Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 21/07/2023 Updated: 07/11/2023

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 0

A missing allocation check in sftp server processing read requests may cause a NULL dereference on low-memory conditions. The malicious client can request up to 4GB SFTP reads, causing allocation of up to 4GB buffers, which was not being checked for failure. This will likely crash the authenticated user's sftp server connection (if implemented as forking as recommended). For thread-based servers, this might also cause DoS for legitimate users. Given this code is not in any released versions, no security releases have been issued.

Vulnerable Product	Search on Vulmon	Subscribe to Product
libssh libssh -

DescriptionA missing allocation check in sftp server processing read requests may cause a NULL dereference on low-memory conditions The malicious client can request up to 4GB SFTP reads, causing allocation of up to 4GB buffers, which was not being checked for failure This will likely crash the authenticated user's sftp server connection (i ...

CWE-770 https://bugzilla.redhat.com/show_bug.cgi?id=2221791 https://access.redhat.com/security/cve/CVE-2023-3603 https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2023-3603

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2023-3603

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect