CVE-2019-3855
published 2019-03-21CVE-2019-3855: An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. A…
high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.
Affected
33 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | xcode | < 11.0 | 11.0 |
| apple | xcode | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | libssh2 | < libssh2 1.8.0-2.1 (bookworm) | libssh2 1.8.0-2.1 (bookworm) |
| debian | libssh2 | < libssh2 1.9.0-1 (bookworm) | libssh2 1.9.0-1 (bookworm) |
| f5 | traffix_systems_signaling_delivery_controller | 5.0.0 – 5.1.0 | — |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| libssh2 | libssh2 | < 1.8.1 | 1.8.1 |
| libssh2 | libssh2 | < 1.9.0 | 1.9.0 |
| libssh2 | libssh2 | >= 0 < 1.8.0-2.1 | 1.8.0-2.1 |
| libssh2 | libssh2 | >= 0 < 1.9.0-1 | 1.9.0-1 |
| libssh2 | libssh2 | >= 0 < 1.8.0-2.1 | 1.8.0-2.1 |
| libssh2 | libssh2 | >= 0 < 1.9.0-1 | 1.9.0-1 |
| libssh2 | libssh2 | >= 0 < 1.8.0-2.1 | 1.8.0-2.1 |
| libssh2 | libssh2 | >= 0 < 1.9.0-1 | 1.9.0-1 |
| libssh2 | libssh2 | >= 0 < 1.8.0-2.1 | 1.8.0-2.1 |
| libssh2 | libssh2 | >= 0 < 1.9.0-1 | 1.9.0-1 |
| libssh2 | libssh2 | >= 0 < 1.5.0-2ubuntu0.1+esm1 | 1.5.0-2ubuntu0.1+esm1 |
| netapp | e-series_santricity_os_controller | 11.0.0 – 11.70.1 | — |
| opensuse | leap | — | — |
| oracle | peoplesoft_enterprise_peopletools | — | — |
| oracle | peoplesoft_enterprise_peopletools | — | — |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
osv8.8HIGH