Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2019-3855

Опубликовано: 21 мар. 2019
Источник: nvd
CVSS3: 7.5
CVSS3: 8.8
CVSS2: 9.3
EPSS Средний

Описание

An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:libssh2:libssh2:*:*:*:*:*:*:*:*
Версия до 1.8.1 (исключая)
Конфигурация 2

Одно из

cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
Конфигурация 3

Одно из

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
Конфигурация 4
cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*
Конфигурация 5

Одно из

cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:advanced_virtualization:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
Конфигурация 6
cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*
Конфигурация 7
cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:*
Версия до 11.0 (исключая)
Конфигурация 8

Одно из

cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*

EPSS

Процентиль: 94%
0.12496
Средний

7.5 High

CVSS3

8.8 High

CVSS3

9.3 Critical

CVSS2

Дефекты

CWE-190
CWE-190

Связанные уязвимости

ubuntu логотип

CVE-2019-3855

CVSS3: 8.8
ubuntu
около 6 лет назад

An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.

redhat логотип

CVE-2019-3855

CVSS3: 7.5
redhat
больше 6 лет назад

An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.

debian логотип

CVE-2019-3855

CVSS3: 8.8
debian
около 6 лет назад

An integer overflow flaw which could lead to an out of bounds write wa ...

github логотип

GHSA-hhcg-w86v-64g8

CVSS3: 8.8
github
около 3 лет назад

An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.

fstec логотип

BDU:2019-03898

CVSS3: 8.8
fstec
больше 6 лет назад

Уязвимость библиотеки libssh2, связанная с целочисленным переполнением, позволяющая нарушителю выполнить произвольный код

EPSS

Процентиль: 94%
0.12496
Средний

7.5 High

CVSS3

8.8 High

CVSS3

9.3 Critical

CVSS2

Дефекты

CWE-190
CWE-190