[Forgot Password]
Login  Register Subscribe

24547

 
 

132804

 
 

129935

 
 

909

 
 

106980

 
 

152

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML view JSON

CVE-2019-3863Date: (C)2019-06-19   (M)2019-08-20


A flaw was found in libssh2 before 1.8.1. A server could send a multiple keyboard interactive response messages whose total length are greater than unsigned char max characters. This value is used as an index to copy memory causing in an out of bounds memory write error.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 8.8CVSS Score : 6.8
Exploit Score: 2.8Exploit Score: 8.6
Impact Score: 5.9Impact Score: 6.4
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: NETWORKAccess Vector: NETWORK
Attack Complexity: LOWAccess Complexity: MEDIUM
Privileges Required: NONEAuthentication: NONE
User Interaction: REQUIREDConfidentiality: PARTIAL
Scope: UNCHANGEDIntegrity: PARTIAL
Confidentiality: HIGHAvailability: PARTIAL
Integrity: HIGH 
Availability: HIGH 
  
Reference:
https://seclists.org/bugtraq/2019/Apr/25
DSA-4431
FEDORA-2019-3348cb4934
RHSA-2019:0679
RHSA-2019:1175
RHSA-2019:1652
RHSA-2019:1791
RHSA-2019:1943
RHSA-2019:2399
https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3863
https://security.netapp.com/advisory/ntap-20190327-0005/
https://www.libssh2.org/CVE-2019-3863.html
openSUSE-SU-2019:1075
openSUSE-SU-2019:1109

CPE    6
cpe:/o:redhat:enterprise_linux_desktop:7.0
cpe:/o:redhat:enterprise_linux_server:7.0
cpe:/o:redhat:enterprise_linux_workstation:7.0
cpe:/a:libssh2:libssh2:1.6.0
...
CWE    1
CWE-787
OVAL    17
oval:org.secpod.oval:def:502714
oval:org.secpod.oval:def:1700160
oval:org.secpod.oval:def:603849
oval:org.secpod.oval:def:502635
...

© SecPod Technologies