VAR-201903-0388
Vulnerability from variot - Updated: 2025-12-22 21:51An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server. libssh2 Contains an integer overflow vulnerability.Information is obtained and service operation is interrupted (DoS) There is a possibility of being put into a state. It can execute remote commands and file transfers, and at the same time provide a secure transmission channel for remote programs. An integer overflow vulnerability exists in libssh2. The vulnerability is caused by the '_libssh2_transport_read()' function not properly checking the packet_length value from the server. 6) - i386, x86_64
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: libssh2 security update Advisory ID: RHSA-2019:0679-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:0679 Issue date: 2019-03-28 CVE Names: CVE-2019-3855 CVE-2019-3856 CVE-2019-3857 CVE-2019-3863 ==================================================================== 1. Summary:
An update for libssh2 is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - aarch64, ppc64le, s390x Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - aarch64, noarch, ppc64le, s390x
- Description:
The libssh2 packages provide a library that implements the SSH2 protocol.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing these updated packages, all running applications using libssh2 must be restarted for this update to take effect.
- Package List:
Red Hat Enterprise Linux Client (v. 7):
Source: libssh2-1.4.3-12.el7_6.2.src.rpm
x86_64: libssh2-1.4.3-12.el7_6.2.i686.rpm libssh2-1.4.3-12.el7_6.2.x86_64.rpm libssh2-debuginfo-1.4.3-12.el7_6.2.i686.rpm libssh2-debuginfo-1.4.3-12.el7_6.2.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
noarch: libssh2-docs-1.4.3-12.el7_6.2.noarch.rpm
x86_64: libssh2-debuginfo-1.4.3-12.el7_6.2.i686.rpm libssh2-debuginfo-1.4.3-12.el7_6.2.x86_64.rpm libssh2-devel-1.4.3-12.el7_6.2.i686.rpm libssh2-devel-1.4.3-12.el7_6.2.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source: libssh2-1.4.3-12.el7_6.2.src.rpm
x86_64: libssh2-1.4.3-12.el7_6.2.i686.rpm libssh2-1.4.3-12.el7_6.2.x86_64.rpm libssh2-debuginfo-1.4.3-12.el7_6.2.i686.rpm libssh2-debuginfo-1.4.3-12.el7_6.2.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
noarch: libssh2-docs-1.4.3-12.el7_6.2.noarch.rpm
x86_64: libssh2-debuginfo-1.4.3-12.el7_6.2.i686.rpm libssh2-debuginfo-1.4.3-12.el7_6.2.x86_64.rpm libssh2-devel-1.4.3-12.el7_6.2.i686.rpm libssh2-devel-1.4.3-12.el7_6.2.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: libssh2-1.4.3-12.el7_6.2.src.rpm
ppc64: libssh2-1.4.3-12.el7_6.2.ppc.rpm libssh2-1.4.3-12.el7_6.2.ppc64.rpm libssh2-debuginfo-1.4.3-12.el7_6.2.ppc.rpm libssh2-debuginfo-1.4.3-12.el7_6.2.ppc64.rpm
ppc64le: libssh2-1.4.3-12.el7_6.2.ppc64le.rpm libssh2-debuginfo-1.4.3-12.el7_6.2.ppc64le.rpm
s390x: libssh2-1.4.3-12.el7_6.2.s390.rpm libssh2-1.4.3-12.el7_6.2.s390x.rpm libssh2-debuginfo-1.4.3-12.el7_6.2.s390.rpm libssh2-debuginfo-1.4.3-12.el7_6.2.s390x.rpm
x86_64: libssh2-1.4.3-12.el7_6.2.i686.rpm libssh2-1.4.3-12.el7_6.2.x86_64.rpm libssh2-debuginfo-1.4.3-12.el7_6.2.i686.rpm libssh2-debuginfo-1.4.3-12.el7_6.2.x86_64.rpm
Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7):
Source: libssh2-1.4.3-12.el7_6.2.src.rpm
aarch64: libssh2-1.4.3-12.el7_6.2.aarch64.rpm libssh2-debuginfo-1.4.3-12.el7_6.2.aarch64.rpm
ppc64le: libssh2-1.4.3-12.el7_6.2.ppc64le.rpm libssh2-debuginfo-1.4.3-12.el7_6.2.ppc64le.rpm
s390x: libssh2-1.4.3-12.el7_6.2.s390.rpm libssh2-1.4.3-12.el7_6.2.s390x.rpm libssh2-debuginfo-1.4.3-12.el7_6.2.s390.rpm libssh2-debuginfo-1.4.3-12.el7_6.2.s390x.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
noarch: libssh2-docs-1.4.3-12.el7_6.2.noarch.rpm
ppc64: libssh2-debuginfo-1.4.3-12.el7_6.2.ppc.rpm libssh2-debuginfo-1.4.3-12.el7_6.2.ppc64.rpm libssh2-devel-1.4.3-12.el7_6.2.ppc.rpm libssh2-devel-1.4.3-12.el7_6.2.ppc64.rpm
