[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2019-13115":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T20:55:29.923Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":34,"aliases":44,"duplicate_of":9,"upstream":45,"downstream":46,"duplicates":61,"related":62,"reserved_at":9,"published_at":63,"modified_at":64,"state":65,"summary":66,"references_raw":73,"kevs":140,"epss":141,"epss_history":144,"metrics":374,"affected":385},"CVE-2019-13115","In libssh2 before 1.9.0, kex_method_diffie_hellman_group_exchange_sha256_key_exchange in kex.c has an integer overflow that could lead to an out-of-bounds read in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server. This is related to an _libssh2_check_length mistake, and is different from the various issues fixed in 1.8.1, such as CVE-2019-3855.",null,[11,23],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":9,"capec":18},"CWE-125","Out-of-bounds Read","The product reads data past the end, or before the beginning, of the intended buffer.","weakness","Draft","Base",[19],{"id":20,"name":21,"techniques":22},"CAPEC-540","Overread Buffers",[],{"_key":24,"id":24,"name":25,"description":26,"type":15,"status":27,"abstraction":17,"likelihood_of_exploit":28,"capec":29},"CWE-190","Integer Overflow or Wraparound","The product performs a calculation that can\n         produce an integer overflow or wraparound when the logic\n         assumes that the resulting value will always be larger than\n         the original value. This occurs when an integer value is\n         incremented to a value that is too large to store in the\n         associated representation. When this occurs, the value may\n         become a very small or negative number.","Stable","Medium",[30],{"id":31,"name":32,"techniques":33},"CAPEC-92","Forced Integer Overflow",[],[35],{"_key":36,"name":37,"source":38,"url":39,"maturity":40,"reliability_score":41,"verified":42,"type":9,"platforms":43,"requires_auth":9,"exploitdb":9,"metasploit":9},"REF_9E64C7BA24529A92","Exploit Reference (blog.semmle.com)","reference","https://blog.semmle.com/libssh2-integer-overflow/","unknown",0.2,false,[],[],[],[47,49,51,53,55,57,59],{"_key":48},"ALPINE-CVE-2019-13115",{"_key":50},"DLA-1730-3",{"_key":52},"DLA-2848-1",{"_key":54},"DLA-3559-1",{"_key":56},"UBUNTU-CVE-2019-13115",{"_key":58},"DEBIAN-CVE-2019-13115",{"_key":60},"USN-5308-1",[],[],"2019-07-16T00:00:00.000Z","2024-08-04T23:41:10.457Z","Modified",{"cisa_kev":42,"cisa_ransomware":42,"cisa_vendor":9,"epss_severity":67,"epss_score":68,"severity":67,"severity_score":69,"severity_version":70,"severity_source":71,"severity_vector":72,"severity_status":65},"high",0.424,8.1,"v3.1","nvd","CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",[74,81,87,91,95,100,104,108,112,116,120,124,128,132,136],{"url":75,"sources":76,"tags":78},"https://github.com/libssh2/libssh2/pull/350",[77,71],"cve.org",[79,80],"Issue Tracking","Third Party Advisory",{"url":82,"sources":83,"tags":84},"https://libssh2.org/changes.html",[77,71],[85,86],"Release Notes","Vendor Advisory",{"url":88,"sources":89,"tags":90},"https://github.com/libssh2/libssh2/compare/02ecf17...42d37aa",[77,71],[80],{"url":39,"sources":92,"tags":93},[77,71],[94,80],"Exploit",{"url":96,"sources":97,"tags":98},"https://lists.debian.org/debian-lts-announce/2019/07/msg00024.html",[77,71],[99,80],"Mailing List",{"url":101,"sources":102,"tags":103},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6LUNHPW64IGCASZ4JQ2J5KDXNZN53DWW/",[77,71],[86],{"url":105,"sources":106,"tags":107},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M7IF3LNHOA75O4WZWIHJLIRMA5LJUED3/",[77,71],[86],{"url":109,"sources":110,"tags":111},"https://security.netapp.com/advisory/ntap-20190806-0002/",[77,71],[80],{"url":113,"sources":114,"tags":115},"https://support.f5.com/csp/article/K13322484",[77,71],[80],{"url":117,"sources":118,"tags":119},"https://support.f5.com/csp/article/K13322484?utm_source=f5support&amp%3Butm_medium=RSS",[77,71],[],{"url":121,"sources":122,"tags":123},"https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E",[77,71],[99],{"url":125,"sources":126,"tags":127},"https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E",[77,71],[99],{"url":129,"sources":130,"tags":131},"https://lists.debian.org/debian-lts-announce/2021/12/msg00013.html",[77,71],[99,80],{"url":133,"sources":134,"tags":135},"http://packetstormsecurity.com/files/172