CVE-2019-3855

CVE Database · CVE-2019-3855

CVE-2019-3855

· HIGHModified

CVSS v3.1

8.8

EPSS

9.22%

Published

Mar 21, 2019

Modified

Nov 21, 2024

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-190CWE-787CWE-190CWE-787

Affected Products (18)

libssh2 · libssh2 (up to 1.8.1)vulnerable

fedoraproject · fedoravulnerable

debian · debian_linuxvulnerable

netapp · ontap_select_deploy_administration_utilityvulnerable

redhat · enterprise_linuxvulnerable

redhat · enterprise_linux_desktopvulnerable

redhat · enterprise_linux_server