34 matches found
CLSA-2026-1778788223 libssh2: Fix of 2 CVEs
CVE-2019-3860: bounds-check SFTP packet sizes in sftppacketrequire/v and sftpbin2attr - CVE-2019-3861: bounds-check paddinglength in libssh2transportread...
Siemens SIMATIC S7-1500 Out-of-bounds Read (CVE-2019-3861)
An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH packets with a padding length value greater than the packet length are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory. This plugin on...
Linux Distros Unpatched Vulnerability : CVE-2019-3861
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH packets with a padding length value greater than the packet length are parsed. ...
Ubuntu 16.04 ESM : libssh2 vulnerabilities (USN-5308-1)
The remote Ubuntu 16.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5308-1 advisory. It was discovered that libssh2 mishandled certain input. If libssh2 were used to connect to a malicious or compromised SSH server, a remote,...
SUSE CVE-2019-3861
An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH packets with a padding length value greater than the packet length are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory...
Ubuntu: Security Advisory (USN-5308-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2019:13982-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
libssh2 security update
1.8.0-4 - fix integer overflow in SSHMSGDISCONNECT logic CVE-2019-17498 1.8.0-3 - sanitize public header file detected by rpmdiff 1.8.0-2 - fix integer overflow in keyboard interactive handling that allows out-of-bounds writes CVE-2019-3863 - fix out-of-bounds memory comparison with specially...
Security Bulletin: Multiple security vulnerabilities were fixed in IBM Security Access Manager Appliance (CVE-2019-3861, CVE-019-3858)
Summary Multiple vulnerabilities were fixed in the libssh2 component used by the IBM Security Access Manager Appliance. Vulnerability Details CVEID: CVE-2019-3861 DESCRIPTION: An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH packets with a padding length value...
Huawei EulerOS: Security Advisory for libssh2 (EulerOS-SA-2019-1308)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
NewStart CGSL CORE 5.05 / MAIN 5.05 : libssh2 Multiple Vulnerabilities (NS-SA-2019-0252)
The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has libssh2 packages installed that are affected by multiple vulnerabilities: - An out of bounds read flaw was discovered in libssh2 before 1.8.1 when a specially crafted SFTP packet is received from the server. A remote attack...
Scientific Linux Security Update : libssh2 on SL7.x x86_64 (20190806)
The following packages have been upgraded to a later upstream version: libssh2 1.8.0. Security Fixes : - libssh2: Zero-byte allocation with a specially crafted SFTP packed leading to an out-of-bounds read CVE-2019-3858 - libssh2: Out-of-bounds reads with specially crafted SSH packets CVE-2019-386...
libssh2 security, bug fix, and enhancement update
1.8.0-3 - sanitize public header file detected by rpmdiff 1.8.0-2 - fix integer overflow in keyboard interactive handling that allows out-of-bounds writes CVE-2019-3863 - fix out-of-bounds memory comparison with specially crafted message channel request CVE-2019-3862 - fix out-of-bounds reads wit...
RHEL 7 : libssh2 (RHSA-2019:2136)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:2136 advisory. The libssh2 packages provide a library that implements the SSH2 protocol. The following packages have been upgraded to a later upstream...
Security Bulletin: Vyatta 5600 vRouter Software Patches - Release 1801-z
Summary AT&T has released versions 1801-z for the Vyatta 5600. Details of these releases can be found at https://cloud.ibm.com/docs/infrastructure/virtual-router-appliance?topic=virtual-router-appliance-at-t-vyatta-5600-vrouter-software-patchesat-t-vyatta-5600-vrouter-software-patches Vulnerabili...
EulerOS Virtualization 2.5.3 : libssh2 (EulerOS-SA-2019-1360)
According to the versions of the libssh2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An out of bounds read flaw was discovered in libssh2 when a specially crafted SFTP packet is received from the server. A remote...
Fedora 30 : libssh2 (2019-70a9d4f970)
This update addresses various overflow conditions that could result in possible memory read/write out of bounds errors or zero byte allocations when connected to a malicious server. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update...
Security fix for the ALT Linux 8 package libssh2 version 1.4.3-alt3.M80P.1
1.4.3-alt3.M80P.1 built April 24, 2019 Aleksei Nikiforov in task 227571 April 19, 2019 Aleksei Nikiforov - Fixes: + CVE-2016-0787 Truncated Diffie-Hellman secret length + CVE-2019-3855 Possible integer overflow in transport read allows out-of-bounds write + CVE-2019-3856 Possible integer overflow...
[SECURITY] [DSA 4431-1] libssh2 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4431-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 13, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4431-1] libssh2 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4431-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 13, 2019 https://www.debian.org/security/faq -...