830
VMScore

CVE-2019-3855

Published: 21/03/2019 Updated: 15/10/2020
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 830
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Summary

An integer overflow flaw which could lead to an out of bounds write exists in libssh2 prior to 1.8.1 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.

Vulnerability Trend

Vendor Advisories

Synopsis Important: libssh2 security update Type/Severity Security Advisory: Important Topic An update for libssh2 is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, ...
Synopsis Important: libssh2 security update Type/Severity Security Advisory: Important Topic An update for libssh2 is now available for Red Hat Enterprise Linux 75 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring ...
Synopsis Important: libssh2 security update Type/Severity Security Advisory: Important Topic An update for libssh2 is now available for Red Hat Enterprise Linux 73 Advanced Update Support, Red Hat Enterprise Linux 73 Telco Extended Update Support, and Red Hat Enterprise Linux 73 Update Services for SAP S ...
Synopsis Important: libssh2 security update Type/Severity Security Advisory: Important Topic An update for libssh2 is now available for Red Hat Enterprise Linux 74 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring ...
Synopsis Important: libssh2 security update Type/Severity Security Advisory: Important Topic An update for libssh2 is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, ...
Debian Bug report logs - #932329 libssh2: CVE-2019-13115 Package: src:libssh2; Maintainer for src:libssh2 is Mikhail Gusarov <dottedmag@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 17 Jul 2019 19:24:02 UTC Severity: important Tags: security, upstream Found in version libssh2/180-2 ...
Synopsis Important: virt:rhel security update Type/Severity Security Advisory: Important Topic An update for the virt:rhel module is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CV ...
A out-of-bounds write has been found in libssh2 before 181, where a malicious server could send a specially crafted packet which could result in an unchecked integer overflow The value would then be used to allocate memory causing a possible memory write out of bounds error ...
About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available Recent releases are listed on the Apple security updates page Apple security documents reference vulnerabilities by CVE-ID when possible ...
An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 in the way packets are read from the server A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server(CVE-2019-3855 ) An integer overflow flaw which could lead to an out of bounds w ...
Debian Bug report logs - #924965 libssh2: CVE-2019-3855 CVE-2019-3856 CVE-2019-3857 CVE-2019-3858 CVE-2019-3859 CVE-2019-3860 CVE-2019-3861 CVE-2019-3862 CVE-2019-3863 Package: src:libssh2; Maintainer for src:libssh2 is Mikhail Gusarov <dottedmag@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: ...
IBM has announced a release for IBM Security Identity Governance and Intelligence (IGI) in response to address multiple security vulnerabilities The libssh2 packages that implement the SSH2 protocol is affected by four vulnerabilities ...
Chris Coulson discovered several vulnerabilities in libssh2, a SSH2 client-side library, which could result in denial of service, information leaks or the execution of arbitrary code For the stable distribution (stretch), these problems have been fixed in version 170-1+deb9u1 We recommend that you upgrade your libssh2 packages For the detailed ...
Arch Linux Security Advisory ASA-201903-13 ========================================== Severity: Critical Date : 2019-03-20 CVE-ID : CVE-2019-3855 CVE-2019-3856 CVE-2019-3857 CVE-2019-3858 CVE-2019-3859 CVE-2019-3860 CVE-2019-3861 CVE-2019-3862 CVE-2019-3863 Package : libssh2 Type : multiple issues Remote : Yes Link : ...
PowerKVM is affected by vulnerabilities in libssh2 IBM has now addressed these vulnerabilities ...
Oracle VM Server for x86 Bulletin - July 2019 Description The Oracle VM Server for x86 Bulletin lists all CVEs that had been resolved and announced in Oracle VM Server for x86 Security Advisories (OVMSA) in the last one month prior to the release of the bulletin Oracle VM Server for x86 Bulletins are publis ...
An integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 in the way keyboard prompt requests are parsed A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server(CVE-2019-3856 ) An integer overflow flaw which could lead to an out of bou ...
Oracle Linux Bulletin - April 2019 Description The Oracle Linux Bulletin lists all CVEs that had been resolved and announced in Oracle Linux Security Advisories (ELSA) in the last one month prior to the release of the bulletin Oracle Linux Bulletins are published on the same day as Oracle Critical Patch Updates are release ...
Oracle Linux Bulletin - July 2019 Description The Oracle Linux Bulletin lists all CVEs that had been resolved and announced in Oracle Linux Security Advisories (ELSA) in the last one month prior to the release of the bulletin Oracle Linux Bulletins are published on the same day as Oracle Critical Pa ...
Summary libssh2 is a client-side C library implementing the SSH2 protocol  It supports regular terminal, SCP and SFTP sessions; port forwarding, X11 forwarding; password, key-based and keyboard-interactive authentication Libssh2 releases security update for nine vulenrabilities on March 18, 2019 CVE-2019-3855: Possible integer overflow in ...
Multiple integer overflow and out of bounds read/write vulnerabilities in the SSL VPN web-mode SSH client may allow an unauthenticated attacker to cause the SSL VPN user session to break (Denial of service) and possibly to run arbitrary code via specially crafted packets sent from a malicious SSH server This concerns the following CVEs on a preca ...
AT&T has released versions 1801-z for the Vyatta 5600 Details of these releases can be found at cloudibmcom/docs/infrastructure/virtual-router-appliance?topic=virtual-router-appliance-at-t-vyatta-5600-vrouter-software-patches#at-t-vyatta-5600-vrouter-software-patches ...
IBM Security Access Manager Appliance has addressed the following vulnerabilities ...

