Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2019-3856

Опубликовано: 25 мар. 2019
Источник: debian

Описание

An integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 before 1.8.1 in the way keyboard prompt requests are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
libssh2fixed1.8.0-2.1package

Примечания

  • https://www.libssh2.org/CVE-2019-3856.html

  • Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3856.patch

  • https://github.com/libssh2/libssh2/pull/315

Связанные уязвимости

CVSS3: 8.8
ubuntu
больше 6 лет назад

An integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 before 1.8.1 in the way keyboard prompt requests are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.

CVSS3: 7.5
redhat
больше 6 лет назад

An integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 before 1.8.1 in the way keyboard prompt requests are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.

CVSS3: 8.8
nvd
больше 6 лет назад

An integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 before 1.8.1 in the way keyboard prompt requests are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.

CVSS3: 8.8
github
около 3 лет назад

An integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 before 1.8.1 in the way keyboard prompt requests are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.

CVSS3: 7.5
fstec
больше 6 лет назад

Уязвимость функции userauth_keyboard_interactive() в компоненте userauth.c библиотеки libssh2, позволяющая нарушителю выполнить произвольный код