Out of Bounds Read Vulnerability in libssh2 by An Untimely Vendor
CVE-2019-3859

5MEDIUM

Key Information:

Vendor

The Libssh2 Project

Status
Libssh2
Vendor
CVE Published:
21 March 2019

What is CVE-2019-3859?

An out of bounds read flaw exists in libssh2 prior to version 1.8.1, specifically in the _libssh2_packet_require and _libssh2_packet_requirev functions. This vulnerability could be exploited by a remote attacker to compromise a vulnerable SSH server, potentially allowing them to read sensitive data from client memory or cause a denial of service condition. It highlights the need for users to promptly update to versions that have patched this issue to maintain security integrity.

Affected Version(s)

libssh2 1.8.1

References

http://www.openwall.com/lists/oss-security/2019/03/18/3
mailing-listx_refsource_MLIST
https://seclists.org/bugtraq/2019/Mar/25
mailing-listx_refsource_BUGTRAQ
https://www.libssh2.org/CVE-2019-3859.html
x_refsource_MISC

CVSS V3.1

Score:
5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

CVSS V3.0

Score:
5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.