ppc64le: libssh2-debuginfo-1.4.3-12.el7_6.2.ppc64le.rpm libssh2-devel-1.4.3-12.el7_6.2.ppc64le.rpm
s390x: libssh2-debuginfo-1.4.3-12.el7_6.2.s390.rpm libssh2-debuginfo-1.4.3-12.el7_6.2.s390x.rpm libssh2-devel-1.4.3-12.el7_6.2.s390.rpm libssh2-devel-1.4.3-12.el7_6.2.s390x.rpm
x86_64: libssh2-debuginfo-1.4.3-12.el7_6.2.i686.rpm libssh2-debuginfo-1.4.3-12.el7_6.2.x86_64.rpm libssh2-devel-1.4.3-12.el7_6.2.i686.rpm libssh2-devel-1.4.3-12.el7_6.2.x86_64.rpm
Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7):
aarch64: libssh2-debuginfo-1.4.3-12.el7_6.2.aarch64.rpm libssh2-devel-1.4.3-12.el7_6.2.aarch64.rpm
noarch: libssh2-docs-1.4.3-12.el7_6.2.noarch.rpm
ppc64le: libssh2-debuginfo-1.4.3-12.el7_6.2.ppc64le.rpm libssh2-devel-1.4.3-12.el7_6.2.ppc64le.rpm
s390x: libssh2-debuginfo-1.4.3-12.el7_6.2.s390.rpm libssh2-debuginfo-1.4.3-12.el7_6.2.s390x.rpm libssh2-devel-1.4.3-12.el7_6.2.s390.rpm libssh2-devel-1.4.3-12.el7_6.2.s390x.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: libssh2-1.4.3-12.el7_6.2.src.rpm
x86_64: libssh2-1.4.3-12.el7_6.2.i686.rpm libssh2-1.4.3-12.el7_6.2.x86_64.rpm libssh2-debuginfo-1.4.3-12.el7_6.2.i686.rpm libssh2-debuginfo-1.4.3-12.el7_6.2.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
noarch: libssh2-docs-1.4.3-12.el7_6.2.noarch.rpm
x86_64: libssh2-debuginfo-1.4.3-12.el7_6.2.i686.rpm libssh2-debuginfo-1.4.3-12.el7_6.2.x86_64.rpm libssh2-devel-1.4.3-12.el7_6.2.i686.rpm libssh2-devel-1.4.3-12.el7_6.2.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2019-3855 https://access.redhat.com/security/cve/CVE-2019-3856 https://access.redhat.com/security/cve/CVE-2019-3857 https://access.redhat.com/security/cve/CVE-2019-3863 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBXJznXNzjgjWX9erEAQiaLQ/+NOZQa78T9tZT0qw516dUqmfm8y03YJDd LDgRcAbSQIlYF59kO4SxBZ13APCc8ippJXzSeBS49AeQLdesjaj3bYnWXeAiDwIE wE2zqYhjBH3YUW8vmoP26sC4Ov8rijsevHQcn7PcRiTrR/gSdzU59LkxouyWokAC nFVzke+D7aQMFv6mo9EbEEH1Q85/WIfJKKB4XuCHM13L1ohLuVVQnsjxwZtq8hev FCQp1moLuyyvDGjEa0lhp05gqIoDGPccpAzlcbz/HWgkb/6nGOQeTsGkN4MPCqbA O5YilLdgg3/HASMhtWopCgLQucDI6UEdA4sqAmQFJT5sB19kfJVRDQYSKIim8Tno 7DICVw0x5p4YzexurImz5tORwsAhTsKt52Z32KEgaVfZLqBwdJP+l3mQaS4H9wZ7 z4hSB+EPaK6UbKJVq5D5/vhYJlQsSd8sDkLcz30UqNpY0o3LwqBK/8m8apikjxCu cdM0ykUZJsccAB0zwuteBP9dEvyUHFhSkpQgWDZIqHgOuE2jpCnIRpl3aRDgB+ND XkktDObjALWmIqg1Zs6+vLIDhGKG08ZNSpwaLZQrvFK59aGA/2BTDgupJh607Tv4 D/l/yO/KxEaUQa5zsFpej2gIfIFElzZc82/ZmWaViyALtpjJ/kKdC4Fzb5PlVIuH tLzz6XhldNU=R5e5 -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . 7.3) - x86_64
3
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201903-0388",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "libssh2",
"scope": "lt",
"trust": 1.8,
"vendor": "libssh2",
"version": "1.8.1"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "28"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.6"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "30"
},
{
"model": "ontap select deploy administration utility",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "leap",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "42.3"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.57"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.0"
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.6"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "8.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "29"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "enterprise linux server eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.6"
},
{
"model": "xcode",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "11.0"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.56"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "fedora",
"scope": "eq",
"trust": 0.8,
"vendor": "fedora",
"version": "29"
},
{
