This vulnerability has now been assigned CVE-2019-13115.

Author: kevinbackhouse

libssh2/out_of_bounds_read_kex/README.md …bounds_read_kex_CVE-2019-13115/README.mdlibssh2/out_of_bounds_read_kex/README.md renamed to libssh2/out_of_bounds_read_kex_CVE-2019-13115/README.md libssh2/out_of_bounds_read_kex/README.md renamed to libssh2/out_of_bounds_read_kex_CVE-2019-13115/README.md

@@ -1,6 +1,6 @@
-# Out-of-bounds read in libssh2
+# Out-of-bounds read in libssh2 (CVE-2019-13115)
 
-[libssh2](https://www.libssh2.org/) version 1.8.2 contains a remotely triggerable out-of-bounds read, potentially leading to information disclosure. I reported this bug to libssh2-security@haxx.se on 2019-03-28. It is fixed in version [1.9.0](https://www.libssh2.org/changes.html), released on 2018-06-20. They did not acknowledge Semmle in the change notes and did not apply for a CVE.
+[libssh2](https://www.libssh2.org/) version 1.8.2 contains a remotely triggerable out-of-bounds read, potentially leading to information disclosure. I reported this bug to libssh2-security@haxx.se on 2019-03-28. It is fixed in version [1.9.0](https://www.libssh2.org/changes.html), released on 2018-06-20.
 
 This directory contains a proof of concept exploit for the vulnerability. It uses [docker](https://www.docker.com/) to simulate two computers. The first is a server, running [openssh](https://www.openssh.com/) with some malicious source code modifications. The second is a client, running `libssh2`. When the client attempts to connect to server, the server sends back a malicious response which triggers a segmentation fault in the client.