Lucene search

PRIOn knowledge basePRION:CVE-2019-3862

HistoryMar 21, 2019 - 4:01 p.m.

Design/Logic Flaw

2019-03-2116:01:00

PRIOn knowledge base

www.prio-n.com

8.8 High

AI Score

Confidence

High

0.015 Low

EPSS

Percentile

86.7%

JSON

An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit status message and no payload are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.

CPENameOperatorVersion
debian_linuxeq8.0
fedoraeq29
libssh2lt1.8.1
leapeq42.3

Name	Operator	Version
debian_linux	eq	8.0
fedora	eq	29
libssh2	lt	1.8.1
leap	eq	42.3

References

lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html

lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html

packetstormsecurity.com/files/152136/Slackware-Security-Advisory-libssh2-Updates.html

www.openwall.com/lists/oss-security/2019/03/18/3

www.securityfocus.com/bid/107485

access.redhat.com/errata/RHSA-2019:1884

bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3862

lists.debian.org/debian-lts-announce/2019/03/msg00032.html

lists.fedoraproject.org/archives/list/[email protected]/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/

lists.fedoraproject.org/archives/list/[email protected]/message/XCWEA5ZCLKRDUK62QVVYMFWLWKOPX3LO/

seclists.org/bugtraq/2019/Apr/25

seclists.org/bugtraq/2019/Mar/25

security.netapp.com/advisory/ntap-20190327-0005/

www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-767

www.debian.org/security/2019/dsa-4431

www.libssh2.org/CVE-2019-3862.html

www.oracle.com/security-alerts/cpujan2020.html

www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html