First published: Mon Mar 11 2019(Updated: )
A server could send a value approching unsinged int max number of keyboard prompt requests which could result in an unchecked interger overflow. The value would then be used to allocate memory causing a possible memory write out of bounds error.
Credit: secalert@redhat.com secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
debian/libssh2 | 1.8.0-2.1 1.8.0-2.1+deb10u1 1.9.0-2 1.10.0-3 1.11.0-2 | |
Libssh2 Libssh2 | <1.8.1 | |
Debian Debian Linux | =8.0 | |
Debian Debian Linux | =9.0 | |
NetApp ONTAP Select Deploy administration utility | ||
openSUSE Leap | =15.0 | |
openSUSE Leap | =42.3 | |
Redhat Enterprise Linux | =8.0 | |
Redhat Enterprise Linux Desktop | =7.0 | |
Redhat Enterprise Linux Server | =7.0 | |
Redhat Enterprise Linux Server Aus | =7.6 | |
Redhat Enterprise Linux Server Eus | =7.6 | |
Redhat Enterprise Linux Server Tus | =7.6 | |
Redhat Enterprise Linux Workstation | =7.0 | |
Fedoraproject Fedora | =28 | |
Oracle PeopleSoft Enterprise PeopleTools | =8.56 | |
Oracle PeopleSoft Enterprise PeopleTools | =8.57 | |
redhat/libssh2 | <1.8.1 | 1.8.1 |
<1.8.1 | ||
=8.0 | ||
=9.0 | ||
=15.0 | ||
=42.3 | ||
=8.0 | ||
=7.0 | ||
=7.0 | ||
=7.6 | ||
=7.6 | ||
=7.6 | ||
=7.0 | ||
=28 | ||
=8.56 | ||
=8.57 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID of this security flaw is CVE-2019-3856.
CVE-2019-3856 has a severity level of 8.8, which is considered high.
CVE-2019-3856 affects libssh2 versions before 1.8.1.
An attacker who compromises an SSH server can exploit CVE-2019-3856 to execute code on the client system when a user connects to the server.
Yes, a fix is available for CVE-2019-3856 in libssh2 version 1.8.1.