CVE-2019-3860

Published: Mar 25, 2019

Modified: Aug 4, 2024

PUBLISHED

CVSS v3.0

5.0

MEDIUM

Description

An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SFTP packets with empty payloads are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.

Vendor	Product	Versions
The libssh2 Project	libssh2	affected `1.8.1`

Weaknesses (CWE)

CWE-125

CVSS v3.0 Details

CVSS v3.0 Vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

Low

References

https://www.libssh2.org/CVE-2019-3860.html

x_refsource_MISC

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3860

x_refsource_CONFIRM

[debian-lts-announce] 20190326 [SECURITY] [DLA 1730-1] libssh2 security update

mailing-list

x_refsource_MLIST

https://security.netapp.com/advisory/ntap-20190327-0005/

x_refsource_CONFIRM

openSUSE-SU-2019:1075

vendor-advisory

x_refsource_SUSE

openSUSE-SU-2019:1109

vendor-advisory

x_refsource_SUSE

FEDORA-2019-3348cb4934

vendor-advisory

x_refsource_FEDORA

DSA-4431

vendor-advisory

x_refsource_DEBIAN

20190415 [SECURITY] [DSA 4431-1] libssh2 security update

mailing-list

x_refsource_BUGTRAQ

openSUSE-SU-2019:1640

vendor-advisory

x_refsource_SUSE

[debian-lts-announce] 20190730 [SECURITY] [DLA 1730-4] libssh2 regression update

mailing-list

x_refsource_MLIST

https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2019-3860

Description

Affected Products

Weaknesses (CWE)

CVSS v3.0 Details

References