libssh2: integer overflow (CVE-2019-17498)
An integer overflow vulnerability exists in libssh2 version 1.9.0 and earlier.
The vulnerability is an out-of-bounds read, potentially leading to either denial of service or remote information disclosure. It is triggered when libssh2 is used to connect to a malicious SSH server. The overflow occurs when the SSH server sends a disconnect message, which means that the vulnerability can be triggered early in the connection process, before authentication is completed.