CVE-2015-1782

EPSS 4.1%

libssh2 - security update

Published: 3/13/2015Modified: 4/28/2026

Also known as:DEBIAN-CVE-2015-1782

Description

The kex_agree_methods function in libssh2 before 1.5.0 allows remote servers to cause a denial of service (crash) or have other unspecified impact via crafted length values in an SSH_MSG_KEXINIT packet.

Affected packages (3)

Debian/libssh2from 0, < 1.4.3-4.1
Debian/libssh2from 0, < 1.2.6-1+deb6u1
Debian/libssh2from 0, < 1.4.2-1.1+deb7u1

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2015-1782