Home > Vulnerability Database > CVE-2019-3855

Mend.io Vulnerability Database

CVE-2019-3855

Good to know:

Date: March 21, 2019

An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.

Language: C

Severity Score

8.8

Related Resources (34)

Url: https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

Url: https://access.redhat.com/errata/RHSA-2019:1175

Url: https://access.redhat.com/errata/RHSA-2019:1791

Url: https://seclists.org/bugtraq/2019/Sep/49

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6LUNHPW64IGCASZ4JQ2J5KDXNZN53DWW/

Url: http://seclists.org/fulldisclosure/2019/Sep/42

Url: https://access.redhat.com/errata/RHSA-2019:1652

Url: http://www.openwall.com/lists/oss-security/2019/03/18/3

Url: https://security-tracker.debian.org/tracker/CVE-2019-3855

Url: https://seclists.org/bugtraq/2019/Mar/25

Url: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3855

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/

Url: https://seclists.org/bugtraq/2019/Apr/25

Url: https://access.redhat.com/errata/RHSA-2019:0679

Url: http://packetstormsecurity.com/files/152136/Slackware-Security-Advisory-libssh2-Updates.html

Url: https://access.redhat.com/errata/RHSA-2019:1943

Url: https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2019-3855

Url: https://access.redhat.com/errata/RHSA-2019:2399

Url: https://www.libssh2.org/CVE-2019-3855.html

Url: https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-767

Url: http://www.securityfocus.com/bid/107485

Url: https://security.netapp.com/advisory/ntap-20190327-0005/

Url: https://nvd.nist.gov/vuln/detail/CVE-2019-3855

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XCWEA5ZCLKRDUK62QVVYMFWLWKOPX3LO/

Url: http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html

Url: https://support.apple.com/kb/HT210609

Url: https://access.redhat.com/security/cve/CVE-2019-3855

Url: http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html

Url: https://security.alpinelinux.org/vuln/CVE-2019-3855

Url: https://www.debian.org/security/2019/dsa-4431

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M7IF3LNHOA75O4WZWIHJLIRMA5LJUED3/

Url: https://www.mend.io/resources/blog/top-5-new-open-source-security-vulnerabilities-in-march-2019

Url: https://www.mend.io/vulnerability-database/CVE-2019-3855

Severity Score

8.8

Weakness Type (CWE)

Integer Overflow or Wraparound

CWE-190

Out-of-bounds Write

CWE-787

Top Fix

Upgrade Version

Upgrade to version 1.8.1

Learn More

CVSS v3.1

Base Score:	8.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

CVSS v2

Base Score:	9.3
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	COMPLETE
Integrity (I):	COMPLETE
Availability (A):	COMPLETE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2019-3855

Good to know:

Date: March 21, 2019

Language: C

Severity Score

Related Resources (34)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?