USN-6371-1: libssh2 vulnerability
Published Sep 14, 2023
·Updated
It was discovered that libssh2 incorrectly handled memory access. An attacker could possibly use this issue to cause a crash.
Affected Software
8 affected componentsFixes available
All of the following
ubuntu/libssh2-1<1.8.0-2.1ubuntu0.1
1.8.0-2.1ubuntu0.1
Ubuntu Ubuntu=20.04
All of the following
ubuntu/libssh2-1<1.8.0-1ubuntu0.1
1.8.0-1ubuntu0.1
Ubuntu Ubuntu=18.04
All of the following
ubuntu/libssh2-1<1.5.0-2ubuntu0.1+esm2
1.5.0-2ubuntu0.1+esm2
Ubuntu Ubuntu=16.04
All of the following
ubuntu/libssh2-1<1.4.3-2ubuntu0.2+esm3
1.4.3-2ubuntu0.2+esm3
Ubuntu Ubuntu=14.04
Event History
Sep 14, 2023
Advisory Published
via Ubuntu·12:00 AM
Frequently Asked Questions
1
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2020-22218.
2
What software is affected by this vulnerability?
The affected software is libssh2-1 on Ubuntu versions 20.04, 18.04, 16.04, and 14.04.
3
How severe is this vulnerability?
The severity of this vulnerability is not specified.
4
How can I fix this vulnerability?
To fix this vulnerability, update libssh2-1 package to version 1.8.0-2.1ubuntu0.1 (for Ubuntu 20.04), 1.8.0-1ubuntu0.1 (for Ubuntu 18.04), 1.5.0-2ubuntu0.1+esm2 (for Ubuntu 16.04), or 1.4.3-2ubuntu0.2+esm3 (for Ubuntu 14.04).