SB2024112806 - Multiple vulnerabilities in F5 BIG-IQ Centralized Management libssh2 component 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2024112806

SB2024112806 - Multiple vulnerabilities in F5 BIG-IQ Centralized Management libssh2 component

Published: November 28, 2024

Security Bulletin ID SB2024112806
Severity
Medium
Patch available
NO
Number of vulnerabilities 2
Exploitation vector Remote access
Highest impact Denial of service

Breakdown by Severity

Medium 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.


1) Out-of-bounds read (CVE-ID: CVE-2019-3858)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition when processing SFTP packets. A remote attacker can trick the victim to connect to a malicious SSH server, trigger out-of-bounds read error and read contents of memory or crash the affected application.


2) Out-of-bounds read (CVE-ID: CVE-2019-3862)

The vulnerability allows a remote attacker to gain access to potentially sensitive information or perform denial of service (DoS) attack.

The vulnerability exists due to a boundary condition when SSH_MSG_CHANNEL_REQUEST packets with an exit status message and no payload are parsed. A remote attacker can trick the victim to connect to a malicious SSH server, trigger out of bounds read and gain access to sensitive information or perform denial of service attack.


Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References