CVE-2019-3858

CVE Database · CVE-2019-3858

CVE-2019-3858

· N/AModified

CVSS v3.1

N/A

EPSS

6.45%

Published

Mar 21, 2019

Modified

Nov 21, 2024

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

An out of bounds read flaw was discovered in libssh2 before 1.8.1 when a specially crafted SFTP packet is received from the server. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.

Weaknesses (CWE)

CWE-125CWE-125

Affected Products (6)

libssh2 · libssh2 (up to 1.8.1)vulnerable

fedoraproject · fedoravulnerable

debian · debian_linuxvulnerable

netapp · ontap_select_deploy_administration_utilityvulnerable

opensuse · leapvulnerable

References (20)

http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html