Bug 2221791 (CVE-2023-3603) - CVE-2023-3603 libssh: Processing SFTP server read may cause NULL dereference
Summary: CVE-2023-3603 libssh: Processing SFTP server read may cause NULL dereference
Keywords:
Status: CLOSED WONTFIX
Alias: CVE-2023-3603
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Nobody
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: 2221775
TreeView+ depends on / blocked
 
Reported: 2023-07-10 18:40 UTC by Zack Miele
Modified: 2023-07-20 13:15 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: ---
Doc Text:
A missing allocation check in sftp server processing read requests may cause a NULL dereference on low-memory conditions. The malicious client can request up to 4GB SFTP reads, causing allocation of up to 4GB buffers, which was not being checked for failure. This will likely crash the authenticated user's sftp server connection (if implemented as forking as recommended). For thread-based servers, this might also cause DoS for legitimate users. Given this code is not in any released versions, no security releases have been issued.
Clone Of:
Environment:
Last Closed: 2023-07-10 18:42:07 UTC
Embargoed:

Attachments (Terms of Use)

Description Zack Miele 2023-07-10 18:40:46 UTC 
Given this code is not in any released versions, no security release  has
been issued.

Missing allocation check in sftp server processing read requests may
cause NULL dereference on low-memory conditions. The malicious client
can request up to 4GB SFTP reads, causing allocation of up to 4GB buffers,
which is being unchecked for failure.

This will likely crash the authenticated user sftp server's connection
(if implemented as forking as we recommend). For thread-based
servers, this might cause DoS also for legitimate users.
Note You need to log in before you can comment on or make changes to this bug.