Published: 16/07/2019 Updated: 07/11/2023

CVSS v2 Base Score: 5.8 | Impact Score: 4.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 8.1 | Impact Score: 5.2 | Exploitability Score: 2.8

VMScore: 517

Vector: AV:N/AC:M/Au:N/C:P/I:N/A:P

In libssh2 prior to 1.9.0, kex_method_diffie_hellman_group_exchange_sha256_key_exchange in kex.c has an integer overflow that could lead to an out-of-bounds read in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server. This is related to an _libssh2_check_length mistake, and is different from the various issues fixed in 1.8.1, such as CVE-2019-3855.

Vulnerable Product	Search on Vulmon	Subscribe to Product
libssh2 libssh2
debian debian linux 8.0
debian debian linux 9.0
fedoraproject fedora 29
fedoraproject fedora 30
netapp cloud backup -
netapp ontap select deploy administration utility -
netapp e-series santricity os controller
f5 traffix systems signaling delivery controller

Debian Bug report logs - #932329 libssh2: CVE-2019-13115 Package: src:libssh2; Maintainer for src:libssh2 is Mikhail Gusarov <dottedmag@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 17 Jul 2019 19:24:02 UTC Severity: important Tags: security, upstream Found in version libssh2/180-2 ...

Impact: Moderate Public Date: 2019-07-16 CWE: CWE-190->CWE-787 Bugzilla: 1731324: CVE-2019-13115 lib ...

Create an exploit to libssh2 vulnerabulity described in CVE-2019-13115

libssh2-Exploit Create an exploit to libssh2 vulnerabulity described in CVE-2019-13115 Goals Establish an openssh server // Complete by Oct 20 Create a libssh2 cpp client and establish connectivity to server // Complete by Oct 20 Modify the server to trigger a crash in client // Complete by Oct 31 Modify the server to retrieve sensitive data from client // Complete by Oct

Create an exploit to libssh2 vulnerabulity described in CVE-2019-13115

Libssh2-Exploit Goals In this project, we aim to create an exploit to an out of bounds read vulnerabulity in libssh2 described in CVE-2019-13115 Create a malicious ssh server to cause a client connecting to it to crash and see if this can be exploited further to steal data from the client Getting the OpenSSH Server Running Download and extract openssh-81p1targz(for unedit

CWE-125 CWE-190 https://github.com/libssh2/libssh2/pull/350 https://blog.semmle.com/libssh2-integer-overflow/https://github.com/libssh2/libssh2/compare/02ecf17...42d37aa https://libssh2.org/changes.html https://lists.debian.org/debian-lts-announce/2019/07/msg00024.html https://security.netapp.com/advisory/ntap-20190806-0002/https://support.f5.com/csp/article/K13322484 https://lists.debian.org/debian-lts-announce/2021/12/msg00013.html http://packetstormsecurity.com/files/172834/libssh2-1.8.2-Out-Of-Bounds-Read.html https://lists.debian.org/debian-lts-announce/2023/09/msg00006.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6LUNHPW64IGCASZ4JQ2J5KDXNZN53DWW/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M7IF3LNHOA75O4WZWIHJLIRMA5LJUED3/https://support.f5.com/csp/article/K13322484?utm_source=f5support&%3Butm_medium=RSS https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932329 https://nvd.nist.gov https://github.com/CSSProject/libssh2-Exploit https://access.redhat.com/security/cve/cve-2019-13115

CVE-2019-13115

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect