Vulmon Recent Vulnerabilities Trends About Contact
6.4
CVSSv2

CVE-2019-3859

Published: 21/03/2019 Updated: 25/07/2019
CVSS v2 Base Score: 6.4 | Impact Score: 4.9 | Exploitability Score: 10
CVSS v3 Base Score: 9.1 | Impact Score: 5.2 | Exploitability Score: 3.9
VMScore: 571
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:P
Subscribe to Libssh2

Vulnerability Summary

An out of bounds read flaw exists in libssh2 prior to 1.8.1 in the _libssh2_packet_require and _libssh2_packet_requirev functions. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.

Vulnerability Trend

Affected Products

Vendor Product Versions
Libssh2Libssh20.1, 0.3, 0.5, 0.6, 0.7, 0.8, 0.10, 0.11, 0.12, 0.13, 0.14, 0.15, 0.16, 0.17, 0.18, 1.0, 1.1, 1.2, 1.2.1, 1.2.2, 1.2.3, 1.2.4, 1.2.5, 1.2.6, 1.2.7, 1.2.8, 1.2.9, 1.3.0, 1.4.0, 1.4.1, 1.4.2, 1.4.3, 1.5.0, 1.6.0, 1.7.0, 1.8.0
NetappOntap Select Deploy Administration Utility-
DebianDebian Linux8.0, 9.0
FedoraprojectFedora28, 29
OpensuseLeap15.0, 42.3

Vendor Advisories

Arch Linux Issues:
An issue has been found in libssh2 before 181 where a server could send a specially crafted partial packet in response to various commands such as: sha1 and sha226 key exchange, user auth list, user auth password response, public key auth response, channel startup/open/forward/ setenv/request pty/x11 and session start up The result would be a me ...
Debian CVElist Bug Report Logs: libssh2: CVE-2019-3855 CVE-2019-3856 CVE-2019-3857 CVE-2019-3858 CVE-2019-3859 CVE-2019-3860 CVE-2019-3861 CVE-2019-3862 CVE-2019-3863
Debian Bug report logs - #924965 libssh2: CVE-2019-3855 CVE-2019-3856 CVE-2019-3857 CVE-2019-3858 CVE-2019-3859 CVE-2019-3860 CVE-2019-3861 CVE-2019-3862 CVE-2019-3863 Package: src:libssh2; Maintainer for src:libssh2 is Mikhail Gusarov <dottedmag@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: ...
Debian Security Advisories: DSA-4431-1 libssh2 -- security update
Chris Coulson discovered several vulnerabilities in libssh2, a SSH2 client-side library, which could result in denial of service, information leaks or the execution of arbitrary code For the stable distribution (stretch), these problems have been fixed in version 170-1+deb9u1 We recommend that you upgrade your libssh2 packages For the detailed ...
Arch Linux Advisories: [ASA-201903-13] libssh2: multiple issues
Arch Linux Security Advisory ASA-201903-13 ========================================== Severity: Critical Date : 2019-03-20 CVE-ID : CVE-2019-3855 CVE-2019-3856 CVE-2019-3857 CVE-2019-3858 CVE-2019-3859 CVE-2019-3860 CVE-2019-3861 CVE-2019-3862 CVE-2019-3863 Package : libssh2 Type : multiple issues Remote : Yes Link : ...
Brocade Security Advisories: BSA-2019-767
Summary libssh2 is a client-side C library implementing the SSH2 protocol  It supports regular terminal, SCP and SFTP sessions; port forwarding, X11 forwarding; password, key-based and keyboard-interactive authentication Libssh2 releases security update for nine vulenrabilities on March 18, 2019 CVE-2019-3855: Possible integer overflow in ...
IBM: IBM Security Bulletin: Vyatta 5600 vRouter Software Patches – Release 1801-z
AT&T has released versions 1801-z for the Vyatta 5600 Details of these releases can be found at cloudibmcom/docs/infrastructure/virtual-router-appliance?topic=virtual-router-appliance-at-t-vyatta-5600-vrouter-software-patches#at-t-vyatta-5600-vrouter-software-patches ...
Fortinet Security Advisories: libssh2 integer overflow and out of bounds read/write vulnerabilities
Multiple integer overflow and out of bounds read/write vulnerabilities in the SSL VPN web-mode SSH client may allow an unauthenticated attacker to cause the SSL VPN user session to break (Denial of service) and possibly to run arbitrary code via specially crafted packets sent from a malicious SSH server This concerns the following CVEs on a preca ...

