Detections
Analytics
CVE-2019-3855
high
Description
An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.
References
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
https://www.libssh2.org/CVE-2019-3855.html
https://www.debian.org/security/2019/dsa-4431
https://support.apple.com/kb/HT210609
https://security.netapp.com/advisory/ntap-20190327-0005/
https://seclists.org/bugtraq/2019/Sep/49
https://seclists.org/bugtraq/2019/Mar/25
https://seclists.org/bugtraq/2019/Apr/25
https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3855
https://access.redhat.com/errata/RHSA-2019:2399
https://access.redhat.com/errata/RHSA-2019:1943
https://access.redhat.com/errata/RHSA-2019:1791
https://access.redhat.com/errata/RHSA-2019:1652
https://access.redhat.com/errata/RHSA-2019:1175
https://access.redhat.com/errata/RHSA-2019:0679
http://www.securityfocus.com/bid/107485
http://www.openwall.com/lists/oss-security/2019/03/18/3
http://seclists.org/fulldisclosure/2019/Sep/42
http://packetstormsecurity.com/files/152136/Slackware-Security-Advisory-libssh2-Updates.html
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html
http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html