Out of Bounds Read Flaw Affecting libssh2 by libssh2
CVE-2019-3861

5MEDIUM

Key Information:

Vendor

The Libssh2 Project

Status
Libssh2
Vendor
CVE Published:
25 March 2019

What is CVE-2019-3861?

An out of bounds read vulnerability exists in the way SSH packets are processed in libssh2 versions prior to 1.8.1. When SSH packets include a padding length value exceeding the actual packet length, this flaw can be exploited by a remote attacker who has compromised an SSH server. This could lead to Denial of Service attacks or allow unauthorized access to sensitive data within the client’s memory. It is essential for users and administrators to apply patches to mitigate the risks associated with this vulnerability.

Affected Version(s)

libssh2 1.8.1

References

https://www.libssh2.org/CVE-2019-3861.html
x_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3861
x_refsource_CONFIRM
https://lists.debian.org/debian-lts-announce/2019/03/msg0...
mailing-listx_refsource_MLIST

CVSS V3.1

Score:
5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

CVSS V3.0

Score:
5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.