Vulnerability CVE-2012-4562

Vulnerability Name:

CVE-2012-4562 (CCN-80221)

Assigned:

2012-11-20

Published:

2012-11-20

Updated:

2017-08-29

Summary:

Multiple integer overflows in libssh before 0.5.3 allow remote attackers to cause a denial of service (infinite loop or crash) and possibly execute arbitrary code via unspecified vectors, which triggers a buffer overflow, infinite loop, or possibly some other unspecified vulnerabilities.

CVSS v3 Severity:

7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
5.5 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
5.5 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

CWE-189

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2012-4562

Source: FEDORA
Type: UNKNOWN
FEDORA-2012-18610

Source: FEDORA
Type: UNKNOWN
FEDORA-2012-18677

Source: SUSE
Type: UNKNOWN
SUSE-SU-2012:1520

Source: SUSE
Type: UNKNOWN
openSUSE-SU-2012:1620

Source: SUSE
Type: UNKNOWN
openSUSE-SU-2012:1622

Source: SUSE
Type: UNKNOWN
openSUSE-SU-2013:0130

Source: DEBIAN
Type: UNKNOWN
DSA-2577

Source: DEBIAN
Type: DSA-2577
libssh -- several vulnerabilities

Source: CCN
Type: libssh Web site
libssh

Source: CONFIRM
Type: Vendor Advisory
http://www.libssh.org/2012/11/20/libssh-0-5-3-security-release/

Source: MANDRIVA
Type: UNKNOWN
MDVSA-2012:175

Source: MLIST
Type: UNKNOWN
[oss-security] 20121120 libssh 0.5.3 release fixes multiple security issues

Source: BID
Type: UNKNOWN
56604

Source: CCN
Type: BID-56604
libssh Multiple Buffer Overflow and Denial of Service Vulnerabilities

Source: UBUNTU
Type: UNKNOWN
USN-1640-1

Source: MISC
Type: UNKNOWN
https://bugzilla.redhat.com/show_bug.cgi?id=871620

Source: CCN
Type: Red Hat Bugzilla Bug 871620
CVE-2012-4562 libssh: multiple improper overflow checks

Source: XF
Type: UNKNOWN
libssh-buffer-bo(80221)

Source: XF
Type: UNKNOWN
libssh-buffer-bo(80221)

Vulnerable Configuration:

Configuration 1:

cpe:/a:libssh:libssh:0.4.7:*:*:*:*:*:*:*

OR cpe:/a:libssh:libssh:0.4.8:*:*:*:*:*:*:*

OR cpe:/a:libssh:libssh:0.5.0:*:*:*:*:*:*:*

OR cpe:/a:libssh:libssh:0.5.0:rc1:*:*:*:*:*:*

OR cpe:/a:libssh:libssh:0.5.1:*:*:*:*:*:*:*

OR cpe:/a:libssh:libssh:*:*:*:*:*:*:*:* (Version <= 0.5.2)

Configuration CCN 1:

