Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2019-3863

Опубликовано: 25 мар. 2019
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 6.8
CVSS3: 7.5

Описание

A flaw was found in libssh2 before 1.8.1 creating a vulnerability on the SSH client side. A server could send a multiple keyboard interactive response messages whose total length are greater than unsigned char max characters. This value is used by the SSH client as an index to copy memory causing in an out of bounds memory write error.

РелизСтатусПримечание
bionic

ignored

end of standard support, was needed
cosmic

ignored

end of life
devel

not-affected

1.8.0-2.1
disco

not-affected

1.8.0-2.1
eoan

not-affected

1.8.0-2.1
esm-apps/bionic

needed

esm-apps/focal

not-affected

1.8.0-2.1
esm-apps/jammy

not-affected

1.8.0-2.1
esm-apps/xenial

released

1.5.0-2ubuntu0.1+esm1
esm-infra-legacy/trusty

released

1.4.3-2ubuntu0.2+esm2

Показывать по

Ссылки на источники

EPSS

Процентиль: 92%
0.08763
Низкий

6.8 Medium

CVSS2

7.5 High

CVSS3

Связанные уязвимости

redhat логотип

CVE-2019-3863

CVSS3: 7.5
redhat
почти 7 лет назад

A flaw was found in libssh2 before 1.8.1. A server could send a multiple keyboard interactive response messages whose total length are greater than unsigned char max characters. This value is used as an index to copy memory causing in an out of bounds memory write error.

nvd логотип

CVE-2019-3863

CVSS3: 7.5
nvd
почти 7 лет назад

A flaw was found in libssh2 before 1.8.1 creating a vulnerability on the SSH client side. A server could send a multiple keyboard interactive response messages whose total length are greater than unsigned char max characters. This value is used by the SSH client as an index to copy memory causing in an out of bounds memory write error.

debian логотип

CVE-2019-3863

CVSS3: 7.5
debian
почти 7 лет назад

A flaw was found in libssh2 before 1.8.1 creating a vulnerability on t ...

github логотип

GHSA-h63q-2463-x5hq

CVSS3: 8.8
github
больше 3 лет назад

A flaw was found in libssh2 before 1.8.1. A server could send a multiple keyboard interactive response messages whose total length are greater than unsigned char max characters. This value is used as an index to copy memory causing in an out of bounds memory write error.

fstec логотип

BDU:2019-03795

CVSS3: 8.8
fstec
почти 7 лет назад

Уязвимость бибиотеки libssh2, связанная с записью за границами буфера в памяти, позволяющая нарушителю вызвать отказ в обслуживании, выполнить произвольный код или раскрыть защищаемую информацию

EPSS

Процентиль: 92%
0.08763
Низкий

6.8 Medium

CVSS2

7.5 High

CVSS3