CVE-2019-3855
Severity
8.8HIGH
EPSS
16.2%
top 5.18%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMar 21
Latest updateMay 13
Description
An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9
Affected Packages10 packages
Also affects: Debian Linux 8.0, 9.0, Fedora 28, 29, 30, Enterprise Linux 8.0, 7.6
Patches
🔴Vulnerability Details
4GHSA▶
GHSA-hhcg-w86v-64g8: An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1↗2022-05-13
CVEList▶
CVE-2019-3855: An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1↗2019-03-21
OSV▶
CVE-2019-3855: An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1↗2019-03-21
📋Vendor Advisories
5💬Community
5Bugzilla▶
CVE-2019-3855 CVE-2019-3856 CVE-2019-3857 CVE-2019-3858 CVE-2019-3859 CVE-2019-3860 CVE-2019-3861 CVE-2019-3862 CVE-2019-3863 mingw-libssh2: various flaws [fedora-all]↗2019-03-19
Bugzilla▶
CVE-2019-3855 CVE-2019-3856 CVE-2019-3857 CVE-2019-3858 CVE-2019-3859 CVE-2019-3860 CVE-2019-3861 CVE-2019-3862 CVE-2019-3863 mingw-libssh2: various flaws [epel-7]↗2019-03-19
Bugzilla▶
CVE-2019-3855 CVE-2019-3856 CVE-2019-3857 CVE-2019-3858 CVE-2019-3859 CVE-2019-3860 CVE-2019-3861 CVE-2019-3862 CVE-2019-3863 libssh2: various flaws [fedora-all]↗2019-03-19
Bugzilla▶
CVE-2019-3855 CVE-2019-3856 CVE-2019-3857 CVE-2019-3858 CVE-2019-3859 CVE-2019-3860 CVE-2019-3861 CVE-2019-3862 CVE-2019-3863 libssh: various flaws [fedora-all]↗2019-03-19
Bugzilla▶
CVE-2019-3855 libssh2: Integer overflow in transport read resulting in out of bounds write↗2019-03-11