Vulnerability-Lookup

CVE-2019-3862 (GCVE-0-2019-3862)

Vulnerability from cvelistv5 – Published: 2019-03-20 21:39 – Updated: 2024-08-04 19:19

Summary

An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit status message and no payload are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.

Severity

7.3 (High)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE

CWE-130

Assigner

redhat

References

18 references

URL	Tags
http://www.openwall.com/lists/oss-security/2019/03/18/3	mailing-listx_refsource_MLIST
https://seclists.org/bugtraq/2019/Mar/25	mailing-listx_refsource_BUGTRAQ
https://www.libssh2.org/CVE-2019-3862.html	x_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2…	x_refsource_CONFIRM
http://packetstormsecurity.com/files/152136/Slack…	x_refsource_MISC
http://www.securityfocus.com/bid/107485	vdb-entryx_refsource_BID
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
https://www.broadcom.com/support/fibre-channel-ne…	x_refsource_CONFIRM
https://lists.debian.org/debian-lts-announce/2019…	mailing-listx_refsource_MLIST
https://security.netapp.com/advisory/ntap-2019032…	x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
https://www.debian.org/security/2019/dsa-4431	vendor-advisoryx_refsource_DEBIAN
https://seclists.org/bugtraq/2019/Apr/25	mailing-listx_refsource_BUGTRAQ
https://access.redhat.com/errata/RHSA-2019:1884	vendor-advisoryx_refsource_REDHAT
https://www.oracle.com/technetwork/security-advis…	x_refsource_MISC
https://www.oracle.com/security-alerts/cpujan2020.html	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
The libssh2 Project	libssh2	Affected: 1.8.1

Date Public

2019-03-13 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T19:19:18.615Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[oss-security] 20190318 [SECURITY ADVISORIES] libssh2",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2019/03/18/3"
          },
          {
            "name": "20190319 [slackware-security] libssh2 (SSA:2019-077-01)",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2019/Mar/25"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.libssh2.org/CVE-2019-3862.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3862"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/152136/Slackware-Security-Advisory-libssh2-Updates.html"
          },
          {
            "name": "107485",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/107485"
          },
          {
            "name": "FEDORA-2019-f31c14682f",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XCWEA5ZCLKRDUK62QVVYMFWLWKOPX3LO/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-767"
          },
          {
            "name": "[debian-lts-announce] 20190326 [SECURITY] [DLA 1730-1] libssh2 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20190327-0005/"
          },
          {
            "name": "openSUSE-SU-2019:1075",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html"
          },
          {
            "name": "openSUSE-SU-2019:1109",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html"
          },
          {
            "name": "FEDORA-2019-3348cb4934",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/"
          },
          {
            "name": "DSA-4431",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2019/dsa-4431"
          },
          {
            "name": "20190415 [SECURITY] [DSA 4431-1] libssh2 security update",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2019/Apr/25"
          },
          {
            "name": "RHSA-2019:1884",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:1884"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "libssh2",
          "vendor": "The libssh2 Project",
          "versions": [
            {
              "status": "affected",
              "version": "1.8.1"
            }
          ]
        }
      ],
      "datePublic": "2019-03-13T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit status message and no payload are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-130",
              "description": "CWE-130",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-01-15T19:15:26.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "[oss-security] 20190318 [SECURITY ADVISORIES] libssh2",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2019/03/18/3"
        },
        {
          "name": "20190319 [slackware-security] libssh2 (SSA:2019-077-01)",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2019/Mar/25"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.libssh2.org/CVE-2019-3862.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3862"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/152136/Slackware-Security-Advisory-libssh2-Updates.html"
        },
        {
          "name": "107485",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/107485"
        },
        {
          "name": "FEDORA-2019-f31c14682f",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XCWEA5ZCLKRDUK62QVVYMFWLWKOPX3LO/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-767"
        },
        {
          "name": "[debian-lts-announce] 20190326 [SECURITY] [DLA 1730-1] libssh2 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20190327-0005/"
        },
        {
          "name": "openSUSE-SU-2019:1075",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html"
        },
        {
          "name": "openSUSE-SU-2019:1109",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html"
        },
        {
          "name": "FEDORA-2019-3348cb4934",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/"
        },
        {
          "name": "DSA-4431",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2019/dsa-4431"
        },
        {
          "name": "20190415 [SECURITY] [DSA 4431-1] libssh2 security update",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2019/Apr/25"
        },
        {
          "name": "RHSA-2019:1884",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:1884"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2019-3862",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "libssh2",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "1.8.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "The libssh2 Project"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit status message and no payload are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory."
            }
          ]
        },
        "impact": {
          "cvss": [
            [
              {
                "vectorString": "7.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            ]
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-130"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[oss-security] 20190318 [SECURITY ADVISORIES] libssh2",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2019/03/18/3"
            },
            {
              "name": "20190319 [slackware-security] libssh2 (SSA:2019-077-01)",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2019/Mar/25"
            },
            {
              "name": "https://www.libssh2.org/CVE-2019-3862.html",
              "refsource": "MISC",
              "url": "https://www.libssh2.org/CVE-2019-3862.html"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3862",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3862"
            },
            {
              "name": "http://packetstormsecurity.com/files/152136/Slackware-Security-Advisory-libssh2-Updates.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/152136/Slackware-Security-Advisory-libssh2-Updates.html"
            },
            {
              "name": "107485",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/107485"
            },
            {
              "name": "FEDORA-2019-f31c14682f",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XCWEA5ZCLKRDUK62QVVYMFWLWKOPX3LO/"
            },
            {
              "name": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-767",
              "refsource": "CONFIRM",
              "url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-767"
            },
            {
              "name": "[debian-lts-announce] 20190326 [SECURITY] [DLA 1730-1] libssh2 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20190327-0005/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20190327-0005/"
            },
            {
              "name": "openSUSE-SU-2019:1075",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html"
            },
            {
              "name": "openSUSE-SU-2019:1109",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html"
            },
            {
              "name": "FEDORA-2019-3348cb4934",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/"
            },
            {
              "name": "DSA-4431",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2019/dsa-4431"
            },
            {
              "name": "20190415 [SECURITY] [DSA 4431-1] libssh2 security update",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2019/Apr/25"
            },
            {
              "name": "RHSA-2019:1884",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:1884"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2019-3862",
    "datePublished": "2019-03-20T21:39:52.000Z",
    "dateReserved": "2019-01-03T00:00:00.000Z",
    "dateUpdated": "2024-08-04T19:19:18.615Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2019-3862",
      "date": "2026-05-29",
      "epss": "0.06559",
      "percentile": "0.91284"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2019-3862\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2019-03-21T16:01:04.967\",\"lastModified\":\"2024-11-21T04:42:44.617\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit status message and no payload are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.\"},{\"lang\":\"es\",\"value\":\"Se ha descubierto un error de lectura fuera de l\u00edmites en libssh2, en versiones anteriores a la 1.8.1, en la forma en la que se analizan los paquetes SSH_MSG_CHANNEL_REQUEST con un mensaje de estado de salida y sin carga \u00fatil. Un atacante remoto que comprometa un servidor SSH podr\u00eda ser capaz de provocar una denegaci\u00f3n de servicio o una lectura de datos en la memoria del cliente.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\",\"baseScore\":7.3,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":3.9,\"impactScore\":3.4},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\",\"baseScore\":9.1,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.2}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:P\",\"baseScore\":6.4,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-130\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-125\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libssh2:libssh2:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.8.1\",\"matchCriteriaId\":\"23E074D8-B71C-4C02-9383-F419F9C6EFB2\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D100F7CE-FC64-4CC6-852A-6136D72DA419\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E7CF3019-975D-40BB-A8A4-894E62BD3797\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5F65DAB0-3DAD-49FF-BC73-3581CC3D5BF3\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://packetstormsecurity.com/files/152136/Slackware-Security-Advisory-libssh2-Updates.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2019/03/18/3\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/107485\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:1884\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3862\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XCWEA5ZCLKRDUK62QVVYMFWLWKOPX3LO/\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://seclists.org/bugtraq/2019/Apr/25\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://seclists.org/bugtraq/2019/Mar/25\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20190327-0005/\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-767\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2019/dsa-4431\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://www.libssh2.org/CVE-2019-3862.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujan2020.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://packetstormsecurity.com/files/152136/Slackware-Security-Advisory-libssh2-Updates.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2019/03/18/3\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/107485\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:1884\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3862\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XCWEA5ZCLKRDUK62QVVYMFWLWKOPX3LO/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://seclists.org/bugtraq/2019/Apr/25\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://seclists.org/bugtraq/2019/Mar/25\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20190327-0005/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-767\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2019/dsa-4431\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.libssh2.org/CVE-2019-3862.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujan2020.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

