CVE-2019-3857
Severity
8.8HIGH
EPSS
4.5%
top 10.82%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMar 25
Latest updateMay 13
Description
An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit signal are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9
Affected Packages8 packages
Also affects: Debian Linux 8.0, 9.0, Fedora 28, Enterprise Linux 8.0, 7.6
Patches
🔴Vulnerability Details
4GHSA▶
GHSA-mq4f-qjqv-2ff5: An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1↗2022-05-13
CVEList▶
CVE-2019-3857: An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1↗2019-03-25
OSV▶
CVE-2019-3857: An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1↗2019-03-25
📋Vendor Advisories
3💬Community
5Bugzilla▶
CVE-2019-3855 CVE-2019-3856 CVE-2019-3857 CVE-2019-3858 CVE-2019-3859 CVE-2019-3860 CVE-2019-3861 CVE-2019-3862 CVE-2019-3863 mingw-libssh2: various flaws [fedora-all]↗2019-03-19
Bugzilla▶
CVE-2019-3855 CVE-2019-3856 CVE-2019-3857 CVE-2019-3858 CVE-2019-3859 CVE-2019-3860 CVE-2019-3861 CVE-2019-3862 CVE-2019-3863 mingw-libssh2: various flaws [epel-7]↗2019-03-19
Bugzilla▶
CVE-2019-3855 CVE-2019-3856 CVE-2019-3857 CVE-2019-3858 CVE-2019-3859 CVE-2019-3860 CVE-2019-3861 CVE-2019-3862 CVE-2019-3863 libssh2: various flaws [fedora-all]↗2019-03-19
Bugzilla▶
CVE-2019-3855 CVE-2019-3856 CVE-2019-3857 CVE-2019-3858 CVE-2019-3859 CVE-2019-3860 CVE-2019-3861 CVE-2019-3862 CVE-2019-3863 libssh: various flaws [fedora-all]↗2019-03-19
Bugzilla▶
CVE-2019-3857 libssh2: Integer overflow in SSH packet processing channel resulting in out of bounds write↗2019-03-11