Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 711308 (CVE-2017-18594) - <net-analyzer/nmap-7.80: denial of service condition due to a double free when SSH connection fails (CVE-2017-18594)
Summary: <net-analyzer/nmap-7.80: denial of service condition due to a double free whe...
Alias: CVE-2017-18594
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
Whiteboard: B3 [noglsa cve]
Depends on:
Reported: 2020-03-02 11:37 UTC by Sam James (sec padawan)
Modified: 2020-03-25 19:16 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---
stable-bot: sanity-check+


Note You need to log in before you can comment on or make changes to this bug.
Description Sam James (sec padawan) 2020-03-02 11:37:44 UTC
" in Nmap 7.70 is subject to a denial of service condition due to a double free when an SSH connection fails, as demonstrated by a leading \n character to ssh-brute.nse or ssh-auth-methods.nse."

Comment 1 Agostino Sarubbo gentoo-dev 2020-03-15 18:26:30 UTC
amd64 stable
Comment 2 Agostino Sarubbo gentoo-dev 2020-03-15 18:28:04 UTC
arm stable
Comment 3 Agostino Sarubbo gentoo-dev 2020-03-15 18:29:28 UTC
ia64 stable
Comment 4 Agostino Sarubbo gentoo-dev 2020-03-15 18:32:10 UTC
ppc stable
Comment 5 Agostino Sarubbo gentoo-dev 2020-03-15 18:34:49 UTC
ppc64 stable
Comment 6 Agostino Sarubbo gentoo-dev 2020-03-15 18:37:10 UTC
sparc stable
Comment 7 Agostino Sarubbo gentoo-dev 2020-03-15 18:43:32 UTC
x86 stable
Comment 8 Rolf Eike Beer 2020-03-17 18:29:25 UTC
hppa stable
Comment 9 Sam James (sec padawan) 2020-03-18 15:41:05 UTC
@maintainer(s), please cleanup!
Comment 10 Larry the Git Cow gentoo-dev 2020-03-25 19:15:32 UTC
The bug has been referenced in the following commit(s):

commit 2a61b415291233346e34da87702c2c3c292d3bdf
Author:     Thomas Deutschmann <>
AuthorDate: 2020-03-25 19:15:14 +0000
Commit:     Thomas Deutschmann <>
CommitDate: 2020-03-25 19:15:14 +0000

    net-analyzer/nmap: security cleanup (bug #711308)
    Package-Manager: Portage-2.3.94, Repoman-2.3.21
    Signed-off-by: Thomas Deutschmann <>

 net-analyzer/nmap/Manifest            |   1 -
 net-analyzer/nmap/nmap-7.70-r1.ebuild | 195 ----------------------------------
 2 files changed, 196 deletions(-)
Comment 11 Thomas Deutschmann gentoo-dev Security 2020-03-25 19:16:07 UTC
GLSA Vote: No

Repository is clean, all done!