"model": "ontap select deploy administration utility",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "enterprise linux desktop",
"scope": null,
"trust": 0.8,
"vendor": "red hat",
"version": null
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "none"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "aus"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "eus"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "tus"
},
{
"model": "enterprise linux workstation",
"scope": null,
"trust": 0.8,
"vendor": "red hat",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-002832"
},
{
"db": "NVD",
"id": "CVE-2019-3855"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:debian:debian_linux",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:fedoraproject:fedora",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:libssh2:libssh2",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:netapp:ontap_select_administration_utility",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:redhat:enterprise_linux_desktop",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:redhat:enterprise_linux_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:redhat:enterprise_linux_workstation",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-002832"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Chris Coulson of Canonical Ltd.,Slackware Security Team",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201903-634"
}
],
"trust": 0.6
},
"cve": "CVE-2019-3855",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CVE-2019-3855",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "VHN-155290",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2019-3855",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "secalert@redhat.com",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.6,
"id": "CVE-2019-3855",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-3855",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-3855",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "secalert@redhat.com",
"id": "CVE-2019-3855",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2019-3855",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201903-634",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-155290",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2019-3855",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-155290"
},
{
"db": "VULMON",
"id": "CVE-2019-3855"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-634"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002832"
},
{
"db": "NVD",
"id": "CVE-2019-3855"
},
{
"db": "NVD",
"id": "CVE-2019-3855"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server. libssh2 Contains an integer overflow vulnerability.Information is obtained and service operation is interrupted (DoS) There is a possibility of being put into a state. It can execute remote commands and file transfers, and at the same time provide a secure transmission channel for remote programs. An integer overflow vulnerability exists in libssh2. The vulnerability is caused by the \u0027_libssh2_transport_read()\u0027 function not properly checking the packet_length value from the server. 6) - i386, x86_64\n\n3. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: libssh2 security update\nAdvisory ID: RHSA-2019:0679-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2019:0679\nIssue date: 2019-03-28\nCVE Names: CVE-2019-3855 CVE-2019-3856 CVE-2019-3857\n CVE-2019-3863\n====================================================================\n1. Summary:\n\nAn update for libssh2 is now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - aarch64, ppc64le, s390x\nRed Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - aarch64, noarch, ppc64le, s390x\n\n3. Description:\n\nThe libssh2 packages provide a library that implements the SSH2 protocol. