CVE-2017-18594
UnknownEPSS 3.16%
Last modified
CVE-2017-18594 is a vulnerability of currently unknown severity. nse_libssh2.cc in Nmap 7.70 is subject to a denial of service condition due to a double free when an SSH connection fails, as demonstrated by a leading \n character to ssh-brute.nse or ssh-auth-methods.nse.. EPSS estimates a 3.16% chance of exploitation in the next 30 days.
Description
nse_libssh2.cc in Nmap 7.70 is subject to a denial of service condition due to a double free when an SSH connection fails, as demonstrated by a leading \n character to ssh-brute.nse or ssh-auth-methods.nse.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Nmap | Nmap | 7.70 |
References
- https://github.com/AMatchandaHaystack/Research/blob/master/Nmap%26libsshDFThird Party Advisory
- https://github.com/nmap/nmap/commit/350bbe0597d37ad67abe5fef8fba984707b4e9adPatch, Third Party Advisory
- https://github.com/nmap/nmap/issues/1077Patch, Third Party Advisory
- https://github.com/nmap/nmap/issues/1227Exploit, Third Party Advisory
- https://seclists.org/nmap-announce/2019/0Mailing List, Third Party Advisory
- https://seclists.org/nmap-dev/2018/q2/45Mailing List, Third Party Advisory
- https://github.com/AMatchandaHaystack/Research/blob/master/Nmap%26libsshDFThird Party Advisory
- https://github.com/nmap/nmap/commit/350bbe0597d37ad67abe5fef8fba984707b4e9adPatch, Third Party Advisory
- https://github.com/nmap/nmap/issues/1077Patch, Third Party Advisory
- https://github.com/nmap/nmap/issues/1227Exploit, Third Party Advisory
- https://seclists.org/nmap-announce/2019/0Mailing List, Third Party Advisory
- https://seclists.org/nmap-dev/2018/q2/45Mailing List, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2017-18594?
nse_libssh2.cc in Nmap 7.70 is subject to a denial of service condition due to a double free when an SSH connection fails, as demonstrated by a leading \n character to ssh-brute.nse or ssh-auth-methods.nse.
How severe is CVE-2017-18594?
Severity scoring for CVE-2017-18594 is pending analysis. The EPSS model estimates a 3.16% probability of exploitation in the next 30 days.
How do I fix CVE-2017-18594?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.
Are you affected by CVE-2017-18594?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST