Lucene search

Veracode Vulnerability DatabaseVERACODE:13473

HistoryMar 19, 2019 - 3:07 a.m.

Denial Of Service (DoS)

2019-03-1903:07:42

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P

JSON

libssh2.so is vulnerable to denial of service. A malicious server is able to crash the process by sending a malicious SFTP packet with zero value for the payload length, causing zero-byte allocation that results in an out-of-bounds read.

CPENameOperatorVersion
libssh2.sole1.0.1-1
libssh2eq1.4.3__12.el7
libssh2eq1.4.3__12.el7_6.3
libssh2eq1.4.3__12.el7_6.2
libssh2le1.4.3.3

Name	Operator	Version
libssh2.so	le	1.0.1-1
libssh2	eq	1.4.3__12.el7
libssh2	eq	1.4.3__12.el7_6.3
libssh2	eq	1.4.3__12.el7_6.2
libssh2	le	1.4.3.3

References

github.com/libssh2/libssh2/commit/f15b1e297f72882214988101ccdc5e6ad30d7e6e

www.libssh2.org/CVE-2019-3858.html

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P

JSON

Related for VERACODE:13473