CVE-2019-3858 log
Source |
|
Severity | High |
Remote | Yes |
Type | Information disclosure |
Description | An issue has been found in libssh2 before 1.8.1 where a server could send a specially crafted partial SFTP packet with a zero value for the payload length. This zero value would be used to then allocate memory resulting in a zero byte allocation and possible out of bounds read. |
Group | Package | Affected | Fixed | Severity | Status | Ticket |
---|---|---|---|---|---|---|
AVG-926 | libssh2 | 1.8.0-3 | 1.8.1-1 | Critical | Fixed |
Date | Advisory | Group | Package | Severity | Type |
---|---|---|---|---|---|
22 Mar 2019 | ASA-201903-12 | AVG-926 | libssh2 | Critical | multiple issues |
References |
---|
https://www.libssh2.org/CVE-2019-3858.html https://libssh2.org/1.8.0-CVE/CVE-2019-3858.patch |