CVE-2019-3863

Source
Severity Critical
Remote Yes
Type Arbitrary code execution
Description
An issue has been found in libssh2 before 1.8.1 where a server could send a multiple keyboard interactive response messages whose total length are greater than unsigned char max characters. This value is used as an index to copy memory causing in an out of bounds memory write error.
Group Package Affected Fixed Severity Status Ticket
AVG-926 libssh2 1.8.0-3 1.8.1-1 Critical Fixed
Date Advisory Group Package Severity Description
22 Mar 2019 ASA-201903-12 AVG-926 libssh2 Critical multiple issues
References
https://www.libssh2.org/CVE-2019-3863.html
https://libssh2.org/1.8.0-CVE/CVE-2019-3863.patch