Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.Test your applications
2 Oct 2019
13 Mar 2015
How to fix?
There is no fixed version for
libssh2 is a client-side C library implementing the SSH2 protocol.
Affected versions of this package are vulnerable to Improper Input Validation libssh2 is vulnerable to denial of service (DoS) attacks and other attacks.
kex_agree_methods function in libssh2 reads incoming
SSH_MSG_KEXINIT packet data without a proper range checking of length values, thereby allowing remote servers to cause a denial of service by using malicious