First published: Mon Mar 11 2019(Updated: )
A server could send a SSH_MSG_CHANNEL_REQUEST packet with an exit signal message with a length of max unsigned integer value. The length would then have a value of 1 added to it and used to allocate memory causing a possible memory write out of bounds error or zero byte allocation.
Credit: secalert@redhat.com secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
debian/libssh2 | 1.8.0-2.1 1.8.0-2.1+deb10u1 1.9.0-2 1.10.0-3 1.11.0-2 | |
Libssh2 Libssh2 | >=1.2.8<=1.8.0 | |
Debian Debian Linux | =8.0 | |
Debian Debian Linux | =9.0 | |
NetApp ONTAP Select Deploy administration utility | ||
openSUSE Leap | =15.0 | |
openSUSE Leap | =42.3 | |
Redhat Enterprise Linux | =8.0 | |
Redhat Enterprise Linux Desktop | =7.0 | |
Redhat Enterprise Linux Server | =7.0 | |
Redhat Enterprise Linux Server Aus | =7.6 | |
Redhat Enterprise Linux Server Eus | =7.6 | |
Redhat Enterprise Linux Server Tus | =7.6 | |
Redhat Enterprise Linux Workstation | =7.0 | |
Fedoraproject Fedora | =28 | |
Oracle PeopleSoft Enterprise PeopleTools | =8.56 | |
Oracle PeopleSoft Enterprise PeopleTools | =8.57 | |
redhat/libssh2 | <1.8.1 | 1.8.1 |
>=1.2.8<=1.8.0 | ||
=8.0 | ||
=9.0 | ||
=15.0 | ||
=42.3 | ||
=8.0 | ||
=7.0 | ||
=7.0 | ||
=7.6 | ||
=7.6 | ||
=7.6 | ||
=7.0 | ||
=28 | ||
=8.56 | ||
=8.57 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-3857 is an integer overflow vulnerability discovered in libssh2 before 1.8.1.
CVE-2019-3857 has a severity level of 8.8 (high).
CVE-2019-3857 could lead to an out of bounds write in the way SSH_MSG_CHANNEL_REQUEST packets with an exit signal are parsed, potentially allowing a remote attacker to execute code on the client system.
Versions of libssh2 before 1.8.1 are affected by CVE-2019-3857.
To fix CVE-2019-3857, you should update libssh2 to version 1.8.1 or later.