834/libssh2-1.8.2-Out-Of-Bounds-Read.html",[77,71],[],{"url":137,"sources":138,"tags":139},"https://lists.debian.org/debian-lts-announce/2023/09/msg00006.html",[77,71],[99],[],{"date":142,"score":68,"percentile":143},"2026-06-04",0.97525,[145,149,152,154,157,159,161,163,165,168,171,173,175,177,179,183,186,189,191,193,195,198,200,202,205,207,209,211,214,217,219,222,224,226,228,231,233,236,239,242,245,247,249,252,255,258,261,263,266,268,270,272,274,277,280,283,286,288,291,294,297,300,303,306,309,311,314,317,319,322,325,328,331,334,337,340,342,344,346,349,351,353,355,358,360,362,364,366,368,371],{"date":146,"score":147,"percentile":148},"2025-11-04",0.42816,0.97321,{"date":150,"score":147,"percentile":151},"2025-11-05",0.97322,{"date":153,"score":147,"percentile":148},"2025-11-06",{"date":155,"score":147,"percentile":156},"2025-11-07",0.97323,{"date":158,"score":147,"percentile":151},"2025-11-08",{"date":160,"score":147,"percentile":151},"2025-11-09",{"date":162,"score":147,"percentile":151},"2025-11-10",{"date":164,"score":147,"percentile":148},"2025-11-11",{"date":166,"score":147,"percentile":167},"2025-11-12",0.97324,{"date":169,"score":147,"percentile":170},"2025-11-13",0.97325,{"date":172,"score":147,"percentile":170},"2025-11-14",{"date":174,"score":147,"percentile":151},"2025-11-15",{"date":176,"score":147,"percentile":151},"2025-11-16",{"date":178,"score":147,"percentile":156},"2025-11-17",{"date":180,"score":181,"percentile":182},"2025-11-18",0.4894,0.97634,{"date":184,"score":181,"percentile":185},"2025-11-19",0.97635,{"date":187,"score":181,"percentile":188},"2025-11-20",0.97642,{"date":190,"score":147,"percentile":156},"2025-11-21",{"date":192,"score":147,"percentile":167},"2025-11-22",{"date":194,"score":147,"percentile":167},"2025-11-23",{"date":196,"score":147,"percentile":197},"2025-11-24",0.97327,{"date":199,"score":147,"percentile":197},"2025-11-25",{"date":201,"score":147,"percentile":197},"2025-11-26",{"date":203,"score":147,"percentile":204},"2025-11-27",0.97329,{"date":206,"score":147,"percentile":204},"2025-11-28",{"date":208,"score":147,"percentile":197},"2025-11-29",{"date":210,"score":147,"percentile":167},"2025-11-30",{"date":212,"score":147,"percentile":213},"2025-12-01",0.97347,{"date":215,"score":147,"percentile":216},"2025-12-02",0.97348,{"date":218,"score":147,"percentile":216},"2025-12-03",{"date":220,"score":147,"percentile":221},"2025-12-04",0.97326,{"date":223,"score":147,"percentile":221},"2025-12-05",{"date":225,"score":147,"percentile":221},"2025-12-06",{"date":227,"score":147,"percentile":197},"2025-12-07",{"date":229,"score":147,"percentile":230},"2025-12-08",0.97328,{"date":232,"score":147,"percentile":197},"2025-12-09",{"date":234,"score":147,"percentile":235},"2025-12-10",0.97332,{"date":237,"score":147,"percentile":238},"2025-12-11",0.97334,{"date":240,"score":147,"percentile":241},"2025-12-12",0.97335,{"date":243,"score":147,"percentile":244},"2025-12-13",0.97336,{"date":246,"score":147,"percentile":235},"2025-12-14",{"date":248,"score":147,"percentile":241},"2025-12-15",{"date":250,"score":147,"percentile":251},"2025-12-16",0.97338,{"date":253,"score":147,"percentile":254},"2025-12-17",0.97339,{"date":256,"score":147,"percentile":257},"2025-12-18",0.97342,{"date":259,"score":147,"percentile":260},"2025-12-19",0.97343,{"date":262,"score":147,"percentile":257},"2025-12-20",{"date":264,"score":147,"percentile":265},"2025-12-21",0.9734,{"date":267,"score":147,"percentile":254},"2025-12-22",{"date":269,"score":147,"percentile":254},"2025-12-23",{"date":271,"score":147,"percentile":265},"2025-12-24",{"date":273,"score":147,"percentile":257},"2025-12-25",{"date":275,"score":147,"percentile":276},"2025-12-26",0.97344,{"date":278,"score":147,"percentile":279},"2025-12-27",0.97366,{"date":281,"score":147,"percentile":282},"2025-12-28",0.97345,{"date":284,"score":147,"percentile":285},"2025-12-29",0.97346,{"date":287,"score":147,"percentile":285},"2025-12-30",{"date":289,"score":147,"percentile":290},"2025-12-31",0.97349,{"date":292,"score":147,"percentile":293},"2026-01-01",0.97373,{"date":295,"score":147,"percentile":296},"2026-01-02",0.97374,{"date":298,"score":147,"percentile":299},"2026-01-03",0.97372,{"date":301,"score":147,"percentile":302},"2026-01-04",0.97352,{"date":304,"score":147,"percentile":305},"2026-01-05",0.97351,{"date":307,"score":147,"percentile":308},"2026-01-06",0.97354,{"date