Main Vulnerability Database Vulnerabilities #VU18254

#VU18254 Out-of-bounds write in libssh2 - CVE-2019-3863

Published: April 15, 2019

Vulnerability identifier: #VU18254

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2019-3863

CWE-ID: CWE-787

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
libssh2

Software vendor:
libssh2.org

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing total length of multiple keyboard interactive response messages that exceeds the value of unsigned char max characters. A remote attacker can trick the victim to connect to a malicious SSH server, trigger our of bounds write and execute arbitrary code on the system with privileges of the user, running the affected application.

Remediation

Install updates from vendor's website.

External links

https://www.libssh2.org/CVE-2019-3863.html

#VU18254 Out-of-bounds write in libssh2 - CVE-2019-3863

Description

Remediation

External links

Please verify you're human