WID-SEC-W-2023-1230

Vulnerability from csaf_certbund - Published: 2019-03-18 23:00 - Updated: 2025-01-14 23:00

Summary

libssh2: Mehrere Schwachstellen

Severity

Hoch

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: libssh2 ist eine C Bibliothek für das Anbieten von SSH2 Diensten auf Client- und Serverseite. Sie kann genutzt werden, um aus der Ferne Programme auszuführen, Dateien zu übertragen oder als sicherer und transparenter Tunnel für entfernte Programme genutzt werden.

Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in libssh2 ausnutzen, um beliebigen Programmcode mit Benutzerrechten auszuführen, Informationen offenzulegen oder einen Denial of Service zu verursachen.

Betroffene Betriebssysteme: - Linux - UNIX

CVE-2019-3855

In libssh2 existieren mehrere Schwachstellen. Diese bestehen aufgrund von unsachgemäßer Speicherbehandlung, was zu Pufferüberläufen sowie zu "Out of Bounds read" und "Out of Bounds write" fehlern führt. Ein entfernter anonymer kann diese Schwachstellen ausnutzen um Denial of Service Angriffe durchzuführen, sowie potentiell Informationen offenzulegen und beliebigen Code mit den Rechten des angegriffenen Nutzers zur Ausführung zu bringen.

Affected products

Known affected 14 products

Product	Identifier	Version
Oracle VM Oracle	`cpe:/a:oracle:vm:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
F5 BIG-IP 15.1.0-15.1.10 F5 / BIG-IP	`cpe:/a:f5:big-ip:15.1.0_-_15.1.10`	15.1.0-15.1.10
Fortinet FortiOS Fortinet	`cpe:/o:fortinet:fortios:-`	—
F5 BIG-IP 16.1.0-16.1.5 F5 / BIG-IP	`cpe:/a:f5:big-ip:16.1.0_-_16.1.5`	16.1.0-16.1.5
Juniper Junos Space <20.1R1 Juniper / Junos Space		<20.1R1
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Open Source libssh2 <1.8.1 Open Source / libssh2		<1.8.1
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
F5 BIG-IP F5 / BIG-IP	`cpe:/a:f5:big-ip:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
F5 BIG-IP 17.1.0-17.1.2 F5 / BIG-IP	`cpe:/a:f5:big-ip:17.1.0_-_17.1.2`	17.1.0-17.1.2
Open Source CentOS Open Source	`cpe:/o:centos:centos:-`	—

CVE-2019-3856

Affected products

Known affected 14 products

Product	Identifier	Version
Oracle VM Oracle	`cpe:/a:oracle:vm:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
F5 BIG-IP 15.1.0-15.1.10 F5 / BIG-IP	`cpe:/a:f5:big-ip:15.1.0_-_15.1.10`	15.1.0-15.1.10
Fortinet FortiOS Fortinet	`cpe:/o:fortinet:fortios:-`	—
F5 BIG-IP 16.1.0-16.1.5 F5 / BIG-IP	`cpe:/a:f5:big-ip:16.1.0_-_16.1.5`	16.1.0-16.1.5
Juniper Junos Space <20.1R1 Juniper / Junos Space		<20.1R1
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Open Source libssh2 <1.8.1 Open Source / libssh2		<1.8.1
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
F5 BIG-IP F5 / BIG-IP	`cpe:/a:f5:big-ip:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
F5 BIG-IP 17.1.0-17.1.2 F5 / BIG-IP	`cpe:/a:f5:big-ip:17.1.0_-_17.1.2`	17.1.0-17.1.2
Open Source CentOS Open Source	`cpe:/o:centos:centos:-`	—

