Lucene search

K

GoogleOSV:CVE-2019-3862

HistoryMar 21, 2019 - 4:01 p.m.

CVE-2019-3862

2019-03-2116:01:04

Google

osv.dev

4

6.7 Medium

AI Score

Confidence

Low

0.015 Low

EPSS

Percentile

86.7%

An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit status message and no payload are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.

CPENameOperatorVersion
libssh2eqRELEASE.0.6
libssh2eq1.4.0-r0
libssh2eqlibssh2-1.2.6
libssh2eqRELEASE.0.13
libssh2eq1.8.0-r1
libssh2eq1.2.8-r0
libssh2eqRELEASE.0.14
libssh2eqlibssh2-1.5.0
libssh2eqlibssh2-1.2.7
libssh2eq1.7.0-r1

Rows per page:

1-10 of 561

References

lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html

lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html

packetstormsecurity.com/files/152136/Slackware-Security-Advisory-libssh2-Updates.html

www.openwall.com/lists/oss-security/2019/03/18/3

www.securityfocus.com/bid/107485

access.redhat.com/errata/RHSA-2019:1884

bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3862

lists.debian.org/debian-lts-announce/2019/03/msg00032.html

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XCWEA5ZCLKRDUK62QVVYMFWLWKOPX3LO/

seclists.org/bugtraq/2019/Apr/25

seclists.org/bugtraq/2019/Mar/25

security.netapp.com/advisory/ntap-20190327-0005/

www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-767

www.debian.org/security/2019/dsa-4431

www.libssh2.org/CVE-2019-3862.html

www.oracle.com/security-alerts/cpujan2020.html

www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

6.7 Medium

AI Score

Confidence

Low

0.015 Low

EPSS

Percentile

86.7%

Related for OSV:CVE-2019-3862