Debian LTS: DLA-1730-1 Critical: Libssh2 Integer Overflow Threat
debian lts
March 26, 2019
Several vulnerabilities have recently been discovered in libssh2, a client-side C library implementing the SSH2 protocol
Summary
CVE-2019-3855
An integer overflow flaw which could have lead to an out of bounds
write was discovered in libssh2 in the way packets were read from the
server. A remote attacker who compromised an SSH server could have
been able to execute code on the client system when a user connected
to the server.
CVE-2019-3856
An integer overflow flaw, which could have lead to an out of bounds
write, was discovered in libssh2 in the way keyboard prompt requests
were parsed. A remote attacker who compromised an SSH server could have
been able to execute code on the client system when a user connected
to the server.
CVE-2019-3857
An integer overflow flaw which could have lead to an out of bounds
write was discovered in libssh2 in the way SSH_MSG_CHANNEL_REQUEST
packets with an exit signal were parsed. A remote attacker who
compromises an SSH server could have been able to execute code on the
client system when a user connected to the server.
CVE-2019-3858
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
<pre><font face="Courier">Package: libssh2
Version: 1.4.3-4.1+deb8u2
CVE ID: CVE-2019-3855 CVE-2019-3856 CVE-2019-3857 CVE-2019-3858
Debian Bug: 924965
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!