A vulnerability was found in nse_libssh2.cc in Nmap 7.70 is subject to a denial of service condition due to a double free when an SSH connection fails, as demonstrated by a leading \n character to ssh-brute.nse or ssh-auth-methods.nse. Reference: https://github.com/nmap/nmap/issues/1227 https://github.com/nmap/nmap/issues/1077 https://seclists.org/nmap-dev/2018/q2/45 https://github.com/AMatchandaHaystack/Research/blob/master/Nmap%26libsshDF https://github.com/nmap/nmap/commit/350bbe0597d37ad67abe5fef8fba984707b4e9ad https://seclists.org/nmap-announce/2019/0
Created nmap tracking bugs for this issue: Affects: fedora-all [bug 1749182]
Statement: Red Hat Enterprise Linux 8 is shipped with a vulnerable version of nmap sources, however, the libssh2 module is explicitly excluded from compilation, and is thus not affected. A future update may fix the source. Red Hat Enterprise Linux 7 and older are shipped with nmap-6.40 and older, which do not contain the libssh2 module.