OSV-2021-892

See a problem?
Import Source
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libssh/OSV-2021-892.yaml
JSON Data
https://api.osv.dev/v1/vulns/OSV-2021-892
Published
2021-06-24T00:01:20.018361Z
Modified
2022-04-13T03:04:36.933273Z
Summary
Heap-buffer-overflow in explicit_bzero
Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35485

Crash type: Heap-buffer-overflow WRITE {*}
Crash state:
explicit_bzero
crypto_free
ssh_disconnect
References

Affected packages

OSS-Fuzz / libssh

Package

Name
libssh
Purl
pkg:generic/libssh

Affected ranges

Type
GIT
Repo
https://git.libssh.org/projects/libssh.git
Events
Introduced
ae184db913aef07d2cbfa9605f2af66f4d2365e5
Fixed
f5211239f918acf405d104b200891ca58130e23e
Fixed
76b7e0e9b54bed74f3d9be75583e56960405847d

Ecosystem specific 

{
    "severity": "HIGH"
}

Database specific 

{
    "fixed_range": "fd9fda67f9028dfdad9c73f7bdd9479b8f044e8d:76b7e0e9b54bed74f3d9be75583e56960405847d"
}