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing these updated packages, all running applications using\nlibssh2 must be restarted for this update to take effect. \n\n5. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nlibssh2-1.4.3-12.el7_6.2.src.rpm\n\nx86_64:\nlibssh2-1.4.3-12.el7_6.2.i686.rpm\nlibssh2-1.4.3-12.el7_6.2.x86_64.rpm\nlibssh2-debuginfo-1.4.3-12.el7_6.2.i686.rpm\nlibssh2-debuginfo-1.4.3-12.el7_6.2.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nnoarch:\nlibssh2-docs-1.4.3-12.el7_6.2.noarch.rpm\n\nx86_64:\nlibssh2-debuginfo-1.4.3-12.el7_6.2.i686.rpm\nlibssh2-debuginfo-1.4.3-12.el7_6.2.x86_64.rpm\nlibssh2-devel-1.4.3-12.el7_6.2.i686.rpm\nlibssh2-devel-1.4.3-12.el7_6.2.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nlibssh2-1.4.3-12.el7_6.2.src.rpm\n\nx86_64:\nlibssh2-1.4.3-12.el7_6.2.i686.rpm\nlibssh2-1.4.3-12.el7_6.2.x86_64.rpm\nlibssh2-debuginfo-1.4.3-12.el7_6.2.i686.rpm\nlibssh2-debuginfo-1.4.3-12.el7_6.2.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nnoarch:\nlibssh2-docs-1.4.3-12.el7_6.2.noarch.rpm\n\nx86_64:\nlibssh2-debuginfo-1.4.3-12.el7_6.2.i686.rpm\nlibssh2-debuginfo-1.4.3-12.el7_6.2.x86_64.rpm\nlibssh2-devel-1.4.3-12.el7_6.2.i686.rpm\nlibssh2-devel-1.4.3-12.el7_6.2.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nlibssh2-1.4.3-12.el7_6.2.src.rpm\n\nppc64:\nlibssh2-1.4.3-12.el7_6.2.ppc.rpm\nlibssh2-1.4.3-12.el7_6.2.ppc64.rpm\nlibssh2-debuginfo-1.4.3-12.el7_6.2.ppc.rpm\nlibssh2-debuginfo-1.4.3-12.el7_6.2.ppc64.rpm\n\nppc64le:\nlibssh2-1.4.3-12.el7_6.2.ppc64le.rpm\nlibssh2-debuginfo-1.4.3-12.el7_6.2.ppc64le.rpm\n\ns390x:\nlibssh2-1.4.3-12.el7_6.2.s390.rpm\nlibssh2-1.4.3-12.el7_6.2.s390x.rpm\nlibssh2-debuginfo-1.4.3-12.el7_6.2.s390.rpm\nlibssh2-debuginfo-1.4.3-12.el7_6.2.s390x.rpm\n\nx86_64:\nlibssh2-1.4.3-12.el7_6.2.i686.rpm\nlibssh2-1.4.3-12.el7_6.2.x86_64.rpm\nlibssh2-debuginfo-1.4.3-12.el7_6.2.i686.rpm\nlibssh2-debuginfo-1.4.3-12.el7_6.2.x86_64.rpm\n\nRed Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7):\n\nSource:\nlibssh2-1.4.3-12.el7_6.2.src.rpm\n\naarch64:\nlibssh2-1.4.3-12.el7_6.2.aarch64.rpm\nlibssh2-debuginfo-1.4.3-12.el7_6.2.aarch64.rpm\n\nppc64le:\nlibssh2-1.4.3-12.el7_6.2.ppc64le.rpm\nlibssh2-debuginfo-1.4.3-12.el7_6.2.ppc64le.rpm\n\ns390x:\nlibssh2-1.4.3-12.el7_6.2.s390.rpm\nlibssh2-1.4.3-12.el7_6.2.s390x.rpm\nlibssh2-debuginfo-1.4.3-12.el7_6.2.s390.rpm\nlibssh2-debuginfo-1.4.3-12.el7_6.2.s390x.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nnoarch:\nlibssh2-docs-1.4.3-12.el7_6.2.noarch.rpm\n\nppc64:\nlibssh2-debuginfo-1.4.3-12.el7_6.2.ppc.rpm\nlibssh2-debuginfo-1.4.3-12.el7_6.2.ppc64.rpm\nlibssh2-devel-1.4.3-12.el7_6.2.ppc.rpm\nlibssh2-devel-1.4.3-12.el7_6.2.ppc64.rpm\n\nppc64le:\nlibssh2-debuginfo-1.4.3-12.el7_6.2.ppc64le.rpm\nlibssh2-devel-1.4.3-12.el7_6.2.ppc64le.rpm\n\ns390x:\nlibssh2-debuginfo-1.4.3-12.el7_6.2.s390.rpm\nlibssh2-debuginfo-1.4.3-12.el7_6.2.s390x.rpm\nlibssh2-devel-1.4.3-12.el7_6.2.s390.rpm\nlibssh2-devel-1.4.3-12.el7_6.2.s390x.rpm\n\nx86_64:\nlibssh2-debuginfo-1.4.3-12.el7_6.2.i686.rpm\nlibssh2-debuginfo-1.4.3-12.el7_6.2.x86_64.rpm\nlibssh2-devel-1.4.3-12.el7_6.2.i686.rpm\nlibssh2-devel-1.4.3-12.el7_6.2.x86_64.rpm\n\nRed Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7):\n\naarch64:\nlibssh2-debuginfo-1.4.3-12.el7_6.2.aarch64.rpm\nlibssh2-devel-1.4.3-12.el7_6.2.aarch64.rpm\n\nnoarch:\nlibssh2-docs-1.4.3-12.el7_6.2.noarch.rpm\n\nppc64le:\nlibssh2-debuginfo-1.4.3-12.el7_6.2.ppc64le.rpm\nlibssh2-devel-1.4.3-12.el7_6.2.ppc64le.rpm\n\ns390x:\nlibssh2-debuginfo-1.4.3-12.el7_6.2.s390.rpm\nlibssh2-debuginfo-1.4.3-12.el7_6.2.s390x.rpm\nlibssh2-devel-1.4.3-12.el7_6.2.s390.rpm\nlibssh2-devel-1.4.3-12.el7_6.2.s390x.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nlibssh2-1.4.3-12.el7_6.2.src.rpm\n\nx86_64:\nlibssh2-1.4.3-12.el7_6.2.i686.rpm\nlibssh2-1.4.3-12.el7_6.2.x86_64.rpm\nlibssh2-debuginfo-1.4.3-12.el7_6.2.i686.rpm\nlibssh2-debuginfo-1.4.3-12.el7_6.2.