CVE-2019-3856
Severity
8.8HIGH
EPSS
4.4%
top 11.00%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMar 25
Latest updateMay 13
Description
An integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 before 1.8.1 in the way keyboard prompt requests are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9
Affected Packages9 packages
Also affects: Debian Linux 8.0, 9.0, Fedora 28, Enterprise Linux 8.0, 7.6
Patches
🔴Vulnerability Details
4GHSA▶
GHSA-w4mw-p8mf-732j: An integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 before 1↗2022-05-13
CVEList▶
CVE-2019-3856: An integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 before 1↗2019-03-25
OSV▶
CVE-2019-3856: An integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 before 1↗2019-03-25
📋Vendor Advisories
3💬Community
5Bugzilla▶
CVE-2019-3855 CVE-2019-3856 CVE-2019-3857 CVE-2019-3858 CVE-2019-3859 CVE-2019-3860 CVE-2019-3861 CVE-2019-3862 CVE-2019-3863 mingw-libssh2: various flaws [fedora-all]↗2019-03-19
Bugzilla▶
CVE-2019-3855 CVE-2019-3856 CVE-2019-3857 CVE-2019-3858 CVE-2019-3859 CVE-2019-3860 CVE-2019-3861 CVE-2019-3862 CVE-2019-3863 mingw-libssh2: various flaws [epel-7]↗2019-03-19
Bugzilla▶
CVE-2019-3855 CVE-2019-3856 CVE-2019-3857 CVE-2019-3858 CVE-2019-3859 CVE-2019-3860 CVE-2019-3861 CVE-2019-3862 CVE-2019-3863 libssh2: various flaws [fedora-all]↗2019-03-19
Bugzilla▶
CVE-2019-3855 CVE-2019-3856 CVE-2019-3857 CVE-2019-3858 CVE-2019-3859 CVE-2019-3860 CVE-2019-3861 CVE-2019-3862 CVE-2019-3863 libssh: various flaws [fedora-all]↗2019-03-19
Bugzilla▶
CVE-2019-3856 libssh2: Integer overflow in keyboard interactive handling resulting in out of bounds write↗2019-03-11