CVE-2019-3857

Affected products

Known affected 14 products

Product	Identifier	Version
Oracle VM Oracle	`cpe:/a:oracle:vm:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
F5 BIG-IP 15.1.0-15.1.10 F5 / BIG-IP	`cpe:/a:f5:big-ip:15.1.0_-_15.1.10`	15.1.0-15.1.10
Fortinet FortiOS Fortinet	`cpe:/o:fortinet:fortios:-`	—
F5 BIG-IP 16.1.0-16.1.5 F5 / BIG-IP	`cpe:/a:f5:big-ip:16.1.0_-_16.1.5`	16.1.0-16.1.5
Juniper Junos Space <20.1R1 Juniper / Junos Space		<20.1R1
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Open Source libssh2 <1.8.1 Open Source / libssh2		<1.8.1
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
F5 BIG-IP F5 / BIG-IP	`cpe:/a:f5:big-ip:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
F5 BIG-IP 17.1.0-17.1.2 F5 / BIG-IP	`cpe:/a:f5:big-ip:17.1.0_-_17.1.2`	17.1.0-17.1.2
Open Source CentOS Open Source	`cpe:/o:centos:centos:-`	—

CVE-2019-3858

Affected products

Known affected 14 products

Product	Identifier	Version
Oracle VM Oracle	`cpe:/a:oracle:vm:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
F5 BIG-IP 15.1.0-15.1.10 F5 / BIG-IP	`cpe:/a:f5:big-ip:15.1.0_-_15.1.10`	15.1.0-15.1.10
Fortinet FortiOS Fortinet	`cpe:/o:fortinet:fortios:-`	—
F5 BIG-IP 16.1.0-16.1.5 F5 / BIG-IP	`cpe:/a:f5:big-ip:16.1.0_-_16.1.5`	16.1.0-16.1.5
Juniper Junos Space <20.1R1 Juniper / Junos Space		<20.1R1
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Open Source libssh2 <1.8.1 Open Source / libssh2		<1.8.1
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
F5 BIG-IP F5 / BIG-IP	`cpe:/a:f5:big-ip:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
F5 BIG-IP 17.1.0-17.1.2 F5 / BIG-IP	`cpe:/a:f5:big-ip:17.1.0_-_17.1.2`	17.1.0-17.1.2
Open Source CentOS Open Source	`cpe:/o:centos:centos:-`	—

CVE-2019-3859

Affected products

Known affected 14 products

Product	Identifier	Version
Oracle VM Oracle	`cpe:/a:oracle:vm:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
F5 BIG-IP 15.1.0-15.1.10 F5 / BIG-IP	`cpe:/a:f5:big-ip:15.1.0_-_15.1.10`	15.1.0-15.1.10
Fortinet FortiOS Fortinet	`cpe:/o:fortinet:fortios:-`	—
F5 BIG-IP 16.1.0-16.1.5 F5 / BIG-IP	`cpe:/a:f5:big-ip:16.1.0_-_16.1.5`	16.1.0-16.1.5
Juniper Junos Space <20.1R1 Juniper / Junos Space		<20.1R1
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Open Source libssh2 <1.8.1 Open Source / libssh2		<1.8.1
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
F5 BIG-IP F5 / BIG-IP	`cpe:/a:f5:big-ip:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
F5 BIG-IP 17.1.0-17.1.2 F5 / BIG-IP	`cpe:/a:f5:big-ip:17.1.0_-_17.1.2`	17.1.0-17.1.2
Open Source CentOS Open Source	`cpe:/o:centos:centos:-`	—

CVE-2019-3860

Affected products

Known affected 14 products

Product	Identifier	Version
Oracle VM Oracle	`cpe:/a:oracle:vm:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
F5 BIG-IP 15.1.0-15.1.10 F5 / BIG-IP	`cpe:/a:f5:big-ip:15.1.0_-_15.1.10`	15.1.0-15.1.10
Fortinet FortiOS Fortinet	`cpe:/o:fortinet:fortios:-`	—
F5 BIG-IP 16.1.0-16.1.5 F5 / BIG-IP	`cpe:/a:f5:big-ip:16.1.0_-_16.1.5`	16.1.0-16.1.5
Juniper Junos Space <20.1R1 Juniper / Junos Space		<20.1R1
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Open Source libssh2 <1.8.1 Open Source / libssh2		<1.8.1
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
F5 BIG-IP F5 / BIG-IP	`cpe:/a:f5:big-ip:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
F5 BIG-IP 17.1.0-17.1.2 F5 / BIG-IP	`cpe:/a:f5:big-ip:17.1.0_-_17.1.2`	17.1.0-17.1.2
Open Source CentOS Open Source	`cpe:/o:centos:centos:-`	—

CVE-2019-3861

Affected products

Known affected 14 products

Product	Identifier	Version
Oracle VM Oracle	`cpe:/a:oracle:vm:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
F5 BIG-IP 15.1.0-15.1.10 F5 / BIG-IP	`cpe:/a:f5:big-ip:15.1.0_-_15.1.10`	15.1.0-15.1.10
Fortinet FortiOS Fortinet	`cpe:/o:fortinet:fortios:-`	—
F5 BIG-IP 16.1.0-16.1.5 F5 / BIG-IP	`cpe:/a:f5:big-ip:16.1.0_-_16.1.5`	16.1.0-16.1.5
Juniper Junos Space <20.1R1 Juniper / Junos Space		<20.1R1
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Open Source libssh2 <1.8.1 Open Source / libssh2		<1.8.1
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
F5 BIG-IP F5 / BIG-IP	`cpe:/a:f5:big-ip:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
F5 BIG-IP 17.1.0-17.1.2 F5 / BIG-IP	`cpe:/a:f5:big-ip:17.1.0_-_17.1.2`	17.1.0-17.1.2
Open Source CentOS Open Source	`cpe:/o:centos:centos:-`	—

