The vulnerability of the libssh2 library, related to reading beyond the buffer in memory, allows an attacker to cause a service failure or expose protected information.

The vulnerability of the libssh2 library relates to reading data beyond the buffer boundaries in memory. Exploiting this vulnerability can allow a malicious actor to cause service failures or expose sensitive information...

DEBIAN-CVE-2019-3860

An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SFTP packets with empty payloads are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory...

CVE-2019-3856

An integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 before 1.8.1 in the way keyboard prompt requests are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server...

CVE-2019-3857

An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way SSHMSGCHANNELREQUEST packets with an exit signal are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects t...

ALPINE-CVE-2019-3863

A flaw was found in libssh2 before 1.8.1 creating a vulnerability on the SSH client side. A server could send a multiple keyboard interactive response messages whose total length are greater than unsigned char max characters. This value is used by the SSH client as an index to copy memory causing...

UBUNTU-CVE-2019-3863

A flaw was found in libssh2 before 1.8.1 creating a vulnerability on the SSH client side. A server could send a multiple keyboard interactive response messages whose total length are greater than unsigned char max characters. This value is used by the SSH client as an index to copy memory causing...

DEBIAN-CVE-2019-3855

An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server...

DEBIAN-CVE-2019-3859

An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the libssh2packetrequire and libssh2packetrequirev functions. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory...

ALPINE-CVE-2019-3859

An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the libssh2packetrequire and libssh2packetrequirev functions. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory...

CVE-2019-3859

An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the libssh2packetrequire and libssh2packetrequirev functions. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory...

libssh2 out-of-bounds read vulnerability (CNVD-2019-07797)

libssh2 is a client-side C library that implements the SSH2 protocol, which is capable of executing remote commands, file transfers, and providing a secure transmission channel for remote programs. An out-of-bounds read vulnerability exists in libssh2, which can be exploited by a remote attacker...

libssh2 integer overflow vulnerability (CNVD-2019-07799)

libssh2 is a client-side C library that implements the SSH2 protocol, which is capable of executing remote commands, file transfers, and providing a secure transmission channel for remote programs. An integer overflow vulnerability exists in libssh2, which stems from the 'libssh2transportread'...

Security Bulletin: IBM Security Access Manager for Mobile is affected by a vulnerability in libssh2 (CVE-2016-0787)

Summary A vulnerability in libssh2 affects IBM Security Access Manager for Mobile. Vulnerability Details CVEID: CVE-2016-0787 DESCRIPTION: libssh2 could provide weaker than expected security, caused by a type confusion error during the SSHv2 handshake resulting in the generation of a reduced amou...

F5 Networks BIG-IP : libssh2 vulnerability (K21531693)

The diffiehellmansha256 function in kex.c in libssh2 before 1.7.0 improperly truncates secrets to 128 or 256 bits, which makes it easier for man-in-the-middle attackers to decrypt or intercept SSH sessions via unspecified vectors, aka a 'bits/bytes confusion bug.' CVE-2016-0787 C Tenable Network...

DEBIAN-CVE-2016-0787

The diffiehellmansha256 function in kex.c in libssh2 before 1.7.0 improperly truncates secrets to 128 or 256 bits, which makes it easier for man-in-the-middle attackers to decrypt or intercept SSH sessions via unspecified vectors, aka a "bits/bytes confusion bug."...

libssh2 Security Bypass Vulnerability

libssh2 is a client-side C library for implementing the SSH2 protocol. A security vulnerability exists in libssh2 that allows remote attackers to exploit vulnerabilities and cause the SSHv2 Diffie-Hellman handshake to use insecure random parameters...