CVE-2017-18594
- Source
- https://cve.org/CVERecord?id=CVE-2017-18594
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-18594.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2017-18594
- Downstream
- Related
- Published
- 2019-08-29T00:15:10.467Z
- Modified
- 2026-02-04T15:11:06.368635Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
nse_libssh2.cc in Nmap 7.70 is subject to a denial of service condition due to a double free when an SSH connection fails, as demonstrated by a leading \n character to ssh-brute.nse or ssh-auth-methods.nse.
- References
-
- http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00073.html
- http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00075.html
- https://github.com/AMatchandaHaystack/Research/blob/master/Nmap%26libsshDF
- https://github.com/nmap/nmap/commit/350bbe0597d37ad67abe5fef8fba984707b4e9ad
- https://github.com/nmap/nmap/issues/1077
- https://github.com/nmap/nmap/issues/1227
- https://seclists.org/nmap-announce/2019/0
- https://seclists.org/nmap-dev/2018/q2/45
- https://github.com/nmap/nmap/commit/350bbe0597d37ad67abe5fef8fba984707b4e9ad
- https://github.com/nmap/nmap/issues/1077
- https://seclists.org/nmap-announce/2019/0
- https://seclists.org/nmap-dev/2018/q2/45
- https://github.com/nmap/nmap/issues/1227
Affected packages
Git / github.com/nmap/nmap
Affected ranges
- Type
- GIT
- Repo
- https://github.com/nmap/nmap
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Database specific
vanir_signatures
[
{
"target": {
"file": "nse_libssh2.cc",
"function": "do_session_handshake"
},
"id": "CVE-2017-18594-884d6df0",
"source": "https://github.com/nmap/nmap/commit/350bbe0597d37ad67abe5fef8fba984707b4e9ad",
"digest": {
"length": 602.0,
"function_hash": "181885123553807210789057297674015574442"
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function"
},
{
"target": {
"file": "nse_libssh2.cc"
},
"id": "CVE-2017-18594-eec30225",
"source": "https://github.com/nmap/nmap/commit/350bbe0597d37ad67abe5fef8fba984707b4e9ad",
"digest": {
"threshold": 0.9,
"line_hashes": [
"89047191141271898078379186729701011087",
"288418200066937758181363772380073444813",
"197504247299643829413881507450264840980",
"45853858347866020060594260890860214833",
"230612446715307993172166006795828895723",
"198393754361702321352110806437967051769",
"253764268990083538657657834154227694516",
"49832567131233925307305766627838607310",
"55587154207647647599364397019466709572",
"157468943989143697765082448397421470797",
"301199915657737667528034694382631924465"
]
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Line"
}
]
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-18594.json"