cpe:/a:libssh:libssh:0.5.2:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:26114	P	Security update for openexr (Important)	2021-09-02
oval:org.opensuse.security:def:20124562	V	CVE-2012-4562	2021-08-15
oval:org.opensuse.security:def:55217	P	Security update for arpwatch (Important)	2021-06-28
oval:org.opensuse.security:def:36489	P	libssh2-0.2-5.20.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:26050	P	Security update for python3 (Important)	2021-05-17
oval:org.opensuse.security:def:55895	P	Security update for bind (Important)	2021-05-04
oval:org.opensuse.security:def:26038	P	Security update for curl (Moderate)	2021-04-28
oval:org.opensuse.security:def:26039	P	Security update for libnettle (Important)	2021-04-28
oval:org.opensuse.security:def:54772	P	Security update for wpa_supplicant (Important)	2021-03-09
oval:org.opensuse.security:def:26206	P	Security update for the Linux Kernel (Important)	2021-03-09
oval:org.opensuse.security:def:57171	P	Security update for perl-XML-Twig (Moderate)	2021-03-01
oval:org.opensuse.security:def:26195	P	Security update for php74 (Important)	2021-02-19
oval:org.opensuse.security:def:26194	P	Security update for java-1_7_1-ibm (Important)	2021-02-18
oval:org.opensuse.security:def:55776	P	Security update for the Linux Kernel (Live Patch 36 for SLE 12 SP2) (Important)	2020-12-07
oval:org.opensuse.security:def:26398	P	Security update for pdns-recursor (Moderate)	2020-12-01
oval:org.opensuse.security:def:26926	P	kdebase3-runtime on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27144	P	gvim on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27812	P	Security update for LibreOffice	2020-12-01
oval:org.opensuse.security:def:54371	P	radvd on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:55502	P	Security update for gdm (Low)	2020-12-01
oval:org.opensuse.security:def:26464	P	Security update for enigmail (Moderate)	2020-12-01
oval:org.opensuse.security:def:27487	P	libssh2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26479	P	Security update for chromium (Important)	2020-12-01
oval:org.opensuse.security:def:26970	P	libsamplerate on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27208	P	libpoppler-glib4 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27851	P	Security update for pam	2020-12-01
oval:org.opensuse.security:def:54372	P	rhythmbox on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:55610	P	Security update for krb5 (Important)	2020-12-01
oval:org.opensuse.security:def:26615	P	mozilla-xulrunner191 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26536	P	dbus-1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27608	P	Security update for fastjar	2020-12-01
oval:org.opensuse.security:def:27336	P	xorg-x11-libs-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27865	P	Security update for Python	2020-12-01
oval:org.opensuse.security:def:54394	P	unixODBC on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:55702	P	Security update for xerces-c (Moderate)	2020-12-01
oval:org.opensuse.security:def:26668	P	apache2-mod_jk on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26620	P	openssh on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27643	P	Security update for libssh2	2020-12-01
oval:org.opensuse.security:def:27418	P	icu on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27909	P	Security update for Xen	2020-12-01
oval:org.opensuse.security:def:54534	P	libasan2-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26717	P	gzip on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26771	P	libvirt on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27475	P	libpulse-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28547	P	Security update for MozillaFirefox	2020-12-01
oval:org.opensuse.security:def:55814	P	Security update for compat-openssl098 (Important)	2020-12-01
oval:org.opensuse.security:def:26756	P	libnewt0_52 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26824	P	sudo on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27559	P	rubygem-i18n-0_6 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28582	P	Security update for libssh2	2020-12-01
oval:org.opensuse.security:def:54945	P	libvirt on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26242	P	Security update for ibus (Important)	2020-12-01
oval:org.opensuse.security:def:26770	P	libtiff3 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26873	P	clamav on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27132	P	ghostscript-fonts-other on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27710	P	Security update for bind	2020-12-01
oval:org.opensuse.security:def:55051	P	ImageMagick on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26323	P	Security update for chromium (Important)	2020-12-01
oval:org.opensuse.security:def:26814	P	qt3 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26270	P	Security update for mariadb-100 (Moderate)	2020-12-01
oval:org.opensuse.security:def:26912	P	gtk2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27133	P	glib2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27763	P	Security update for gdk2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:57245	P	Security update for libssh2	2020-12-01
oval:org.opensuse.security:def:26380	P	Security update for irssi (Moderate)	2020-12-01
oval:org.opensuse.security:def:27452	P	libguestfs-devel on GA media (Moderate)	2020-12-01
oval:org.mitre.oval:def:17868	P	USN-1640-1 -- libssh vulnerabilities	2014-06-30
oval:org.mitre.oval:def:17817	P	DSA-2577-1 libssh - several	2014-06-23
oval:com.ubuntu.precise:def:20124562000	V	CVE-2012-4562 on Ubuntu 12.04 LTS (precise) - medium.	2012-11-30
oval:org.opensuse.security:def:79879	P	Security update for libssh2	2012-11-20

BACK