CVE-2019-3862

Affected products

Known affected 14 products

Product	Identifier	Version
Oracle VM Oracle	`cpe:/a:oracle:vm:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
F5 BIG-IP 15.1.0-15.1.10 F5 / BIG-IP	`cpe:/a:f5:big-ip:15.1.0_-_15.1.10`	15.1.0-15.1.10
Fortinet FortiOS Fortinet	`cpe:/o:fortinet:fortios:-`	—
F5 BIG-IP 16.1.0-16.1.5 F5 / BIG-IP	`cpe:/a:f5:big-ip:16.1.0_-_16.1.5`	16.1.0-16.1.5
Juniper Junos Space <20.1R1 Juniper / Junos Space		<20.1R1
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Open Source libssh2 <1.8.1 Open Source / libssh2		<1.8.1
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
F5 BIG-IP F5 / BIG-IP	`cpe:/a:f5:big-ip:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
F5 BIG-IP 17.1.0-17.1.2 F5 / BIG-IP	`cpe:/a:f5:big-ip:17.1.0_-_17.1.2`	17.1.0-17.1.2
Open Source CentOS Open Source	`cpe:/o:centos:centos:-`	—

CVE-2019-3863

Affected products

Known affected 14 products

Product	Identifier	Version
Oracle VM Oracle	`cpe:/a:oracle:vm:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
F5 BIG-IP 15.1.0-15.1.10 F5 / BIG-IP	`cpe:/a:f5:big-ip:15.1.0_-_15.1.10`	15.1.0-15.1.10
Fortinet FortiOS Fortinet	`cpe:/o:fortinet:fortios:-`	—
F5 BIG-IP 16.1.0-16.1.5 F5 / BIG-IP	`cpe:/a:f5:big-ip:16.1.0_-_16.1.5`	16.1.0-16.1.5
Juniper Junos Space <20.1R1 Juniper / Junos Space		<20.1R1
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Open Source libssh2 <1.8.1 Open Source / libssh2		<1.8.1
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
F5 BIG-IP F5 / BIG-IP	`cpe:/a:f5:big-ip:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
F5 BIG-IP 17.1.0-17.1.2 F5 / BIG-IP	`cpe:/a:f5:big-ip:17.1.0_-_17.1.2`	17.1.0-17.1.2
Open Source CentOS Open Source	`cpe:/o:centos:centos:-`	—

