Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2019-3855

Date: March 21, 2019

An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.

Language: C

Severity Score

Related Resources (37)

https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
https://access.redhat.com/errata/RHSA-2019:1175
https://access.redhat.com/errata/RHSA-2019:1791
https://seclists.org/bugtraq/2019/Sep/49
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6LUNHPW64IGCASZ4JQ2J5KDXNZN53DWW/
http://seclists.org/fulldisclosure/2019/Sep/42
https://access.redhat.com/errata/RHSA-2019:1652
http://www.openwall.com/lists/oss-security/2019/03/18/3
https://security-tracker.debian.org/tracker/CVE-2019-3855
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XCWEA5ZCLKRDUK62QVVYMFWLWKOPX3LO/
https://seclists.org/bugtraq/2019/Mar/25
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M7IF3LNHOA75O4WZWIHJLIRMA5LJUED3/
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3855
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/
https://seclists.org/bugtraq/2019/Apr/25
https://access.redhat.com/errata/RHSA-2019:0679
http://packetstormsecurity.com/files/152136/Slackware-Security-Advisory-libssh2-Updates.html
https://access.redhat.com/errata/RHSA-2019:1943
https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html
https://people.canonical.com/~ubuntu-security/cve/CVE-2019-3855
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6LUNHPW64IGCASZ4JQ2J5KDXNZN53DWW/
https://access.redhat.com/errata/RHSA-2019:2399
https://www.libssh2.org/CVE-2019-3855.html
https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-767
http://www.securityfocus.com/bid/107485
https://security.netapp.com/advisory/ntap-20190327-0005/
https://nvd.nist.gov/vuln/detail/CVE-2019-3855
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XCWEA5ZCLKRDUK62QVVYMFWLWKOPX3LO/
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html
https://support.apple.com/kb/HT210609
https://access.redhat.com/security/cve/CVE-2019-3855
http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html
https://security.alpinelinux.org/vuln/CVE-2019-3855
https://www.debian.org/security/2019/dsa-4431
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M7IF3LNHOA75O4WZWIHJLIRMA5LJUED3/
https://www.mend.io/vulnerability-database/CVE-2019-3855

Severity Score

Weakness Type (CWE)

Integer Overflow or Wraparound

CWE-190

Out-of-bounds Write

CWE-787

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): REQUIRED
Scope (S): UNCHANGED
Confidentiality (C): HIGH
Integrity (I): HIGH
Availability (A): HIGH

CVSS v2

Base Score:
Access Vector (AV): NETWORK
Access Complexity (AC): MEDIUM
Authentication (AU): NONE
Confidentiality (C): COMPLETE
Integrity (I): COMPLETE
Availability (A): COMPLETE
Additional information:

Do you need more information?

Contact Us