Home

CVE-2019-3856

Description

An integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 before 1.8.1 in the way keyboard prompt requests are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.

Risk Information

Base Score
8.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
4.601

Associated Vulnerability

VulnerabilityOS Platform
Multiple Vulnerabilities are affected in Oracle Corporation PeopleSoft Enterprise PeopleTools 8.56Windows
Multiple Vulnerabilities are affected in Oracle Corporation PeopleSoft Enterprise PeopleTools 8.57Windows
SUSE-SU-2019:0655-1(SUSE Linux Enterprise Desktop 12-SP3 ) libssh2-1-1.4.3-20.3.1.x86_64.rpmLinux
SUSE-SU-2019:0655-1(SUSE Linux Enterprise Desktop 12-SP3 ) libssh2-1-32bit-1.4.3-20.3.1.x86_64.rpmLinux
SUSE-SU-2019:0655-1(SUSE Linux Enterprise Desktop 12-SP3 ) libssh2-1-debuginfo-1.4.3-20.3.1.x86_64.rpmLinux
SUSE-SU-2019:0655-1(SUSE Linux Enterprise Desktop 12-SP3 ) libssh2-1-debuginfo-32bit-1.4.3-20.3.1.x86_64.rpmLinux
SUSE-SU-2019:0655-1(SUSE Linux Enterprise Desktop 12-SP3 ) libssh2_org-debugsource-1.4.3-20.3.1.x86_64.rpmLinux
SUSE-SU-2019:13982-1(SUSE Linux Enterprise Server 11-SP4 ) libssh2-1-1.4.3-17.3.1.i586.rpmLinux
SUSE-SU-2019:13982-1(SUSE Linux Enterprise Server 11-SP4 ) libssh2-1-1.4.3-17.3.1.x86_64.rpmLinux
Libssh2 update (ELSA-2019-1175) libssh2-1.8.0-7.module+el8.0.0+5219+3c0c6858.1.x86_64.rpmLinux
Libssh2 update (ELSA-2019-1652) libssh2-1.4.2-3.0.1.el6_10.1.x86_64.rpmLinux
Libssh2-devel update (ELSA-2019-1652) libssh2-devel-1.4.2-3.0.1.el6_10.1.x86_64.rpmLinux
Libssh2-docs update (ELSA-2019-1652) libssh2-docs-1.4.2-3.0.1.el6_10.1.x86_64.rpmLinux
Libssh2 update (ELSA-2019-1652) libssh2-1.4.2-3.0.1.el6_10.1.i686.rpmLinux
Libssh2-devel update (ELSA-2019-1652) libssh2-devel-1.4.2-3.0.1.el6_10.1.i686.rpmLinux
Libssh2-docs update (ELSA-2019-1652) libssh2-docs-1.4.2-3.0.1.el6_10.1.i686.rpmLinux
Out-of-bounds Write Vulnerability (CVE-2019-3856)NCM

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234