CVE-2012-4559: Double Free
First published: Tue Oct 30 2012(Updated: )
Florian Weimer of the Red Hat Product Security Team reported several instances of code in libssh where a heap region is deallocated twice, first in the main path and then on the error path. This could crash the process using libssh, or possible allow for the execution of arbitrary code. The identified affected variables are: agent.c:agent_sign_data(): request channels.c:channel_request(): req auth.c:ssh_userauth_pubkey(): user, service, method, algo, pkstr sftp.c:sftp_parse_attr_3(): longname, name sftp.c:sftp_mkdir(): buffer, path keyfiles.c:try_publickey_from_file(): pubkey sftp.c:sftp_mkdir() has been corrected via the following git commit: <a href="http://git.libssh.org/projects/libssh.git/commit/?h=v0-5&id=4d8420f3282ed07fc99fc5e930c17df27ef1e9b2">http://git.libssh.org/projects/libssh.git/commit/?h=v0-5&id=4d8420f3282ed07fc99fc5e930c17df27ef1e9b2</a>
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Libssh Libssh | <=0.5.2 | |
| Libssh Libssh | =0.4.7 | |
| Libssh Libssh | =0.4.8 | |
| Libssh Libssh | =0.5.0 | |
| Libssh Libssh | =0.5.0-rc1 | |
| Libssh Libssh | =0.5.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.fedoraproject.org/pipermail/package-announce/2012-November/093313.html
- http://lists.fedoraproject.org/pipermail/package-announce/2012-November/093474.html
- http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00002.html
- http://lists.opensuse.org/opensuse-updates/2012-12/msg00016.html
- http://lists.opensuse.org/opensuse-updates/2013-01/msg00021.html
- http://www.debian.org/security/2012/dsa-2577
- http://www.libssh.org/2012/11/20/libssh-0-5-3-security-release/
- http://www.mandriva.com/security/advisories?name=MDVSA-2012:175
- http://www.openwall.com/lists/oss-security/2012/11/20/3
- http://www.securityfocus.com/bid/56604
- http://www.ubuntu.com/usn/USN-1640-1
- https://bugzilla.redhat.com/show_bug.cgi?id=871612
- https://exchange.xforce.ibmcloud.com/vulnerabilities/80218
- http://git.libssh.org/projects/libssh.git/commit/?h=v0-5&id=4d8420f3282ed07fc99fc5e930c17df27ef1e9b2
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=644659&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=644659&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=644660&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=644660&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=644661&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=644661&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=644984&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=644984&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=644985&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=644985&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=644986&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=644986&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=878521
- https://access.redhat.com/security/cve/CVE-2012-6063
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6063
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=871612
- https://access.redhat.com/security/cve/CVE-2012-4559
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4559
- collector/nvd-index
- agent/type
- agent/first-publish-date
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2012-4559
- agent/software-canonical-lookup
- agent/severity
- agent/references
- agent/author
- agent/last-modified-date
- agent/weakness
- agent/tags
- agent/description
- agent/event
- vendor/libssh
- canonical/libssh libssh
- version/libssh libssh/0.5.2
- version/libssh libssh/0.4.7
- version/libssh libssh/0.4.8
- version/libssh libssh/0.5.0
- version/libssh libssh/0.5.0-rc1
- version/libssh libssh/0.5.1
- package-manager/redhat