A vulnerability was found in nse_libssh2.cc in Nmap 7.70 is subject to a denial of service condition due to a double free when an SSH connection fails, as demonstrated by a leading \n character to ssh-brute.nse or ssh-auth-methods.nse.
Created nmap tracking bugs for this issue:
Affects: fedora-all [bug 1749182]
Red Hat Enterprise Linux 8 is shipped with a vulnerable version of nmap sources, however, the libssh2 module is explicitly excluded from compilation, and is thus not affected. A future update may fix the source.
Red Hat Enterprise Linux 7 and older are shipped with nmap-6.40 and older, which do not contain the libssh2 module.