[Forgot Password]
Login  Register Subscribe

25354

 
 

132805

 
 

139352

 
 

909

 
 

113074

 
 

156

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML view JSON

CVE-2019-3863Date: (C)2019-06-19   (M)2020-01-25


A flaw was found in libssh2 before 1.8.1. A server could send a multiple keyboard interactive response messages whose total length are greater than unsigned char max characters. This value is used as an index to copy memory causing in an out of bounds memory write error.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 8.8CVSS Score : 6.8
Exploit Score: 2.8Exploit Score: 8.6
Impact Score: 5.9Impact Score: 6.4
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: NETWORKAccess Vector: NETWORK
Attack Complexity: LOWAccess Complexity: MEDIUM
Privileges Required: NONEAuthentication: NONE
User Interaction: REQUIREDConfidentiality: PARTIAL
Scope: UNCHANGEDIntegrity: PARTIAL
Confidentiality: HIGHAvailability: PARTIAL
Integrity: HIGH 
Availability: HIGH 
  
Reference:
https://seclists.org/bugtraq/2019/Apr/25
DSA-4431
FEDORA-2019-3348cb4934
RHSA-2019:0679
RHSA-2019:1175
RHSA-2019:1652
RHSA-2019:1791
RHSA-2019:1943
RHSA-2019:2399
https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3863
https://security.netapp.com/advisory/ntap-20190327-0005/
https://www.libssh2.org/CVE-2019-3863.html
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
openSUSE-SU-2019:1075
openSUSE-SU-2019:1109

CPE    5
cpe:/a:libssh2:libssh2
cpe:/o:redhat:enterprise_linux_server:7.0
cpe:/o:redhat:enterprise_linux_workstation:7.0
cpe:/o:redhat:enterprise_linux_desktop:7.0
...
CWE    1
CWE-787
OVAL    18
oval:org.secpod.oval:def:502714
oval:org.secpod.oval:def:502635
oval:org.secpod.oval:def:503173
oval:org.secpod.oval:def:116149
...

© SecPod Technologies