Published: 21/03/2019 Updated: 07/11/2023

CVSS v2 Base Score: 6.4 | Impact Score: 4.9 | Exploitability Score: 10

CVSS v3 Base Score: 9.1 | Impact Score: 5.2 | Exploitability Score: 3.9

VMScore: 572

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:P

An out of bounds read flaw exists in libssh2 prior to 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit status message and no payload are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.

Vulnerable Product	Search on Vulmon	Subscribe to Product
libssh2 libssh2
fedoraproject fedora 29
debian debian linux 8.0
netapp ontap select deploy administration utility -
opensuse leap 42.3

Synopsis Moderate: libssh2 security update Type/Severity Security Advisory: Moderate Topic An update for libssh2 is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, wh ...

Debian Bug report logs - #924965 libssh2: CVE-2019-3855 CVE-2019-3856 CVE-2019-3857 CVE-2019-3858 CVE-2019-3859 CVE-2019-3860 CVE-2019-3861 CVE-2019-3862 CVE-2019-3863 Package: src:libssh2; Maintainer for src:libssh2 is Mikhail Gusarov <dottedmag@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: ...

Chris Coulson discovered several vulnerabilities in libssh2, a SSH2 client-side library, which could result in denial of service, information leaks or the execution of arbitrary code For the stable distribution (stretch), these problems have been fixed in version 170-1+deb9u1 We recommend that you upgrade your libssh2 packages For the detailed ...

An out of bounds read flaw was discovered in libssh2 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit status message and no payload are parsed A remote attacker who compromises a SSH server may be able to cause a denial of service or read data in the client memory (CVE-2019-3862) ...

An issue has been found in libssh2 before 181 where a server could send a specially crafted SSH_MSG_CHANNEL_REQUEST packet with an exit status message and no payload This would result in an out of bounds memory comparison ...

Critical Infrastructure Sectors: Critical Manufacturing

oss-sec mailing list archives   By Date By Thread </form>    [SECURITY ADVISORIES] libssh2   From: Daniel Stenberg <daniel () haxx ...

CWE-125 https://www.libssh2.org/CVE-2019-3862.html https://seclists.org/bugtraq/2019/Mar/25 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3862 http://www.securityfocus.com/bid/107485 http://www.openwall.com/lists/oss-security/2019/03/18/3 http://packetstormsecurity.com/files/152136/Slackware-Security-Advisory-libssh2-Updates.html https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-767 https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html https://security.netapp.com/advisory/ntap-20190327-0005/http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html https://www.debian.org/security/2019/dsa-4431 https://seclists.org/bugtraq/2019/Apr/25 https://access.redhat.com/errata/RHSA-2019:1884 https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html https://www.oracle.com/security-alerts/cpujan2020.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XCWEA5ZCLKRDUK62QVVYMFWLWKOPX3LO/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/https://access.redhat.com/errata/RHSA-2019:1884 https://nvd.nist.gov https://www.cisa.gov/news-events/ics-advisories/icsa-23-348-10 https://www.debian.org/security/2019/dsa-4431

CVE-2019-3862

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

ICS Advisories

Mailing Lists

References

Vulmon Search

About

Products

Connect