CVE-2019-3860

Description

An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SFTP packets with empty payloads are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.

CVSS Metrics

• v3.0•MEDIUM•Score: 5CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
• v3.0•CRITICAL•Score: 9.1CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
• v2.0•MEDIUM•Score: 6.4AV:N/AC:L/Au:N/C:P/I:N/A:P

EPSS Trends

Current EPSS score: 0.97%• Percentile: 77%

Techniques & Countermeasures

• CWE-125•Out-of-bounds Read

  The product reads data past the end, or before the beginning, of the intended buffer.

Affected Systems

• debian•debian_linux

  8.0

• libssh2•libssh2

  ≥ 0.3, ≤ 1.8.0

• netapp•ontap_select_deploy_administration_utility

  na

• opensuse•leap

  15.0 | 42.3

• the libssh2 project•libssh2

  1.8.1

References (12)

• https://www.libssh2.org/CVE-2019-3860.html
• https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3860
• https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html
• https://security.netapp.com/advisory/ntap-20190327-0005/
• http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html
• http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/
• https://www.debian.org/security/2019/dsa-4431
• https://seclists.org/bugtraq/2019/Apr/25
• http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00072.html
• https://lists.debian.org/debian-lts-announce/2019/07/msg00028.html
• https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html