012-18610
FEDORA: FEDORA-2012-18677
MANDRIVA: MDVSA-2012:175
XF: libssh-buffer-bo(80221)