Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2019-3857

Опубликовано: 25 мар. 2019
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 6.8
CVSS3: 8.8

Описание

An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit signal are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.

РелизСтатусПримечание
bionic

ignored

end of standard support, was needed
cosmic

ignored

end of life
devel

not-affected

1.8.0-2.1
disco

not-affected

1.8.0-2.1
eoan

not-affected

1.8.0-2.1
esm-apps/bionic

needed

esm-apps/focal

not-affected

1.8.0-2.1
esm-apps/jammy

not-affected

1.8.0-2.1
esm-apps/xenial

released

1.5.0-2ubuntu0.1+esm1
esm-infra-legacy/trusty

not-affected

1.4.3-2ubuntu0.2+esm2

Показывать по

Ссылки на источники

EPSS

Процентиль: 89%
0.04685
Низкий

6.8 Medium

CVSS2

8.8 High

CVSS3

Связанные уязвимости

redhat логотип

CVE-2019-3857

CVSS3: 7.5
redhat
больше 6 лет назад

An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit signal are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.

nvd логотип

CVE-2019-3857

CVSS3: 8.8
nvd
около 6 лет назад

An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit signal are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.

debian логотип

CVE-2019-3857

CVSS3: 8.8
debian
около 6 лет назад

An integer overflow flaw which could lead to an out of bounds write wa ...

github логотип

GHSA-mq4f-qjqv-2ff5

CVSS3: 8.8
github
около 3 лет назад

An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit signal are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.

fstec логотип

BDU:2019-03917

CVSS3: 8.8
fstec
больше 6 лет назад

Уязвимость команды SSH_MSG_CHANNEL_REQUEST библиотеки libssh2, позволяющая нарушителю выполнить произвольный код

EPSS

Процентиль: 89%
0.04685
Низкий

6.8 Medium

CVSS2

8.8 High

CVSS3

Уязвимость CVE-2019-3857