CVSS: 9.1EPSS: 5%CPEs: 5EXPL: 0CVE-2019-3862 – libssh2: Out-of-bounds memory comparison with specially crafted message channel request
https://notcve.org/view.php?id=CVE-2019-3862
19 Mar 2019 — An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit status message and no payload are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory. Se ha descubierto un error de lectura fuera de límites en libssh2, en versiones anteriores a la 1.8.1, en la forma en la que se analizan los paquetes SSH_MSG_CHANNEL_REQUEST con un mensaje de estado de salida y sin carga útil... • http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html • CWE-125: Out-of-bounds Read CWE-130: Improper Handling of Length Parameter Inconsistency •
CVSS: 8.8EPSS: 9%CPEs: 11EXPL: 0CVE-2019-3863 – libssh2: Integer overflow in user authenticate keyboard interactive allows out-of-bounds writes
https://notcve.org/view.php?id=CVE-2019-3863
19 Mar 2019 — A flaw was found in libssh2 before 1.8.1. A server could send a multiple keyboard interactive response messages whose total length are greater than unsigned char max characters. This value is used as an index to copy memory causing in an out of bounds memory write error. Se ha descubierto un problema en versiones anteriores a la 1.8.1 de libssh2. Un servidor podría enviar múltiples mensajes de respuesta interactiva mediante teclado cuya longitud total es mayor que el los caracteres no firmados char max. • http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 5.9EPSS: 4%CPEs: 6EXPL: 0CVE-2016-0787 – libssh2: bits/bytes confusion resulting in truncated Diffie-Hellman secret length
https://notcve.org/view.php?id=CVE-2016-0787
10 Mar 2016 — The diffie_hellman_sha256 function in kex.c in libssh2 before 1.7.0 improperly truncates secrets to 128 or 256 bits, which makes it easier for man-in-the-middle attackers to decrypt or intercept SSH sessions via unspecified vectors, aka a "bits/bytes confusion bug." La función diffie_hellman_sha256 en kex.c en libssh2 en versiones anteriores a 1.7.0 trunca de manera incorrecta secretos a 128 o 256 bits, lo que hace más fácil para atacantes man-in-the-middle descifrar o interceptar sesiones SSH a través de v... • http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177980.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-704: Incorrect Type Conversion or Cast •
CVSS: 9.8EPSS: 2%CPEs: 5EXPL: 0CVE-2015-1782 – libssh2: Using SSH_MSG_KEXINIT data unbounded
https://notcve.org/view.php?id=CVE-2015-1782
11 Mar 2015 — The kex_agree_methods function in libssh2 before 1.5.0 allows remote servers to cause a denial of service (crash) or have other unspecified impact via crafted length values in an SSH_MSG_KEXINIT packet. La función kex_agree_methods en libssh2 anterior a 1.5.0 permite a servidores remotos causar una denegación de servicio (caída) o tener otro impacto sin especificar a través de valores de longitud modificados en un paquete SSH_MSG_KEXINIT. A flaw was found in the way the kex_agree_methods() function of libss... • http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151943.html • CWE-20: Improper Input Validation CWE-130: Improper Handling of Length Parameter Inconsistency •