Vulnerability CVE-2019-3855: Information
Description
An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Published: March 22, 2019
Modified: Nov. 7, 2023
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
libssh2 | sisyphus | 1.8.1-alt1 | 1.11.0-alt2 | ALT-PU-2019-1501-1 | 225575 | Fixed |
libssh2 | p10 | 1.8.1-alt1 | 1.11.0-alt2 | ALT-PU-2019-1501-1 | 225575 | Fixed |
libssh2 | p9 | 1.8.1-alt1 | 1.9.0-alt2 | ALT-PU-2019-1501-1 | 225575 | Fixed |
libssh2 | p8 | 1.4.3-alt3.M80P.1 | 1.4.3-alt3.M80P.1 | ALT-PU-2019-1729-1 | 227571 | Fixed |
libssh2 | c10f1 | 1.8.1-alt1 | 1.11.0-alt2 | ALT-PU-2019-1501-1 | 225575 | Fixed |
libssh2 | c9f2 | 1.8.1-alt1 | 1.11.0-alt2 | ALT-PU-2019-1501-1 | 225575 | Fixed |