References

49 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://www.libssh2.org/security.html	external
https://www.libssh2.org/CVE-2019-3855.html	external
https://www.libssh2.org/CVE-2019-3856.html	external
https://www.libssh2.org/CVE-2019-3857.html	external
https://www.libssh2.org/CVE-2019-3858.html	external
https://www.libssh2.org/CVE-2019-3859.html	external
https://www.libssh2.org/CVE-2019-3860.html	external
https://www.libssh2.org/CVE-2019-3861.html	external
https://www.libssh2.org/CVE-2019-3862.html	external
https://www.libssh2.org/CVE-2019-3863.html	external
https://www.suse.com/support/update/announcement/…	external
https://www.suse.com/support/update/announcement/…	external
https://access.redhat.com/errata/RHSA-2019:0679	external
http://linux.oracle.com/errata/ELSA-2019-0679.html	external
https://www.suse.com/support/update/announcement/…	external
http://centos-announce.2309468.n4.nabble.com/Cent…	external
https://www.debian.org/security/2019/dsa-4431	external
https://www.suse.com/support/update/announcement/…	external
https://www.suse.com/support/update/announcement/…	external
https://www.suse.com/support/update/announcement/…	external
https://www.suse.com/support/update/announcement/…	external
https://access.redhat.com/errata/RHSA-2019:1175	external
http://linux.oracle.com/errata/ELSA-2019-4693.html	external
http://linux.oracle.com/errata/ELSA-2019-4692.html	external
https://www.suse.com/support/update/announcement/…	external
https://www.suse.com/support/update/announcement/…	external
https://www.suse.com/support/update/announcement/…	external
https://oss.oracle.com/pipermail/oraclevm-errata/…	external
https://access.redhat.com/errata/RHSA-2019:1652	external
http://linux.oracle.com/errata/ELSA-2019-1652.html	external
http://centos-announce.2309468.n4.nabble.com/Cent…	external
https://www.oracle.com/technetwork/topics/securit…	external
https://access.redhat.com/errata/RHSA-2019:1791	external
https://access.redhat.com/errata/RHSA-2019:1884	external
http://linux.oracle.com/errata/ELSA-2019-1884.html	external
https://access.redhat.com/errata/RHSA-2019:1943	external
http://centos-announce.2309468.n4.nabble.com/Cent…	external
https://access.redhat.com/errata/RHSA-2019:2136	external
https://access.redhat.com/errata/RHSA-2019:2399	external
https://www.suse.com/support/update/announcement/…	external
https://fortiguard.com/psirt/FG-IR-19-099	external
http://kb.juniper.net/InfoCenter/index?page=conte…	external
https://support.f5.com/csp/article/K90011301	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://alas.aws.amazon.com/AL2/ALAS-2023-2046.html	external
https://alas.aws.amazon.com/ALAS-2023-1756.html	external
https://my.f5.com/manage/s/article/K000149288	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "libssh2 ist eine C Bibliothek f\u00fcr das Anbieten von SSH2 Diensten auf Client- und Serverseite. Sie kann genutzt werden, um aus der Ferne Programme auszuf\u00fchren, Dateien zu \u00fcbertragen oder als sicherer und transparenter Tunnel f\u00fcr entfernte Programme genutzt werden.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in libssh2 ausnutzen, um beliebigen Programmcode mit Benutzerrechten auszuf\u00fchren, Informationen offenzulegen oder einen Denial of Service zu verursachen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- UNIX",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-1230 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2019/wid-sec-w-2023-1230.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-1230 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1230"
      },
      {
        "category": "external",
        "summary": "libssh2 Security Advisories vom 2019-03-18",
        "url": "https://www.libssh2.org/security.html"
      },
      {
        "category": "external",
        "summary": "libssh2 Security Advisories vom 2019-03-18",
        "url": "https://www.libssh2.org/CVE-2019-3855.html"
      },
      {
        "category": "external",
        "summary": "libssh2 Security Advisories vom 2019-03-18",
        "url": "https://www.libssh2.org/CVE-2019-3856.html"
      },
      {
        "category": "external",
        "summary": "libssh2 Security Advisories vom 2019-03-18",
        "url": "https://www.libssh2.org/CVE-2019-3857.html"
      },
      {
        "category": "external",
        "summary": "libssh2 Security Advisories vom 2019-03-18",
        "url": "https://www.libssh2.org/CVE-2019-3858.html"
      },
      {
        "category": "external",
        "summary": "libssh2 Security Advisories vom 2019-03-18",
        "url": "https://www.libssh2.org/CVE-2019-3859.html"
      },
      {
        "category": "external",
        "summary": "libssh2 Security Advisories vom 2019-03-18",
        "url": "https://www.libssh2.org/CVE-2019-3860.html"
      },
      {
        "category": "external",
        "summary": "libssh2 Security Advisories vom 2019-03-18",
        "url": "https://www.libssh2.org/CVE-2019-3861.html"
      },
      {
        "category": "external",
        "summary": "libssh2 Security Advisories vom 2019-03-18",
        "url": "https://www.libssh2.org/CVE-2019-3862.html"
      },
      {
        "category": "external",
        "summary": "libssh2 Security Advisories vom 2019-03-18",
        "url": "https://www.libssh2.org/CVE-2019-3863.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2019:13982-1 vom 2019-03-19",
        "url": "https://www.suse.com/support/update/announcement/2019/suse-su-201913982-1.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2019:0655-1 vom 2019-03-20",
        "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20190655-1.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2019:0679 vom 2019-03-28",
        "url": "https://access.redhat.com/errata/RHSA-2019:0679"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2019-0679 vom 2019-03-28",
        "url": "http://linux.oracle.com/errata/ELSA-2019-0679.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2019:13997-1 vom 2019-03-30",
        "url": "https://www.suse.com/support/update/announcement/2019/suse-su-201913997-1.html"
      },
      {
        "category": "external",
        "summary": "CentOS Security Advisory CESA-2019:0679 vom 2019-04-01",
        "url": "http://centos-announce.2309468.n4.nabble.com/CentOS-announce-CESA-2019-0679-Important-CentOS-7-libssh2-Security-Update-tp4645499.html"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DSA-4431 vom 2019-04-13",
        "url": "https://www.debian.org/security/2019/dsa-4431"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2019:14032-1 vom 2019-04-27",
        "url": "https://www.suse.com/support/update/announcement/2019/suse-su-201914032-1.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2019:1060-1 vom 2019-04-27",
        "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20191060-1.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2019:1059-1 vom 2019-04-27",
        "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20191059-1.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2019:14031-1 vom 2019-04-27",
        "url": "https://www.suse.com/support/update/announcement/2019/suse-su-201914031-1.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2019:1175 vom 2019-05-15",
        "url": "https://access.redhat.com/errata/RHSA-2019:1175"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2019-4693 vom 2019-06-20",
        "url": "http://linux.oracle.com/errata/ELSA-2019-4693.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2019-4692 vom 2019-06-21",
        "url": "http://linux.oracle.com/errata/ELSA-2019-4692.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2019:14099-1 vom 2019-06-21",
