Out of Bounds Read Vulnerability in libssh2 Affects Multiple Products
CVE-2019-3858

5MEDIUM

Key Information:

Vendor

The Libssh2 Project

Status
Libssh2
Vendor
CVE Published:
21 March 2019

What is CVE-2019-3858?

A security flaw was identified in libssh2 versions before 1.8.1, where a specially crafted SFTP packet from a compromised SSH server could lead to an out of bounds read. This vulnerability enables a remote attacker to potentially read sensitive data from the client memory or disrupt service availability. Users of affected versions should prioritize updates to mitigate risks associated with this vulnerability.

Affected Version(s)

libssh2 1.8.1

References

http://www.openwall.com/lists/oss-security/2019/03/18/3
mailing-listx_refsource_MLIST
https://seclists.org/bugtraq/2019/Mar/25
mailing-listx_refsource_BUGTRAQ
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3858
x_refsource_CONFIRM

CVSS V3.1

Score:
5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

CVSS V3.0

Score:
5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.