Описание
A flaw was found in libssh2 before 1.8.1. A server could send a multiple keyboard interactive response messages whose total length are greater than unsigned char max characters. This value is used as an index to copy memory causing in an out of bounds memory write error.
A flaw was found in libssh2. A server could send a multiple keyboard interactive response messages, whose total length are greater than the unsigned char max characters. This value is used as an index to copy memory causing in an out of bounds memory write error. The highest threat from this vulnerability is to data confidentiality and integrity and system availability.
Отчет
This flaw was present in libssh2 packages included in Red Hat Virtualization Hypervisor and Management Appliance, however libssh2 in these hosts is never exposed to malicious clients or servers.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 8 Advanced Virtualization | virt:8.0.0/libssh2 | Affected | ||
| Red Hat Virtualization 4 | redhat-virtualization-host | Will not fix | ||
| Red Hat Virtualization 4 | rhvm-appliance | Will not fix | ||
| Red Hat Enterprise Linux 6 | libssh2 | Fixed | RHSA-2019:1652 | 02.07.2019 |
| Red Hat Enterprise Linux 7 | libssh2 | Fixed | RHSA-2019:0679 | 28.03.2019 |
| Red Hat Enterprise Linux 7.3 Advanced Update Support | libssh2 | Fixed | RHSA-2019:2399 | 07.08.2019 |
| Red Hat Enterprise Linux 7.3 Telco Extended Update Support | libssh2 | Fixed | RHSA-2019:2399 | 07.08.2019 |
| Red Hat Enterprise Linux 7.3 Update Services for SAP Solutions | libssh2 | Fixed | RHSA-2019:2399 | 07.08.2019 |
| Red Hat Enterprise Linux 7.4 Extended Update Support | libssh2 | Fixed | RHSA-2019:1943 | 30.07.2019 |
| Red Hat Enterprise Linux 7.5 Extended Update Support | libssh2 | Fixed | RHSA-2019:1791 | 16.07.2019 |
Показывать по
Дополнительная информация
Статус:
EPSS
7.5 High
CVSS3
Связанные уязвимости
A flaw was found in libssh2 before 1.8.1. A server could send a multiple keyboard interactive response messages whose total length are greater than unsigned char max characters. This value is used as an index to copy memory causing in an out of bounds memory write error.
A flaw was found in libssh2 before 1.8.1. A server could send a multiple keyboard interactive response messages whose total length are greater than unsigned char max characters. This value is used as an index to copy memory causing in an out of bounds memory write error.
A flaw was found in libssh2 before 1.8.1. A server could send a multip ...
A flaw was found in libssh2 before 1.8.1. A server could send a multiple keyboard interactive response messages whose total length are greater than unsigned char max characters. This value is used as an index to copy memory causing in an out of bounds memory write error.
Уязвимость бибиотеки libssh2, связанная с записью за границами буфера в памяти, позволяющая нарушителю вызвать отказ в обслуживании, выполнить произвольный код или раскрыть защищаемую информацию
EPSS
7.5 High
CVSS3