libssh2

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description A library implementing the SSH2 protocol as defined by Internet Drafts
Version 1.11.0-1 [core]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-1690 1.9.0-2 1.9.0-3 Medium Fixed FS#70009
AVG-926 1.8.0-3 1.8.1-1 Critical Fixed
Issue Group Severity Remote Type Description
CVE-2019-17498 AVG-1690 Medium Yes Information disclosure 
An out-of-bounds read has been found in libssh2 <= 1.9.0, when libssh2 is used to connect to a malicious server, leading to denial of service or information...
CVE-2019-3863 AVG-926 Critical Yes Arbitrary code execution 
An issue has been found in libssh2 before 1.8.1 where a server could send a multiple keyboard interactive response messages whose total length are greater...
CVE-2019-3862 AVG-926 High Yes Information disclosure 
An issue has been found in libssh2 before 1.8.1 where a server could send a specially crafted SSH_MSG_CHANNEL_REQUEST packet with an exit status message and...
CVE-2019-3861 AVG-926 High Yes Information disclosure 
An issue has been found in libssh2 before 1.8.1 where a server could send a specially crafted SSH packet with a padding length value greater than the packet...
CVE-2019-3860 AVG-926 High Yes Information disclosure 
An issue has been found in libssh2 before 1.8.1 where a server could send a specially crafted partial SFTP packet with a empty payload in response to...
CVE-2019-3859 AVG-926 High Yes Information disclosure 
An issue has been found in libssh2 before 1.8.1 where a server could send a specially crafted partial packet in response to various commands such as: sha1...
CVE-2019-3858 AVG-926 High Yes Information disclosure 
An issue has been found in libssh2 before 1.8.1 where a server could send a specially crafted partial SFTP packet with a zero value for the payload length....
CVE-2019-3857 AVG-926 Critical Yes Arbitrary code execution 
An issue has been found in libssh2 before 1.8.1 where a server could send a SSH_MSG_CHANNEL_REQUEST packet with an exit signal message with a length of max...
CVE-2019-3856 AVG-926 Critical Yes Arbitrary code execution 
An issue has been found in libssh2 before 1.8.1 where a server could send a value approaching unsigned int max number of keyboard prompt requests which...
CVE-2019-3855 AVG-926 Critical Yes Arbitrary code execution 
A out-of-bounds write has been found in libssh2 before 1.8.1, where a malicious server could send a specially crafted packet which could result in an...

Advisories

Date Advisory Group Severity Type
22 Mar 2019 ASA-201903-12 AVG-926 Critical multiple issues