UBUNTU-CVE-2019-13115
Advisory lineage Upstream: 1 Downstream: 1
Upstream
Downstream
Published: 16 Jul 2019, 18:15
Last modified:22 Apr 2026, 12:08
Vulnerability Summary
Overall Risk (default)
medium
32/100 CVSS Score
8.1 HIGH
3.1 (osv_ubuntu)
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
16 Jul 2019, 18:15
Published
Vulnerability first disclosed
22 Apr 2026, 12:08
Last Modified
Vulnerability information updated
Description
In libssh2 before 1.9.0, kex_method_diffie_hellman_group_exchange_sha256_key_exchange in kex.c has an integer overflow that could lead to an out-of-bounds read in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server. This is related to an _libssh2_check_length mistake, and is different from the various issues fixed in 1.8.1, such as CVE-2019-3855.
CVSS Metrics
- v3.1•HIGH•Score: 8.1CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
Affected Systems
- ubuntu•libssh2
< 1.4.3-2ubuntu0.2+esm2 | < 1.5.0-2ubuntu0.1+esm1 | all | all