CVE-2019-3855

libssh2: Integer overflow in transport read resulting in out of bounds write

Severity Score

8.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.

Se ha descubierto un error de desbordamiento de enteros que podría conducir a una escritura fuera de límites en libssh2, en versiones anteriores a la 1.8.1, en la forma en la que los paquetes se leen desde el servidor. Un atacante remoto que comprometa un servidor SSH podría ser capaz de ejecutar código en el sistema del cliente cuando un usuario se conecta al servidor

An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.

*Credits: N/A

CVSS Scores

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2019-01-03 CVE Reserved
2019-03-19 CVE Published
2024-08-04 CVE Updated
2024-10-14 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-190: Integer Overflow or Wraparound
CWE-787: Out-of-bounds Write

CAPEC

References (29)

URL	Tag	Source
http://packetstormsecurity.com/files/152136/Slackware-Security-Advisory-libssh2-Updates.html	Third Party Advisory
http://seclists.org/fulldisclosure/2019/Sep/42	Mailing List
http://www.securityfocus.com/bid/107485	Third Party Advisory
https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html	Mailing List
https://seclists.org/bugtraq/2019/Apr/25	Mailing List
https://seclists.org/bugtraq/2019/Mar/25	Mailing List
https://seclists.org/bugtraq/2019/Sep/49	Mailing List
https://security.netapp.com/advisory/ntap-20190327-0005	Third Party Advisory
https://support.apple.com/kb/HT210609	Third Party Advisory
https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-767	Third Party Advisory

URL	Date	SRC

URL	Date	SRC
http://www.openwall.com/lists/oss-security/2019/03/18/3	2023-11-07
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3855	2023-11-07
https://www.libssh2.org/CVE-2019-3855.html	2023-11-07
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html	2023-11-07

URL	Date	SRC
http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html	2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html	2023-11-07
https://access.redhat.com/errata/RHSA-2019:0679	2023-11-07
https://access.redhat.com/errata/RHSA-2019:1175	2023-11-07
https://access.redhat.com/errata/RHSA-2019:1652	2023-11-07
https://access.redhat.com/errata/RHSA-2019:1791	2023-11-07
https://access.redhat.com/errata/RHSA-2019:1943	2023-11-07
https://access.redhat.com/errata/RHSA-2019:2399	2023-11-07
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O	2023-11-07
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6LUNHPW64IGCASZ4JQ2J5KDXNZN53DWW	2023-11-07
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M7IF3LNHOA75O4WZWIHJLIRMA5LJUED3	2023-11-07
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XCWEA5ZCLKRDUK62QVVYMFWLWKOPX3LO	2023-11-07
https://www.debian.org/security/2019/dsa-4431	2023-11-07
https://access.redhat.com/security/cve/CVE-2019-3855	2019-08-07
https://bugzilla.redhat.com/show_bug.cgi?id=1687303	2019-08-07

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Libssh2 Search vendor "Libssh2"		Libssh2 Search vendor "Libssh2" for product "Libssh2"				< 1.8.1 Search vendor "Libssh2" for product "Libssh2" and version " < 1.8.1"		-		Affected
Fedoraproject Search vendor "Fedoraproject"		Fedora Search vendor "Fedoraproject" for product "Fedora"				28 Search vendor "Fedoraproject" for product "Fedora" and version "28"		-		Affected
Fedoraproject Search vendor "Fedoraproject"		Fedora Search vendor "Fedoraproject" for product "Fedora"				29 Search vendor "Fedoraproject" for product "Fedora" and version "29"		-		Affected
Fedoraproject Search vendor "Fedoraproject"		Fedora Search vendor "Fedoraproject" for product "Fedora"				30 Search vendor "Fedoraproject" for product "Fedora" and version "30"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0"		-		Affected
Netapp Search vendor "Netapp"		Ontap Select Deploy Administration Utility Search vendor "Netapp" for product "Ontap Select Deploy Administration Utility"				-		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux"				8.0 Search vendor "Redhat" for product "Enterprise Linux" and version "8.0"		advanced_virtualization		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Desktop Search vendor "Redhat" for product "Enterprise Linux Desktop"				7.0 Search vendor "Redhat" for product "Enterprise Linux Desktop" and version "7.0"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Server Search vendor "Redhat" for product "Enterprise Linux Server"				7.0 Search vendor "Redhat" for product "Enterprise Linux Server" and version "7.0"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Server Aus Search vendor "Redhat" for product "Enterprise Linux Server Aus"				7.6 Search vendor "Redhat" for product "Enterprise Linux Server Aus" and version "7.6"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Server Eus Search vendor "Redhat" for product "Enterprise Linux Server Eus"				7.6 Search vendor "Redhat" for product "Enterprise Linux Server Eus" and version "7.6"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Server Tus Search vendor "Redhat" for product "Enterprise Linux Server Tus"				7.6 Search vendor "Redhat" for product "Enterprise Linux Server Tus" and version "7.6"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Workstation Search vendor "Redhat" for product "Enterprise Linux Workstation"				7.0 Search vendor "Redhat" for product "Enterprise Linux Workstation" and version "7.0"		-		Affected
Opensuse Search vendor "Opensuse"		Leap Search vendor "Opensuse" for product "Leap"				42.3 Search vendor "Opensuse" for product "Leap" and version "42.3"		-		Affected
Apple Search vendor "Apple"		Xcode Search vendor "Apple" for product "Xcode"				< 11.0 Search vendor "Apple" for product "Xcode" and version " < 11.0"		-		Affected
Oracle Search vendor "Oracle"		Peoplesoft Enterprise Peopletools Search vendor "Oracle" for product "Peoplesoft Enterprise Peopletools"				8.56 Search vendor "Oracle" for product "Peoplesoft Enterprise Peopletools" and version "8.56"		-		Affected
Oracle Search vendor "Oracle"		Peoplesoft Enterprise Peopletools Search vendor "Oracle" for product "Peoplesoft Enterprise Peopletools"				8.57 Search vendor "Oracle" for product "Peoplesoft Enterprise Peopletools" and version "8.57"		-		Affected