CVE-2017-18594 - OpenCVE

nse_libssh2.cc in Nmap 7.70 is subject to a denial of service condition due to a double free when an SSH connection fails, as demonstrated by a leading \n character to ssh-brute.nse or ssh-auth-methods.nse.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Nmap	Nmap

Configuration 1 [-]

cpe:2.3:a:nmap:nmap:7.70:*:*:*:*:*:*:*

References

Link	Resource
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00073.html
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00075.html
https://github.com/AMatchandaHaystack/Research/blob/master/Nmap%26libsshDF	Third Party Advisory
https://github.com/nmap/nmap/commit/350bbe0597d37ad67abe5fef8fba984707b4e9ad	Patch Third Party Advisory
https://github.com/nmap/nmap/issues/1077	Patch Third Party Advisory
https://github.com/nmap/nmap/issues/1227	Exploit Third Party Advisory
https://seclists.org/nmap-announce/2019/0	Mailing List Third Party Advisory
https://seclists.org/nmap-dev/2018/q2/45	Mailing List Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2019-08-28T23:50:22

Updated: 2019-09-26T11:06:10

Reserved: 2019-08-28T00:00:00

Link: CVE-2017-18594

JSON object: View

NVD Information

Status : Modified

Published: 2019-08-29T00:15:10.467

Modified: 2019-09-26T12:15:10.347

Link: CVE-2017-18594

JSON object: View

Redhat Information

No data.

CWE

CWE-415

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "nse_libssh2.cc in Nmap 7.70 is subject to a denial of service condition due to a double free when an SSH connection fails, as demonstrated by a leading \\n character to ssh-brute.nse or ssh-auth-methods.nse."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-09-26T11:06:10", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://seclists.org/nmap-dev/2018/q2/45"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/nmap/nmap/issues/1227"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/nmap/nmap/commit/350bbe0597d37ad67abe5fef8fba984707b4e9ad"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/nmap/nmap/issues/1077"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/AMatchandaHaystack/Research/blob/master/Nmap%26libsshDF"}, {"tags": ["x_refsource_MISC"], "url": "https://seclists.org/nmap-announce/2019/0"}, {"name": "openSUSE-SU-2019:2198", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00073.html"}, {"name": "openSUSE-SU-2019:2200", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00075.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-18594", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "nse_libssh2.cc in Nmap 7.70 is subject to a denial of service condition due to a double free when an SSH connection fails, as demonstrated by a leading \\n character to ssh-brute.nse or ssh-auth-methods.nse."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://seclists.org/nmap-dev/2018/q2/45", "refsource": "MISC", "url": "https://seclists.org/nmap-dev/2018/q2/45"}, {"name": "https://github.com/nmap/nmap/issues/1227", "refsource": "MISC", "url": "https://github.com/nmap/nmap/issues/1227"}, {"name": "https://github.com/nmap/nmap/commit/350bbe0597d37ad67abe5fef8fba984707b4e9ad", "refsource": "MISC", "url": "https://github.com/nmap/nmap/commit/350bbe0597d37ad67abe5fef8fba984707b4e9ad"}, {"name": "https://github.com/nmap/nmap/issues/1077", "refsource": "MISC", "url": "https://github.com/nmap/nmap/issues/1077"}, {"name": "https://github.com/AMatchandaHaystack/Research/blob/master/Nmap%26libsshDF", "refsource": "MISC", "url": "https://github.com/AMatchandaHaystack/Research/blob/master/Nmap%26libsshDF"}, {"name": "https://seclists.org/nmap-announce/2019/0", "refsource": "MISC", "url": "https://seclists.org/nmap-announce/2019/0"}, {"name": "openSUSE-SU-2019:2198", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00073.html"}, {"name": "openSUSE-SU-2019:2200", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00075.html"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-18594", "datePublished": "2019-08-28T23:50:22", "dateReserved": "2019-08-28T00:00:00", "dateUpdated": "2019-09-26T11:06:10", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:nmap:nmap:7.70:*:*:*:*:*:*:*", "matchCriteriaId": "3F2B2815-27CD-4A22-9394-332073CF9970", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "nse_libssh2.cc in Nmap 7.70 is subject to a denial of service condition due to a double free when an SSH connection fails, as demonstrated by a leading \\n character to ssh-brute.nse or ssh-auth-methods.nse."}, {"lang": "es", "value": "nse_libssh2.cc en Nmap 7.70 est\u00e1 sujeto a una condici\u00f3n de denegaci\u00f3n de servicio debido a una doble liberaci\u00f3n cuando se produce un error en una conexi\u00f3n SSH, como lo demuestra un car\u00e1cter principal de .n a ssh-brute.nse o ssh-auth-methods.nse."}], "id": "CVE-2017-18594", "lastModified": "2019-09-26T12:15:10.347", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-08-29T00:15:10.467", "references": [{"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00073.html"}, {"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00075.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://github.com/AMatchandaHaystack/Research/blob/master/Nmap%26libsshDF"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/nmap/nmap/commit/350bbe0597d37ad67abe5fef8fba984707b4e9ad"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/nmap/nmap/issues/1077"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/nmap/nmap/issues/1227"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://seclists.org/nmap-announce/2019/0"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://seclists.org/nmap-dev/2018/q2/45"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-415"}], "source": "nvd@nist.gov", "type": "Primary"}]}