Integer overflow

2019-03-2519:29:00

PRIOn knowledge base

www.prio-n.com

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.5 High

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

71.0%

JSON

An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit signal are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.

CPENameOperatorVersion
debian_linuxeq8.0
debian_linuxeq9.0
fedoraeq28
libssh2ge1.2.8
libssh2le1.8.0
leapeq42.3
leapeq15.0
peoplesoft_enterprise_peopletoolseq8.56
peoplesoft_enterprise_peopletoolseq8.57
enterprise_linuxeq8.0

Name	Operator	Version
debian_linux	eq	8.0
debian_linux	eq	9.0
fedora	eq	28
libssh2	ge	1.2.8
libssh2	le	1.8.0
leap	eq	42.3
leap	eq	15.0
peoplesoft_enterprise_peopletools	eq	8.56
peoplesoft_enterprise_peopletools	eq	8.57
enterprise_linux	eq	8.0