":310,"score":147,"percentile":308},"2026-01-07",{"date":312,"score":147,"percentile":313},"2026-01-08",0.97356,{"date":315,"score":147,"percentile":316},"2026-01-09",0.97359,{"date":318,"score":147,"percentile":316},"2026-01-10",{"date":320,"score":147,"percentile":321},"2026-01-11",0.97357,{"date":323,"score":147,"percentile":324},"2026-01-12",0.97358,{"date":326,"score":147,"percentile":327},"2026-01-13",0.97361,{"date":329,"score":147,"percentile":330},"2026-01-14",0.97364,{"date":332,"score":147,"percentile":333},"2026-01-15",0.97365,{"date":335,"score":147,"percentile":336},"2026-01-16",0.97367,{"date":338,"score":147,"percentile":339},"2026-01-17",0.97368,{"date":341,"score":147,"percentile":333},"2026-01-18",{"date":343,"score":147,"percentile":336},"2026-01-19",{"date":345,"score":147,"percentile":339},"2026-01-20",{"date":347,"score":147,"percentile":348},"2026-01-21",0.97369,{"date":350,"score":147,"percentile":348},"2026-01-22",{"date":352,"score":147,"percentile":299},"2026-01-23",{"date":354,"score":147,"percentile":293},"2026-01-24",{"date":356,"score":147,"percentile":357},"2026-01-25",0.97371,{"date":359,"score":147,"percentile":299},"2026-01-26",{"date":361,"score":147,"percentile":293},"2026-01-27",{"date":363,"score":147,"percentile":296},"2026-01-28",{"date":365,"score":147,"percentile":296},"2026-01-29",{"date":367,"score":147,"percentile":293},"2026-01-30",{"date":369,"score":147,"percentile":370},"2026-01-31",0.97375,{"date":372,"score":147,"percentile":373},"2026-02-01",0.97397,[375],{"source":71,"cvss_v2_0":376,"cvss_v3_0":9,"cvss_v3_1":381,"cvss_v4_0":9},{"baseScore":377,"baseSeverity":9,"vectorString":378,"impactScore":379,"exploitabilityScore":380},5.8,"AV:N/AC:M/Au:N/C:P/I:N/A:P",4.9,8.6,{"baseScore":69,"baseSeverity":382,"vectorString":72,"impactScore":383,"exploitabilityScore":384},"HIGH",8.7,7.2,[386,397,409,417,424,431,439],{"ecosystem":9,"name":387,"vendor":388,"product":389,"cpe_part":390,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":391},"debian linux","debian","debian_linux","o",[392,395],{"version":393,"is_range":42,"range_type":394,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"8.0","cpe",{"version":396,"is_range":42,"range_type":394,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"9.0",{"ecosystem":9,"name":398,"vendor":399,"product":400,"cpe_part":401,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":402},"traffix systems signaling delivery controller","f5","traffix_systems_signaling_delivery_controller","a",[403],{"version":404,"is_range":405,"range_type":394,"version_start":406,"version_start_type":407,"version_end":408,"version_end_type":407,"fixed_in":9},"gte5.0.0_lte5.1.0",true,"5.0.0","including","5.1.0",{"ecosystem":9,"name":410,"vendor":411,"product":410,"cpe_part":390,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":412},"fedora","fedoraproject",[413,415],{"version":414,"is_range":42,"range_type":394,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"29",{"version":416,"is_range":42,"range_type":394,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"30",{"ecosystem":9,"name":418,"vendor":418,"product":418,"cpe_part":401,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":419},"libssh2",[420],{"version":421,"is_range":405,"range_type":394,"version_start":9,"version_start_type":9,"version_end":422,"version_end_type":423,"fixed_in":9},"lt1.9.0","1.9.0","excluding",{"ecosystem":9,"name":425,"vendor":426,"product":427,"cpe_part":401,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":428},"cloud backup","netapp","cloud_backup",[429],{"version":430,"is_range":42,"range_type":394,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"na",{"ecosystem":9,"name":432,"vendor":426,"product":433,"cpe_part":401,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":434},"e-series santricity os controller","e-series_santricity_os_controller",[435],{"version":436,"is_range":405,"range_type":394,"version_start":437,"version_start_type":407,"version_end":438,"version_end_type":407,"fixed_in":9},"gte11.0.0_lte11.70.1","11.0.0","11.70.1",{"ecosystem":9,"name":440,"vendor":426,"product":441,"cpe_part":401,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":442},"ontap select deploy administration utility","ontap_select_deploy_administration_utility",[443],{"version":430,"is_range":42,"range_type":394,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9}]