        "url": "https://www.suse.com/support/update/announcement/2019/suse-su-201914099-1.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2019:1606-1 vom 2019-06-21",
        "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20191606-1.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2019:14098-1 vom 2019-06-21",
        "url": "https://www.suse.com/support/update/announcement/2019/suse-su-201914098-1.html"
      },
      {
        "category": "external",
        "summary": "ORACLE OVMSA-2019-0028 vom 2019-06-24",
        "url": "https://oss.oracle.com/pipermail/oraclevm-errata/2019-June/000948.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2019:1652 vom 2019-07-02",
        "url": "https://access.redhat.com/errata/RHSA-2019:1652"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2019-1652 vom 2019-07-03",
        "url": "http://linux.oracle.com/errata/ELSA-2019-1652.html"
      },
      {
        "category": "external",
        "summary": "CentOS-announce CESA-2019:1652 vom 2019-07-03",
        "url": "http://centos-announce.2309468.n4.nabble.com/CentOS-announce-CESA-2019-1652-Important-CentOS-6-libssh2-Security-Update-td4645589.html"
      },
      {
        "category": "external",
        "summary": "Oracle VM Server f\u00fcr x86 Bulletin - Juli 2019",
        "url": "https://www.oracle.com/technetwork/topics/security/ovmbulletinjul2019-5600406.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2019:1791 vom 2019-07-16",
        "url": "https://access.redhat.com/errata/RHSA-2019:1791"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2019:1884 vom 2019-07-29",
        "url": "https://access.redhat.com/errata/RHSA-2019:1884"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2019-1884 vom 2019-07-30",
        "url": "http://linux.oracle.com/errata/ELSA-2019-1884.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2019:1943 vom 2019-07-30",
        "url": "https://access.redhat.com/errata/RHSA-2019:1943"
      },
      {
        "category": "external",
        "summary": "CentOS Security Advisory CESA-2019:1884 vom 2019-07-31",
        "url": "http://centos-announce.2309468.n4.nabble.com/CentOS-announce-CESA-2019-1884-Moderate-CentOS-7-libssh2-Security-Update-tp4645623.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2019:2136 vom 2019-08-06",
        "url": "https://access.redhat.com/errata/RHSA-2019:2136"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2019:2399 vom 2019-08-07",
        "url": "https://access.redhat.com/errata/RHSA-2019:2399"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2019:1606-2 vom 2019-08-21",
        "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20191606-2.html"
      },
      {
        "category": "external",
        "summary": "FortiGuard Labs PSIRT Advisory FG-IR-19-099 vom 2019-11-15 vom 2019-11-14",
        "url": "https://fortiguard.com/psirt/FG-IR-19-099"
      },
      {
        "category": "external",
        "summary": "Juniper Security Advisory JSA11023 vom 2020-07-08",
        "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11023"
      },
      {
        "category": "external",
        "summary": "F5 Security Advisory K90011301 vom 2020-09-18",
        "url": "https://support.f5.com/csp/article/K90011301"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2020:3551-1 vom 2020-11-27",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2020-November/007887.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS-2023-2046 vom 2023-05-17",
        "url": "https://alas.aws.amazon.com/AL2/ALAS-2023-2046.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS-2023-1756 vom 2023-06-06",
        "url": "https://alas.aws.amazon.com/ALAS-2023-1756.html"
      },
      {
        "category": "external",
        "summary": "F5 Security Advisory K000149288 vom 2025-01-14",
        "url": "https://my.f5.com/manage/s/article/K000149288"
      }
    ],
    "source_lang": "en-US",
    "title": "libssh2: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2025-01-14T23:00:00.000+00:00",
      "generator": {
        "date": "2025-01-15T09:22:49.540+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.10"
        }
      },
      "id": "WID-SEC-W-2023-1230",
      "initial_release_date": "2019-03-18T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2019-03-18T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2019-03-19T23:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2019-03-20T23:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2019-03-20T23:00:00.000+00:00",
          "number": "4",
          "summary": "Referenz(en) aufgenommen: FEDORA-2019-3348CB4934, FEDORA-2019-F31C14682F"
        },
        {
          "date": "2019-03-21T23:00:00.000+00:00",
          "number": "5",
          "summary": "Referenz(en) aufgenommen: FEDORA-2019-70A9D4F970"
        },
        {
          "date": "2019-03-28T23:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von Red Hat und Oracle Linux aufgenommen"
        },
        {
          "date": "2019-03-31T22:00:00.000+00:00",
          "number": "7",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2019-04-01T22:00:00.000+00:00",
          "number": "8",
          "summary": "Neue Updates von CentOS aufgenommen"
        },
        {
          "date": "2019-04-14T22:00:00.000+00:00",
          "number": "9",
          "summary": "Neue Updates von Debian aufgenommen"
        },
        {
          "date": "2019-04-28T22:00:00.000+00:00",
          "number": "10",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2019-05-15T22:00:00.000+00:00",
          "number": "11",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2019-06-20T22:00:00.000+00:00",
          "number": "12",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        },
        {
          "date": "2019-06-23T22:00:00.000+00:00",
          "number": "13",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2019-06-24T22:00:00.000+00:00",
          "number": "14",
          "summary": "Neue Updates von ORACLE aufgenommen"
        },
        {
          "date": "2019-07-02T22:00:00.000+00:00",
          "number": "15",
          "summary": "Neue Updates von Red Hat und Oracle Linux aufgenommen"
        },
        {
          "date": "2019-07-03T22:00:00.000+00:00",
          "number": "16",
          "summary": "Neue Updates von CentOS aufgenommen"
        },
        {
          "date": "2019-07-16T22:00:00.000+00:00",
          "number": "17",
          "summary": "Neue Updates aufgenommen"
        },
        {
          "date": "2019-07-16T22:00:00.000+00:00",
          "number": "18",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2019-07-21T22:00:00.000+00:00",
          "number": "19",
          "summary": "Referenz(en) aufgenommen: FEDORA-2019-9D85600FC7, FEDORA-2019-5885663621"
        },
        {
          "date": "2019-07-29T22:00:00.000+00:00",
          "number": "20",
          "summary": "Neue Updates von Red Hat und Oracle Linux aufgenommen"
        },
        {
          "date": "2019-07-30T22:00:00.000+00:00",
          "number": "21",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2019-07-31T22:00:00.000+00:00",
          "number": "22",
          "summary": "Neue Updates von CentOS aufgenommen"
        },
        {
          "date": "2019-08-06T22:00:00.000+00:00",
          "number": "23",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2019-08-07T22:00:00.000+00:00",
          "number": "24",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2019-08-21T22:00:00.000+00:00",
          "number": "25",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2019-11-14T23:00:00.000+00:00",
