AVG-926

Package libssh2
Status Fixed
Severity Critical
Type multiple issues
Affected 1.8.0-3
Fixed 1.8.1-1
Current 1.8.2-1 [testing]
1.8.1-1 [core]
Ticket None
Created Wed Mar 20 09:58:28 2019
Issue Severity Remote Type Description
CVE-2019-3863 Critical Yes Arbitrary code execution
An issue has been found in libssh2 before 1.8.1 where a server could send a multiple keyboard interactive response messages whose total length are greater...
CVE-2019-3862 High Yes Information disclosure
An issue has been found in libssh2 before 1.8.1 where a server could send a specially crafted SSH_MSG_CHANNEL_REQUEST packet with an exit status message and...
CVE-2019-3861 High Yes Information disclosure
An issue has been found in libssh2 before 1.8.1 where a server could send a specially crafted SSH packet with a padding length value greater than the packet...
CVE-2019-3860 High Yes Information disclosure
An issue has been found in libssh2 before 1.8.1 where a server could send a specially crafted partial SFTP packet with a empty payload in response to...
CVE-2019-3859 High Yes Information disclosure
An issue has been found in libssh2 before 1.8.1 where a server could send a specially crafted partial packet in response to various commands such as: sha1...
CVE-2019-3858 High Yes Information disclosure
An issue has been found in libssh2 before 1.8.1 where a server could send a specially crafted partial SFTP packet with a zero value for the payload length....
CVE-2019-3857 Critical Yes Arbitrary code execution
An issue has been found in libssh2 before 1.8.1 where a server could send a SSH_MSG_CHANNEL_REQUEST packet with an exit signal message with a length of max...
CVE-2019-3856 Critical Yes Arbitrary code execution
An issue has been found in libssh2 before 1.8.1 where a server could send a value approaching unsigned int max number of keyboard prompt requests which...
CVE-2019-3855 Critical Yes Arbitrary code execution
A out-of-bounds write has been found in libssh2 before 1.8.1, where a malicious server could send a specially crafted packet which could result in an...
Date Advisory Package Description
22 Mar 2019 ASA-201903-12 libssh2 multiple issues
References
https://www.libssh2.org/mail/libssh2-devel-archive-2019-03/0009.shtml