9.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.046 Low
EPSS
Percentile
92.5%
Severity: Critical
Date : 2019-03-22
CVE-ID : CVE-2019-3855 CVE-2019-3856 CVE-2019-3857 CVE-2019-3858
CVE-2019-3859 CVE-2019-3860 CVE-2019-3861 CVE-2019-3862
CVE-2019-3863
Package : libssh2
Type : multiple issues
Remote : Yes
Link : https://security.archlinux.org/AVG-926
The package libssh2 before version 1.8.1-1 is vulnerable to multiple
issues including arbitrary code execution and information disclosure.
Upgrade to 1.8.1-1.
The problems have been fixed upstream in version 1.8.1.
None.
A out-of-bounds write has been found in libssh2 before 1.8.1, where a
malicious server could send a specially crafted packet which could
result in an unchecked integer overflow. The value would then be used
to allocate memory causing a possible memory write out of bounds error.
An issue has been found in libssh2 before 1.8.1 where a server could
send a value approaching unsigned int max number of keyboard prompt
requests which could result in an unchecked integer overflow. The value
would then be used to allocate memory causing a possible memory write
out of bounds error.
An issue has been found in libssh2 before 1.8.1 where a server could
send a SSH_MSG_CHANNEL_REQUEST packet with an exit signal message with
a length of max unsigned integer value. The length would then have a
value of 1 added to it and used to allocate memory causing a possible
memory write out of bounds error or zero byte allocation.
An issue has been found in libssh2 before 1.8.1 where a server could
send a specially crafted partial SFTP packet with a zero value for the
payload length. This zero value would be used to then allocate memory
resulting in a zero byte allocation and possible out of bounds read.
An issue has been found in libssh2 before 1.8.1 where a server could
send a specially crafted partial packet in response to various commands
such as: sha1 and sha226 key exchange, user auth list, user auth
password response, public key auth response, channel
startup/open/forward/ setenv/request pty/x11 and session start up. The
result would be a memory out of bounds read.
An issue has been found in libssh2 before 1.8.1 where a server could
send a specially crafted partial SFTP packet with a empty payload in
response to various SFTP commands such as read directory, file status,
status vfs and symlink. The result would be a memory out of bounds
read.
An issue has been found in libssh2 before 1.8.1 where a server could
send a specially crafted SSH packet with a padding length value greater
than the packet length. This would result in a buffer read out of
bounds when decompressing the packet or result in a corrupted packet
value.
An issue has been found in libssh2 before 1.8.1 where a server could
send a specially crafted SSH_MSG_CHANNEL_REQUEST packet with an exit
status message and no payload. This would result in an out of bounds
memory comparison.
An issue has been found in libssh2 before 1.8.1 where a server could
send a multiple keyboard interactive response messages whose total
length are greater than unsigned char max characters. This value is
used as an index to copy memory causing in an out of bounds memory
write error.
A malicious server could access sensitive information or execute
arbitrary code on a vulnerable client.
https://www.libssh2.org/mail/libssh2-devel-archive-2019-03/0009.shtml
https://www.libssh2.org/CVE-2019-3855.html
https://libssh2.org/1.8.0-CVE/CVE-2019-3855.patch
https://www.libssh2.org/CVE-2019-3856.html
https://libssh2.org/1.8.0-CVE/CVE-2019-3856.patch
https://www.libssh2.org/CVE-2019-3857.html
https://libssh2.org/1.8.0-CVE/CVE-2019-3857.patch
https://www.libssh2.org/CVE-2019-3858.html
https://libssh2.org/1.8.0-CVE/CVE-2019-3858.patch
https://www.libssh2.org/CVE-2019-3859.html
https://libssh2.org/1.8.0-CVE/CVE-2019-3859.patch
https://www.libssh2.org/CVE-2019-3860.html
https://libssh2.org/1.8.0-CVE/CVE-2019-3860.patch
https://www.libssh2.org/CVE-2019-3861.html
https://libssh2.org/1.8.0-CVE/CVE-2019-3861.patch
https://www.libssh2.org/CVE-2019-3862.html
https://libssh2.org/1.8.0-CVE/CVE-2019-3862.patch
https://www.libssh2.org/CVE-2019-3863.html
https://libssh2.org/1.8.0-CVE/CVE-2019-3863.patch
https://security.archlinux.org/CVE-2019-3855
https://security.archlinux.org/CVE-2019-3856
https://security.archlinux.org/CVE-2019-3857
https://security.archlinux.org/CVE-2019-3858
https://security.archlinux.org/CVE-2019-3859
https://security.archlinux.org/CVE-2019-3860
https://security.archlinux.org/CVE-2019-3861
https://security.archlinux.org/CVE-2019-3862
https://security.archlinux.org/CVE-2019-3863
libssh2.org/1.8.0-CVE/CVE-2019-3855.patch
libssh2.org/1.8.0-CVE/CVE-2019-3856.patch
libssh2.org/1.8.0-CVE/CVE-2019-3857.patch
libssh2.org/1.8.0-CVE/CVE-2019-3858.patch
libssh2.org/1.8.0-CVE/CVE-2019-3859.patch
libssh2.org/1.8.0-CVE/CVE-2019-3860.patch
libssh2.org/1.8.0-CVE/CVE-2019-3861.patch
libssh2.org/1.8.0-CVE/CVE-2019-3862.patch
libssh2.org/1.8.0-CVE/CVE-2019-3863.patch
security.archlinux.org/AVG-926
security.archlinux.org/CVE-2019-3855
security.archlinux.org/CVE-2019-3856
security.archlinux.org/CVE-2019-3857
security.archlinux.org/CVE-2019-3858
security.archlinux.org/CVE-2019-3859
security.archlinux.org/CVE-2019-3860
security.archlinux.org/CVE-2019-3861
security.archlinux.org/CVE-2019-3862
security.archlinux.org/CVE-2019-3863
www.libssh2.org/CVE-2019-3855.html
www.libssh2.org/CVE-2019-3856.html
www.libssh2.org/CVE-2019-3857.html
www.libssh2.org/CVE-2019-3858.html
www.libssh2.org/CVE-2019-3859.html
www.libssh2.org/CVE-2019-3860.html
www.libssh2.org/CVE-2019-3861.html
www.libssh2.org/CVE-2019-3862.html
www.libssh2.org/CVE-2019-3863.html
www.libssh2.org/mail/libssh2-devel-archive-2019-03/0009.shtml
9.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.046 Low
EPSS
Percentile
92.5%