CVSS: 8.8EPSS: 0%CPEs: 11EXPL: 0CVE-2019-3863 – libssh2: Integer overflow in user authenticate keyboard interactive allows out-of-bounds writes
https://notcve.org/view.php?id=CVE-2019-3863
A flaw was found in libssh2 before 1.8.1. A server could send a multiple keyboard interactive response messages whose total length are greater than unsigned char max characters. This value is used as an index to copy memory causing in an out of bounds memory write error. Se ha descubierto un problema en versiones anteriores a la 1.8.1 de libssh2. Un servidor podría enviar múltiples mensajes de respuesta interactiva mediante teclado cuya longitud total es mayor que el los caracteres no firmados char max. • http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html https://access.redhat.com/errata/RHSA-2019:0679 https://access.redhat.com/errata/RHSA-2019:1175 https://access.redhat.com/errata/RHSA-2019:1652 https://access.redhat.com/errata/RHSA-2019:1791 https://access.redhat.com/errata/RHSA-2019:1943 https://access.redhat.com/errata/RHSA-2019:2399 https://bugzilla.redhat.com/show_bug.cgi?id&# • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 9.1EPSS: 2%CPEs: 8EXPL: 0CVE-2019-3859
https://notcve.org/view.php?id=CVE-2019-3859
An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the _libssh2_packet_require and _libssh2_packet_requirev functions. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory. Se ha descubierto un error de lectura fuera de límites en libssh2, en versiones anteriores a la 1.8.1, en las funciones _libssh2_packet_require y _libssh2_packet_requirev. Un atacante remoto que comprometa un servidor SSH podría ser capaz de provocar una denegación de servicio o una lectura de datos en la memoria del cliente. • http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00102.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00103.html http://packetstormsecurity.com/files/152136/Slackware-Security-Advisory-libssh2-Updates.html http://www.openwall.com/lists/oss-security/2019/03/18/3 http://www.securityfocus.com/bid/107485 https://bugzilla • CWE-125: Out-of-bounds Read •
CVSS: 9.1EPSS: 1%CPEs: 5EXPL: 0CVE-2019-3862 – libssh2: Out-of-bounds memory comparison with specially crafted message channel request
https://notcve.org/view.php?id=CVE-2019-3862
An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit status message and no payload are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory. Se ha descubierto un error de lectura fuera de límites en libssh2, en versiones anteriores a la 1.8.1, en la forma en la que se analizan los paquetes SSH_MSG_CHANNEL_REQUEST con un mensaje de estado de salida y sin carga útil. Un atacante remoto que comprometa un servidor SSH podría ser capaz de provocar una denegación de servicio o una lectura de datos en la memoria del cliente. An out of bounds read flaw was discovered in libssh2 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit status message and no payload are parsed. • http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html http://packetstormsecurity.com/files/152136/Slackware-Security-Advisory-libssh2-Updates.html http://www.openwall.com/lists/oss-security/2019/03/18/3 http://www.securityfocus.com/bid/107485 https://access.redhat.com/errata/RHSA-2019:1884 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3862 https://lists.debian.org/debian-lts-announce/2019 • CWE-125: Out-of-bounds Read CWE-130: Improper Handling of Length Parameter Inconsistency •
CVSS: 5.9EPSS: 0%CPEs: 6EXPL: 0CVE-2016-0787 – libssh2: bits/bytes confusion resulting in truncated Diffie-Hellman secret length
https://notcve.org/view.php?id=CVE-2016-0787
The diffie_hellman_sha256 function in kex.c in libssh2 before 1.7.0 improperly truncates secrets to 128 or 256 bits, which makes it easier for man-in-the-middle attackers to decrypt or intercept SSH sessions via unspecified vectors, aka a "bits/bytes confusion bug." La función diffie_hellman_sha256 en kex.c en libssh2 en versiones anteriores a 1.7.0 trunca de manera incorrecta secretos a 128 o 256 bits, lo que hace más fácil para atacantes man-in-the-middle descifrar o interceptar sesiones SSH a través de vectores no especificados, también conocido como "bits/bytes confusion bug". A type confusion issue was found in the way libssh2 generated ephemeral secrets for the diffie-hellman-group1 and diffie-hellman-group14 key exchange methods. This would cause an SSHv2 Diffie-Hellman handshake to use significantly less secure random parameters. • http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177980.html http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178573.html http://lists.opensuse.org/opensuse-updates/2016-03/msg00008.html http://www.debian.org/security/2016/dsa-3487 http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html http://www.securityfocus.com/bid/82514 https://bto.bluecoat.com/security-advisory/sa120 https://kc.mcafee.com/corporate/index?page=content&id=SB10156 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-704: Incorrect Type Conversion or Cast •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2015-1782 – libssh2: Using SSH_MSG_KEXINIT data unbounded
https://notcve.org/view.php?id=CVE-2015-1782
The kex_agree_methods function in libssh2 before 1.5.0 allows remote servers to cause a denial of service (crash) or have other unspecified impact via crafted length values in an SSH_MSG_KEXINIT packet. La función kex_agree_methods en libssh2 anterior a 1.5.0 permite a servidores remotos causar una denegación de servicio (caída) o tener otro impacto sin especificar a través de valores de longitud modificados en un paquete SSH_MSG_KEXINIT. A flaw was found in the way the kex_agree_methods() function of libssh2 performed a key exchange when negotiating a new SSH session. A man-in-the-middle attacker could use a crafted SSH_MSG_KEXINIT packet to crash a connecting libssh2 client. • http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151943.html http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152362.html http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153933.html http://www.debian.org/security/2015/dsa-3182 http://www.libssh2.org/adv_20150311.html http://www.mandriva.com/security/advisories?name=MDVSA-2015:148 http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html http://www.securityfocus.com/bid • CWE-20: Improper Input Validation CWE-130: Improper Handling of Length Parameter Inconsistency •