Mailing Lists

Bugtraq: [slackware-security] libssh2 (SSA:2019-077-01)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] libssh2 (SSA:2019-077-01) New libssh2 packages are available for Slackware 142 and -current to fix security issues Here are the details from the Slackware 142 ChangeLog: +--------------------------+ patches/packages/libssh2-181-i586-1_slack142txz: Upgraded Fixed seve ...
Bugtraq: [SECURITY] [DSA 4431-1] libssh2 security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4431-1 security () debian org wwwdebianorg/security/ Salvatore Bonaccorso April 13, 2019 wwwdebianorg/security/faq ...
Full Disclosure: [SECURITY ADVISORIES] libssh2
Hello! CVE-2019-3855 Possible integer overflow in transport read allows out-of-bounds write URL: wwwlibssh2org/CVE-2019-3855html Patch: libssh2org/180-CVE/CVE-2019-3855patch CVE-2019-3856 Possible integer overflow in keyboard interactive handling allows out-of-bounds write URL: wwwlibssh2org/CVE-2019-385 ...

Github Repositories

TrivyWeb

TrivyWeb A Simple and Comprehensive Vulnerability Scanner for Containers, Suitable for CI for Web TOC Installation RHEL/CentOS Debian/Ubuntu Mac OS X / Homebrew Binary (Including Windows) From source Examples Scan an image Scan an image file Save the results as JSON Filter the vulnerabilities by severities Filter the vulnerabilities by type Skip an update of vulnerability

trivy

A Simple and Comprehensive Vulnerability Scanner for Containers, Suitable for CI TOC Abstract Features Installation RHEL/CentOS Debian/Ubuntu Arch Linux Mac OS X / Homebrew Binary (Including Windows) From source Quick Start Basic Docker Examples Scan an image Scan an image file Save the results as JSON Filter the vulnerabilities by severities Filter the vulnerabiliti

trivy

No description, website, or topics provided.

trivy

A Simple and Comprehensive Vulnerability Scanner for Containers, Suitable for CI Accuracy Comparison The number of vulnerabilities detected on Alpine Linux (as of 2019/05/12) See Comparison with other scanners for details TOC Abstract Features Installation RHEL/CentOS Debian/Ubuntu Mac OS X / Homebrew Binary (Including Windows) From source Quick Start Basic Docker E

References

CWE-125http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-04/msg00102.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-04/msg00103.htmlhttp://packetstormsecurity.com/files/152136/Slackware-Security-Advisory-libssh2-Updates.htmlhttp://www.openwall.com/lists/oss-security/2019/03/18/3http://www.securityfocus.com/bid/107485https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3859https://lists.debian.org/debian-lts-announce/2019/03/msg00032.htmlhttps://lists.debian.org/debian-lts-announce/2019/04/msg00006.htmlhttps://lists.debian.org/debian-lts-announce/2019/07/msg00024.htmlhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XCWEA5ZCLKRDUK62QVVYMFWLWKOPX3LO/https://seclists.org/bugtraq/2019/Apr/25https://seclists.org/bugtraq/2019/Mar/25https://security.netapp.com/advisory/ntap-20190327-0005/https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-767https://www.debian.org/security/2019/dsa-4431https://www.libssh2.org/CVE-2019-3859.htmlhttps://www.rapid7.com/db/vulnerabilities/alpine-linux-cve-2019-3862https://nvd.nist.govhttps://github.com/simiyo/trivy
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-15469CVE-2020-5902CVE-2020-14947cameraCVE-2020-2203NULL pointer dereferenceCVE-2020-6089logic flawprestashopCVE-2020-15523