Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/51941?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51941?format=api", "vulnerability_id": "VCID-gpcq-2b5m-tuh4", "summary": "Integer Overflow or Wraparound\nIn libssh2 v1.9.0 versions, the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subsequent memory read. A crafted SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server.", "aliases": [ { "alias": "CVE-2019-17498" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/188226?format=api", "purl": "pkg:alpm/archlinux/libssh2@1.9.0-3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/libssh2@1.9.0-3" }, { "url": "http://public2.vulnerablecode.io/api/packages/103936?format=api", "purl": "pkg:deb/debian/libssh2@1.9.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libssh2@1.9.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/103931?format=api", "purl": "pkg:deb/debian/libssh2@1.9.0-2%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-jhex-w9f8-xucm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libssh2@1.9.0-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/103929?format=api", "purl": "pkg:deb/debian/libssh2@1.10.0-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-jhex-w9f8-xucm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libssh2@1.10.0-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/103933?format=api", "purl": "pkg:deb/debian/libssh2@1.11.1-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-jhex-w9f8-xucm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libssh2@1.11.1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/103932?format=api", "purl": "pkg:deb/debian/libssh2@1.11.1-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libssh2@1.11.1-3%3Fdistro=trixie" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/188225?format=api", "purl": "pkg:alpm/archlinux/libssh2@1.9.0-2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gpcq-2b5m-tuh4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/libssh2@1.9.0-2" }, { "url": "http://public2.vulnerablecode.io/api/packages/52210?format=api", "purl": "pkg:nuget/libssh2-vc141_xp@1.8.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gpcq-2b5m-tuh4" }, { "vulnerability": "VCID-hyw1-xf29-dqg7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/libssh2-vc141_xp@1.8.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/76089?format=api", "purl": "pkg:nuget/libssh2-vc141_xp@1.9.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gpcq-2b5m-tuh4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/libssh2-vc141_xp@1.9.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/143029?format=api", "purl": "pkg:rpm/redhat/libssh2@1.8.0-4?arch=el7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gpcq-2b5m-tuh4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/libssh2@1.8.0-4%3Farch=el7" } ], "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-17498.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-17498.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-17498", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0142", "scoring_system": "epss", "scoring_elements": "0.8093", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-17498" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1766898", "reference_id": "1766898", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1766898" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=943562", "reference_id": "943562", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=943562" }, { "reference_url": "https://security.archlinux.org/AVG-1690", "reference_id": "AVG-1690", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1690" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-17498", "reference_id": "CVE-2019-17498", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-17498" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3915", "reference_id": "RHSA-2020:3915", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3915" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0949", "reference_id": "RHSA-2021:0949", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0949" } ], "weaknesses": [ { "cwe_id": 1035, "name": "OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017." }, { "cwe_id": 190, "name": "Integer Overflow or Wraparound", "description": "The product performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control." }, { "cwe_id": 937, "name": "OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013." }, { "cwe_id": 200, "name": "Exposure of Sensitive Information to an Unauthorized Actor", "description": "The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information." }, { "cwe_id": 400, "name": "Uncontrolled Resource Consumption", "description": "The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources." } ], "exploits": [], "severity_range_score": "4.0 - 6.9", "exploitability": "0.5", "weighted_severity": "6.2", "risk_score": 3.1, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gpcq-2b5m-tuh4" }