          "number": "26",
          "summary": "Neue Updates von Fortinet aufgenommen"
        },
        {
          "date": "2020-07-08T22:00:00.000+00:00",
          "number": "27",
          "summary": "Neue Updates von Juniper aufgenommen"
        },
        {
          "date": "2020-09-20T22:00:00.000+00:00",
          "number": "28",
          "summary": "Neue Updates von F5 aufgenommen"
        },
        {
          "date": "2020-11-29T23:00:00.000+00:00",
          "number": "29",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2023-05-16T22:00:00.000+00:00",
          "number": "30",
          "summary": "Neue Updates von Amazon aufgenommen"
        },
        {
          "date": "2023-06-06T22:00:00.000+00:00",
          "number": "31",
          "summary": "Neue Updates von Amazon aufgenommen"
        },
        {
          "date": "2025-01-14T23:00:00.000+00:00",
          "number": "32",
          "summary": "Neue Updates von F5 aufgenommen"
        }
      ],
      "status": "final",
      "version": "32"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Amazon Linux 2",
            "product": {
              "name": "Amazon Linux 2",
              "product_id": "398363",
              "product_identification_helper": {
                "cpe": "cpe:/o:amazon:linux_2:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Amazon"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Debian Linux",
            "product": {
              "name": "Debian Linux",
              "product_id": "2951",
              "product_identification_helper": {
                "cpe": "cpe:/o:debian:debian_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Debian"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "F5 BIG-IP",
                "product": {
                  "name": "F5 BIG-IP",
                  "product_id": "T001663",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:f5:big-ip:-"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "15.1.0-15.1.10",
                "product": {
                  "name": "F5 BIG-IP 15.1.0-15.1.10",
                  "product_id": "T034902",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:f5:big-ip:15.1.0_-_15.1.10"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "16.1.0-16.1.5",
                "product": {
                  "name": "F5 BIG-IP 16.1.0-16.1.5",
                  "product_id": "T037028",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:f5:big-ip:16.1.0_-_16.1.5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "17.1.0-17.1.2",
                "product": {
                  "name": "F5 BIG-IP 17.1.0-17.1.2",
                  "product_id": "T040213",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:f5:big-ip:17.1.0_-_17.1.2"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "BIG-IP"
          }
        ],
        "category": "vendor",
        "name": "F5"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Fortinet FortiOS",
            "product": {
              "name": "Fortinet FortiOS",
              "product_id": "T009615",
              "product_identification_helper": {
                "cpe": "cpe:/o:fortinet:fortios:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Fortinet"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c20.1R1",
                "product": {
                  "name": "Juniper Junos Space \u003c20.1R1",
                  "product_id": "T016874"
                }
              },
              {
                "category": "product_version",
                "name": "20.1R1",
                "product": {
                  "name": "Juniper Junos Space 20.1R1",
                  "product_id": "T016874-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:juniper:junos_space:20.1r1"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Junos Space"
          }
        ],
        "category": "vendor",
        "name": "Juniper"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Open Source CentOS",
            "product": {
              "name": "Open Source CentOS",
              "product_id": "1727",
              "product_identification_helper": {
                "cpe": "cpe:/o:centos:centos:-"
              }
            }
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c1.8.1",
                "product": {
                  "name": "Open Source libssh2 \u003c1.8.1",
                  "product_id": "T013792"
                }
              },
              {
                "category": "product_version",
                "name": "1.8.1",
                "product": {
                  "name": "Open Source libssh2 1.8.1",
                  "product_id": "T013792-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:libssh2:libssh2:1.8.1"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "libssh2"
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Oracle Linux",
            "product": {
              "name": "Oracle Linux",
              "product_id": "T004914",
              "product_identification_helper": {
                "cpe": "cpe:/o:oracle:linux:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Oracle VM",
            "product": {
              "name": "Oracle VM",
              "product_id": "T011119",
              "product_identification_helper": {
                "cpe": "cpe:/a:oracle:vm:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Red Hat Enterprise Linux",
            "product": {
              "name": "Red Hat Enterprise Linux",
              "product_id": "67646",
              "product_identification_helper": {
                "cpe": "cpe:/o:redhat:enterprise_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE Linux",
            "product": {
              "name": "SUSE Linux",
              "product_id": "T002207",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:suse_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2019-3855",
      "notes": [
        {
          "category": "description",
          "text": "In libssh2 existieren mehrere Schwachstellen. Diese bestehen aufgrund von unsachgem\u00e4\u00dfer Speicherbehandlung, was zu Puffer\u00fcberl\u00e4ufen sowie zu \"Out of Bounds read\" und \"Out of Bounds write\" fehlern f\u00fchrt. Ein entfernter anonymer kann diese Schwachstellen ausnutzen um Denial of Service Angriffe durchzuf\u00fchren, sowie potentiell Informationen offenzulegen und beliebigen Code mit den Rechten des angegriffenen Nutzers zur Ausf\u00fchrung zu bringen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T011119",
          "67646",
          "T034902",
          "T009615",
          "T037028",
          "T016874",
          "T004914",
          "T013792",
          "2951",
          "T002207",
          "T001663",
          "398363",
          "T040213",
          "1727"
        ]
      },
      "release_date": "2019-03-18T23:00:00.000+00:00",
      "title": "CVE-2019-3855"
    },
    {
      "cve": "CVE-2019-3856",
      "notes": [
        {
          "category": "description",
          "text": "In libssh2 existieren mehrere Schwachstellen. Diese bestehen aufgrund von unsachgem\u00e4\u00dfer Speicherbehandlung, was zu Puffer\u00fcberl\u00e4ufen sowie zu \"Out of Bounds read\" und \"Out of Bounds write\" fehlern f\u00fchrt. Ein entfernter anonymer kann diese Schwachstellen ausnutzen um Denial of Service Angriffe durchzuf\u00fchren, sowie potentiell Informationen offenzulegen und beliebigen Code mit den Rechten des angegriffenen Nutzers zur Ausf\u00fchrung zu bringen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T011119",
          "67646",
          "T034902",
          "T009615",
          "T037028",
