Log

CVE-2019-3856 created at 25 Sep 2019 19:31:40
Severity
+ Critical
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ An issue has been found in libssh2 before 1.8.1 where a server could send a value approaching unsigned int max number of keyboard prompt requests which could result in an unchecked integer overflow. The value would then be used to allocate memory causing a possible memory write out of bounds error.
References
+ https://www.libssh2.org/CVE-2019-3856.html
+ https://libssh2.org/1.8.0-CVE/CVE-2019-3856.patch
Notes
CVE-2019-3857 created at 25 Sep 2019 19:31:40
Severity
+ Critical
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ An issue has been found in libssh2 before 1.8.1 where a server could send a SSH_MSG_CHANNEL_REQUEST packet with an exit signal message with a length of max unsigned integer value. The length would then have a value of 1 added to it and used to allocate memory causing a possible memory write out of bounds error or zero byte allocation.
References
+ https://www.libssh2.org/CVE-2019-3857.html
+ https://libssh2.org/1.8.0-CVE/CVE-2019-3857.patch
Notes
CVE-2019-3858 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Remote
Type
+ Information disclosure
Description
+ An issue has been found in libssh2 before 1.8.1 where a server could send a specially crafted partial SFTP packet with a zero value for the payload length. This zero value would be used to then allocate memory resulting in a zero byte allocation and possible out of bounds read.
References
+ https://www.libssh2.org/CVE-2019-3858.html
+ https://libssh2.org/1.8.0-CVE/CVE-2019-3858.patch
Notes
CVE-2019-3859 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Remote
Type
+ Information disclosure
Description
+ An issue has been found in libssh2 before 1.8.1 where a server could send a specially crafted partial packet in response to various commands such as: sha1 and sha226 key exchange, user auth list, user auth password response, public key auth response, channel startup/open/forward/ setenv/request pty/x11 and session start up. The result would be a memory out of bounds read.
References
+ https://www.libssh2.org/CVE-2019-3859.html
+ https://libssh2.org/1.8.0-CVE/CVE-2019-3859.patch
Notes
CVE-2019-3860 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Remote
Type
+ Information disclosure
Description
+ An issue has been found in libssh2 before 1.8.1 where a server could send a specially crafted partial SFTP packet with a empty payload in response to various SFTP commands such as read directory, file status, status vfs and symlink. The result would be a memory out of bounds read.
References
+ https://www.libssh2.org/CVE-2019-3860.html
+ https://libssh2.org/1.8.0-CVE/CVE-2019-3860.patch
Notes
CVE-2019-3861 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Remote
Type
+ Information disclosure
Description
+ An issue has been found in libssh2 before 1.8.1 where a server could send a specially crafted SSH packet with a padding length value greater than the packet length. This would result in a buffer read out of bounds when decompressing the packet or result in a corrupted packet value.
References
+ https://www.libssh2.org/CVE-2019-3861.html
+ https://libssh2.org/1.8.0-CVE/CVE-2019-3861.patch
Notes
CVE-2019-3862 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Remote
Type
+ Information disclosure
Description
+ An issue has been found in libssh2 before 1.8.1 where a server could send a specially crafted SSH_MSG_CHANNEL_REQUEST packet with an exit status message and no payload. This would result in an out of bounds memory comparison.
References
+ https://www.libssh2.org/CVE-2019-3862.html
+ https://libssh2.org/1.8.0-CVE/CVE-2019-3862.patch
Notes
CVE-2019-3863 created at 25 Sep 2019 19:31:40
Severity
+ Critical
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ An issue has been found in libssh2 before 1.8.1 where a server could send a multiple keyboard interactive response messages whose total length are greater than unsigned char max characters. This value is used as an index to copy memory causing in an out of bounds memory write error.
References
+ https://www.libssh2.org/CVE-2019-3863.html
+ https://libssh2.org/1.8.0-CVE/CVE-2019-3863.patch
Notes
CVE-2019-3871 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Remote
Type
+ Insufficient validation
Description
+ An issue has been found in PowerDNS Authoritative Server before 4.1.7, when the HTTP remote backend is used in RESTful mode (without post=1 set), allowing a remote user to cause the HTTP backend to connect to an attacker-specified host instead of the configured one, via a crafted DNS query. This can be used to cause a denial of service by preventing the remote backend from getting a response, content spoofing if the attacker can time its own query so that subsequent queries will use an attacker-controlled HTTP server instead of the configured one, and possibly information disclosure if the Authoritative Server has access to internal servers.
References
+ https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-2019-03.html
+ https://github.com/PowerDNS/pdns/issues/7573
+ https://github.com/PowerDNS/pdns/pull/7577
Notes
CVE-2019-5435 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ libcurl before 7.65.0 contains two integer overflows in the curl_url_set() function that if triggered, can lead to a too small buffer allocation and a subsequent heap buffer overflow. The flaws only exist on 32 bit architectures and require excessive string input lengths.
References
+ https://curl.haxx.se/docs/CVE-2019-5435.html
+ https://github.com/curl/curl/commit/5fc28510a4664f4
Notes