Home

CVE-2019-3855

Description

An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.

Risk Information

Base Score
8.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
10.006

Associated Vulnerability

VulnerabilityOS Platform
Multiple Vulnerabilities are affected in Oracle Corporation PeopleSoft Enterprise PeopleTools 8.56Windows
Multiple Vulnerabilities are affected in Oracle Corporation PeopleSoft Enterprise PeopleTools 8.57Windows
Vulnerabilities CVE-2019-3855 are affected in Command Line Tools for XCode for Mac 10Mac
Multiple Vulnerabilities are affected in Command Line Tools for XCode for Mac 10Mac
SUSE-SU-2019:0655-1(SUSE Linux Enterprise Desktop 12-SP3 ) libssh2-1-1.4.3-20.3.1.x86_64.rpmLinux
SUSE-SU-2019:0655-1(SUSE Linux Enterprise Desktop 12-SP3 ) libssh2-1-32bit-1.4.3-20.3.1.x86_64.rpmLinux
SUSE-SU-2019:0655-1(SUSE Linux Enterprise Desktop 12-SP3 ) libssh2-1-debuginfo-1.4.3-20.3.1.x86_64.rpmLinux
SUSE-SU-2019:0655-1(SUSE Linux Enterprise Desktop 12-SP3 ) libssh2-1-debuginfo-32bit-1.4.3-20.3.1.x86_64.rpmLinux
SUSE-SU-2019:0655-1(SUSE Linux Enterprise Desktop 12-SP3 ) libssh2_org-debugsource-1.4.3-20.3.1.x86_64.rpmLinux
SUSE-SU-2019:13982-1(SUSE Linux Enterprise Server 11-SP4 ) libssh2-1-1.4.3-17.3.1.i586.rpmLinux
SUSE-SU-2019:13982-1(SUSE Linux Enterprise Server 11-SP4 ) libssh2-1-1.4.3-17.3.1.x86_64.rpmLinux
Libssh2 update (ELSA-2019-1175) libssh2-1.8.0-7.module+el8.0.0+5219+3c0c6858.1.x86_64.rpmLinux
Libssh2 update (ELSA-2019-1652) libssh2-1.4.2-3.0.1.el6_10.1.x86_64.rpmLinux
Libssh2-devel update (ELSA-2019-1652) libssh2-devel-1.4.2-3.0.1.el6_10.1.x86_64.rpmLinux
Libssh2-docs update (ELSA-2019-1652) libssh2-docs-1.4.2-3.0.1.el6_10.1.x86_64.rpmLinux
Libssh2 update (ELSA-2019-1652) libssh2-1.4.2-3.0.1.el6_10.1.i686.rpmLinux
Libssh2-devel update (ELSA-2019-1652) libssh2-devel-1.4.2-3.0.1.el6_10.1.i686.rpmLinux
Libssh2-docs update (ELSA-2019-1652) libssh2-docs-1.4.2-3.0.1.el6_10.1.i686.rpmLinux
Out-of-bounds Write Vulnerability (CVE-2019-3855)NCM

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-607901Command Line Tools for XCode for Mac 15.3 (Deployment-Only)
PATCH-607901Command Line Tools for XCode for Mac 15.3 (Deployment-Only)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234