Mailing Lists

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2019-9-26-7 Xcode 110 Xcode 110 addresses the following: IDE SCM Available for: macOS Mojave 10144 and later Impact: Multiple issues in libssh2 Description: Multiple issues were addressed by updating to version 216 CVE-2019-3855: Chris Coulson ld64 Available for: macOS Mojave 1014 ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] libssh2 (SSA:2019-077-01) New libssh2 packages are available for Slackware 142 and -current to fix security issues Here are the details from the Slackware 142 ChangeLog: +--------------------------+ patches/packages/libssh2-181-i586-1_slack142txz: Upgraded Fixed seve ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2019-9-26-7 Xcode 110 Xcode 110 addresses the following: IDE SCM Available for: macOS Mojave 10144 and later Impact: Multiple issues in libssh2 Description: Multiple issues were addressed by updating to version 216 CVE-2019-3855: Chris Coulson ld64 Available for: macOS Mojave 1014 ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4431-1 security () debian org wwwdebianorg/security/ Salvatore Bonaccorso April 13, 2019 wwwdebianorg/security/faq ...
Hello! CVE-2019-3855 Possible integer overflow in transport read allows out-of-bounds write URL: wwwlibssh2org/CVE-2019-3855html Patch: libssh2org/180-CVE/CVE-2019-3855patch CVE-2019-3856 Possible integer overflow in keyboard interactive handling allows out-of-bounds write URL: wwwlibssh2org/CVE-2019-385 ...

Github Repositories

A Simple and Comprehensive Vulnerability Scanner for Containers, Suitable for CI for Web

TrivyWeb A Simple and Comprehensive Vulnerability Scanner for Containers, Suitable for CI for Web TrivyWeb use python django framework TOC Installation RHEL/CentOS Debian/Ubuntu Mac OS X / Homebrew Binary (Including Windows) From source Examples Scan an image Scan an image file Save the results as JSON Filter the vulnerabilities by severities Filter the vulnerabilities b

A Simple and Comprehensive Vulnerability Scanner for Containers and other Artifacts, Suitable for CI Table of Contents Abstract Features Installation RHEL/CentOS Debian/Ubuntu Arch Linux Homebrew Install Script Binary From source Quick Start Image Basic Docker Filesystem Embed in Dockerfile Git Repository Examples Standalone Scan an image Scan an image file Scan

A Simple and Comprehensive Vulnerability Scanner for Containers, Suitable for CI Table of Contents Abstract Features Installation RHEL/CentOS Debian/Ubuntu Arch Linux Mac OS X / Homebrew Binary From source Quick Start Basic Docker Examples Standalone Scan an image Scan an image file Scan an OCI image Save the results as JSON Save the results using a template Filter

A Simple and Comprehensive Vulnerability Scanner for Containers, Suitable for CI

A Simple and Comprehensive Vulnerability Scanner for Containers and other Artifacts, Suitable for CI Table of Contents Abstract Features Installation RHEL/CentOS Debian/Ubuntu Arch Linux Homebrew Install Script Binary From source Quick Start Image Basic Docker Filesystem Embed in Dockerfile Git Repository Examples Standalone Scan an image Scan an image file Scan

A Simple and Comprehensive Vulnerability Scanner for Containers, Suitable for CI

A Simple and Comprehensive Vulnerability Scanner for Containers and other Artifacts, Suitable for CI Table of Contents Abstract Features Installation RHEL/CentOS Debian/Ubuntu Arch Linux Homebrew Install Script Binary From source Quick Start Image Basic Docker Filesystem Embed in Dockerfile Git Repository Examples Standalone Scan an image Scan an image file Scan

PoC in GitHub 2020 CVE-2020-0014 It is possible for a malicious application to construct a TYPE_TOAST window manually and make that window clickable This could lead to a local escalation of privilege with no additional execution privileges needed User action is needed for exploitationProduct: AndroidVersions: Android-80 Android-81 Android-9 Android-10Android ID: A-1286745

PoC auto collect from GitHub.

PoC in GitHub 2020 CVE-2020-0022 In reassemble_and_dispatch of packet_fragmentercc, there is possible out of bounds write due to an incorrect bounds calculation This could lead to remote code execution over Bluetooth with no additional execution privileges needed User interaction is not needed for exploitationProduct: AndroidVersions: Android-80 Android-81 Android-9 Andr

References

CWE-787CWE-190http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.htmlhttp://packetstormsecurity.com/files/152136/Slackware-Security-Advisory-libssh2-Updates.htmlhttp://seclists.org/fulldisclosure/2019/Sep/42http://www.openwall.com/lists/oss-security/2019/03/18/3http://www.securityfocus.com/bid/107485https://access.redhat.com/errata/RHSA-2019:0679https://access.redhat.com/errata/RHSA-2019:1175https://access.redhat.com/errata/RHSA-2019:1652https://access.redhat.com/errata/RHSA-2019:1791https://access.redhat.com/errata/RHSA-2019:1943https://access.redhat.com/errata/RHSA-2019:2399https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3855https://lists.debian.org/debian-lts-announce/2019/03/msg00032.htmlhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6LUNHPW64IGCASZ4JQ2J5KDXNZN53DWW/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M7IF3LNHOA75O4WZWIHJLIRMA5LJUED3/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XCWEA5ZCLKRDUK62QVVYMFWLWKOPX3LO/https://seclists.org/bugtraq/2019/Apr/25https://seclists.org/bugtraq/2019/Mar/25https://seclists.org/bugtraq/2019/Sep/49https://security.netapp.com/advisory/ntap-20190327-0005/https://support.apple.com/kb/HT210609https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-767https://www.debian.org/security/2019/dsa-4431https://www.libssh2.org/CVE-2019-3855.htmlhttps://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.htmlhttps://www.rapid7.com/db/vulnerabilities/alpine-linux-cve-2019-3862https://nvd.nist.govhttps://github.com/KorayAgaya/TrivyWeb