MGASA-2020-0216

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2020-0216.html

Import Source

https://advisories.mageia.org/MGASA-2020-0216.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2020-0216

Related

CVE-2017-18594

Published

2020-05-24T18:04:47Z

Modified

2020-05-24T17:23:04Z

Summary

Updated nmap packages fix security vulnerability

Details

Updated nmap packages fix security vulnerability:

nse_libssh2.cc in Nmap 7.70 is subject to a denial of service condition due to a double free when an SSH connection fails, as demonstrated by a leading \n character to ssh-brute.nse or ssh-auth-methods.nse (CVE-2017-18594).

Also, when a server forced a protocol and did not return TLS ALPN extension, this caused an infinite loop.

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:7 / nmap

Package

Name: nmap
Purl: pkg:rpm/mageia/nmap?arch=source&distro=mageia-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.70-2.2.mga7

Ecosystem specific

{
    "section": "core"
}