PT-2018-3092 · Libssh2+5 · Libssh2+5

Chris Coulson

Publicado

2018-12-03

Atualizado

2024-06-15

CVE-2019-3858

CVSS v2.0

9.4

Crítica

Vetor

AV:N/AC:L/Au:N/C:C/I:N/A:C

Name of the Vulnerable Software and Affected Versions libssh2 versions prior to 1.8.1

Description An out of bounds read flaw was discovered in libssh2 when a specially crafted SFTP packet is received from the server. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.

Recommendations For versions prior to 1.8.1, update to version 1.8.1 or later to resolve the issue. As a temporary workaround, consider restricting access to SSH servers until the update is applied.

Exploit

Correção

DoS

Out of bounds Read

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-130CWE-125

Identificadores relacionados

ALT-PU-2019-1501

BDU:2019-03871

CESA-2019_2136

CVE-2019-3858

DLA-1730-1

DSA-4431-1

MGASA-2019-0139

OPENSUSE-SU-2019:1109-1

OPENSUSE-SU-2019_1075-1

OPENSUSE-SU-2019_1109-1

OPENSUSE-SU-2020:2126-1

OPENSUSE-SU-2020:2129-1

OPENSUSE-SU-2020_2126-1

OPENSUSE-SU-2020_2129-1

OPENSUSE-SU-2024:10999-1

RHSA-2019:2136

RHSA-2019_2136

SUSE-SU-2019:0655-1

SUSE-SU-2019:13982-1

SUSE-SU-2019:13997-1

SUSE-SU-2020:3551-1

USN-5308-1

Produtos afetados

Alt Linux

Centos

Red Hat

Suse

Ubuntu

Libssh2

PT-2018-3092 · Libssh2+5 · Libssh2+5

CVE-2019-3858

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 141