          "T016874",
          "T004914",
          "T013792",
          "2951",
          "T002207",
          "T001663",
          "398363",
          "T040213",
          "1727"
        ]
      },
      "release_date": "2019-03-18T23:00:00.000+00:00",
      "title": "CVE-2019-3856"
    },
    {
      "cve": "CVE-2019-3857",
      "notes": [
        {
          "category": "description",
          "text": "In libssh2 existieren mehrere Schwachstellen. Diese bestehen aufgrund von unsachgem\u00e4\u00dfer Speicherbehandlung, was zu Puffer\u00fcberl\u00e4ufen sowie zu \"Out of Bounds read\" und \"Out of Bounds write\" fehlern f\u00fchrt. Ein entfernter anonymer kann diese Schwachstellen ausnutzen um Denial of Service Angriffe durchzuf\u00fchren, sowie potentiell Informationen offenzulegen und beliebigen Code mit den Rechten des angegriffenen Nutzers zur Ausf\u00fchrung zu bringen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T011119",
          "67646",
          "T034902",
          "T009615",
          "T037028",
          "T016874",
          "T004914",
          "T013792",
          "2951",
          "T002207",
          "T001663",
          "398363",
          "T040213",
          "1727"
        ]
      },
      "release_date": "2019-03-18T23:00:00.000+00:00",
      "title": "CVE-2019-3857"
    },
    {
      "cve": "CVE-2019-3858",
      "notes": [
        {
          "category": "description",
          "text": "In libssh2 existieren mehrere Schwachstellen. Diese bestehen aufgrund von unsachgem\u00e4\u00dfer Speicherbehandlung, was zu Puffer\u00fcberl\u00e4ufen sowie zu \"Out of Bounds read\" und \"Out of Bounds write\" fehlern f\u00fchrt. Ein entfernter anonymer kann diese Schwachstellen ausnutzen um Denial of Service Angriffe durchzuf\u00fchren, sowie potentiell Informationen offenzulegen und beliebigen Code mit den Rechten des angegriffenen Nutzers zur Ausf\u00fchrung zu bringen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T011119",
          "67646",
          "T034902",
          "T009615",
          "T037028",
          "T016874",
          "T004914",
          "T013792",
          "2951",
          "T002207",
          "T001663",
          "398363",
          "T040213",
          "1727"
        ]
      },
      "release_date": "2019-03-18T23:00:00.000+00:00",
      "title": "CVE-2019-3858"
    },
    {
      "cve": "CVE-2019-3859",
      "notes": [
        {
          "category": "description",
          "text": "In libssh2 existieren mehrere Schwachstellen. Diese bestehen aufgrund von unsachgem\u00e4\u00dfer Speicherbehandlung, was zu Puffer\u00fcberl\u00e4ufen sowie zu \"Out of Bounds read\" und \"Out of Bounds write\" fehlern f\u00fchrt. Ein entfernter anonymer kann diese Schwachstellen ausnutzen um Denial of Service Angriffe durchzuf\u00fchren, sowie potentiell Informationen offenzulegen und beliebigen Code mit den Rechten des angegriffenen Nutzers zur Ausf\u00fchrung zu bringen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T011119",
          "67646",
          "T034902",
          "T009615",
          "T037028",
          "T016874",
          "T004914",
          "T013792",
          "2951",
          "T002207",
          "T001663",
          "398363",
          "T040213",
          "1727"
        ]
      },
      "release_date": "2019-03-18T23:00:00.000+00:00",
      "title": "CVE-2019-3859"
    },
    {
      "cve": "CVE-2019-3860",
      "notes": [
        {
          "category": "description",
          "text": "In libssh2 existieren mehrere Schwachstellen. Diese bestehen aufgrund von unsachgem\u00e4\u00dfer Speicherbehandlung, was zu Puffer\u00fcberl\u00e4ufen sowie zu \"Out of Bounds read\" und \"Out of Bounds write\" fehlern f\u00fchrt. Ein entfernter anonymer kann diese Schwachstellen ausnutzen um Denial of Service Angriffe durchzuf\u00fchren, sowie potentiell Informationen offenzulegen und beliebigen Code mit den Rechten des angegriffenen Nutzers zur Ausf\u00fchrung zu bringen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T011119",
          "67646",
          "T034902",
          "T009615",
          "T037028",
          "T016874",
          "T004914",
          "T013792",
          "2951",
          "T002207",
          "T001663",
          "398363",
          "T040213",
          "1727"
        ]
      },
      "release_date": "2019-03-18T23:00:00.000+00:00",
      "title": "CVE-2019-3860"
    },
    {
      "cve": "CVE-2019-3861",
      "notes": [
        {
          "category": "description",
          "text": "In libssh2 existieren mehrere Schwachstellen. Diese bestehen aufgrund von unsachgem\u00e4\u00dfer Speicherbehandlung, was zu Puffer\u00fcberl\u00e4ufen sowie zu \"Out of Bounds read\" und \"Out of Bounds write\" fehlern f\u00fchrt. Ein entfernter anonymer kann diese Schwachstellen ausnutzen um Denial of Service Angriffe durchzuf\u00fchren, sowie potentiell Informationen offenzulegen und beliebigen Code mit den Rechten des angegriffenen Nutzers zur Ausf\u00fchrung zu bringen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T011119",
          "67646",
          "T034902",
          "T009615",
          "T037028",
          "T016874",
          "T004914",
          "T013792",
          "2951",
          "T002207",
          "T001663",
          "398363",
          "T040213",
          "1727"
        ]
      },
      "release_date": "2019-03-18T23:00:00.000+00:00",
      "title": "CVE-2019-3861"
    },
    {
      "cve": "CVE-2019-3862",
      "notes": [
        {
          "category": "description",
          "text": "In libssh2 existieren mehrere Schwachstellen. Diese bestehen aufgrund von unsachgem\u00e4\u00dfer Speicherbehandlung, was zu Puffer\u00fcberl\u00e4ufen sowie zu \"Out of Bounds read\" und \"Out of Bounds write\" fehlern f\u00fchrt. Ein entfernter anonymer kann diese Schwachstellen ausnutzen um Denial of Service Angriffe durchzuf\u00fchren, sowie potentiell Informationen offenzulegen und beliebigen Code mit den Rechten des angegriffenen Nutzers zur Ausf\u00fchrung zu bringen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T011119",
          "67646",
          "T034902",
          "T009615",
          "T037028",
          "T016874",
          "T004914",
          "T013792",
          "2951",
          "T002207",
          "T001663",
          "398363",
          "T040213",
          "1727"
        ]
      },
      "release_date": "2019-03-18T23:00:00.000+00:00",
      "title": "CVE-2019-3862"
    },
    {
      "cve": "CVE-2019-3863",
      "notes": [
        {
          "category": "description",
          "text": "In libssh2 existieren mehrere Schwachstellen. Diese bestehen aufgrund von unsachgem\u00e4\u00dfer Speicherbehandlung, was zu Puffer\u00fcberl\u00e4ufen sowie zu \"Out of Bounds read\" und \"Out of Bounds write\" fehlern f\u00fchrt. Ein entfernter anonymer kann diese Schwachstellen ausnutzen um Denial of Service Angriffe durchzuf\u00fchren, sowie potentiell Informationen offenzulegen und beliebigen Code mit den Rechten des angegriffenen Nutzers zur Ausf\u00fchrung zu bringen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T011119",
          "67646",
          "T034902",
          "T009615",
          "T037028",
          "T016874",
          "T004914",
          "T013792",
          "2951",
          "T002207",
          "T001663",
          "398363",
          "T040213",
          "1727"
        ]
      },
      "release_date": "2019-03-18T23:00:00.000+00:00",
      "title": "CVE-2019-3863"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2019-3862 (GCVE-0-2019-3862)

WID-SEC-W-2023-1230

Tags

Sightings

Nomenclature