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nnoarch:\nlibssh2-docs-1.4.3-12.el7_6.2.noarch.rpm\n\nx86_64:\nlibssh2-debuginfo-1.4.3-12.el7_6.2.i686.rpm\nlibssh2-debuginfo-1.4.3-12.el7_6.2.x86_64.rpm\nlibssh2-devel-1.4.3-12.el7_6.2.i686.rpm\nlibssh2-devel-1.4.3-12.el7_6.2.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2019-3855\nhttps://access.redhat.com/security/cve/CVE-2019-3856\nhttps://access.redhat.com/security/cve/CVE-2019-3857\nhttps://access.redhat.com/security/cve/CVE-2019-3863\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2019 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXJznXNzjgjWX9erEAQiaLQ/+NOZQa78T9tZT0qw516dUqmfm8y03YJDd\nLDgRcAbSQIlYF59kO4SxBZ13APCc8ippJXzSeBS49AeQLdesjaj3bYnWXeAiDwIE\nwE2zqYhjBH3YUW8vmoP26sC4Ov8rijsevHQcn7PcRiTrR/gSdzU59LkxouyWokAC\nnFVzke+D7aQMFv6mo9EbEEH1Q85/WIfJKKB4XuCHM13L1ohLuVVQnsjxwZtq8hev\nFCQp1moLuyyvDGjEa0lhp05gqIoDGPccpAzlcbz/HWgkb/6nGOQeTsGkN4MPCqbA\nO5YilLdgg3/HASMhtWopCgLQucDI6UEdA4sqAmQFJT5sB19kfJVRDQYSKIim8Tno\n7DICVw0x5p4YzexurImz5tORwsAhTsKt52Z32KEgaVfZLqBwdJP+l3mQaS4H9wZ7\nz4hSB+EPaK6UbKJVq5D5/vhYJlQsSd8sDkLcz30UqNpY0o3LwqBK/8m8apikjxCu\ncdM0ykUZJsccAB0zwuteBP9dEvyUHFhSkpQgWDZIqHgOuE2jpCnIRpl3aRDgB+ND\nXkktDObjALWmIqg1Zs6+vLIDhGKG08ZNSpwaLZQrvFK59aGA/2BTDgupJh607Tv4\nD/l/yO/KxEaUQa5zsFpej2gIfIFElzZc82/ZmWaViyALtpjJ/kKdC4Fzb5PlVIuH\ntLzz6XhldNU=R5e5\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. 7.3) - x86_64\n\n3",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-3855"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002832"
},
{
"db": "VULHUB",
"id": "VHN-155290"
},
{
"db": "VULMON",
"id": "CVE-2019-3855"
},
{
"db": "PACKETSTORM",
"id": "153510"
},
{
"db": "PACKETSTORM",
"id": "152282"
},
{
"db": "PACKETSTORM",
"id": "153969"
},
{
"db": "PACKETSTORM",
"id": "153654"
},
{
"db": "PACKETSTORM",
"id": "153811"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-3855",
"trust": 3.1
},
{
"db": "PACKETSTORM",
"id": "152136",
"trust": 1.8
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2019/03/18/3",
"trust": 1.8
},
{
"db": "BID",
"id": "107485",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002832",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201903-634",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2019.4341",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2340",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.4083",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.1274",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4479.2",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.0911",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.4226",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.0996",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.0894",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "153654",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "153510",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "152282",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "153969",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "153811",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "152509",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "154655",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-155290",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2019-3855",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-155290"
},
{
"db": "VULMON",
"id": "CVE-2019-3855"
},
{
"db": "PACKETSTORM",
"id": "153510"
},
{
"db": "PACKETSTORM",
"id": "152282"
},
{
"db": "PACKETSTORM",
"id": "153969"
},
{
"db": "PACKETSTORM",
"id": "153654"
},
{
"db": "PACKETSTORM",
"id": "153811"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-634"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002832"
},
{
"db": "NVD",
"id": "CVE-2019-3855"
}
]
},
"id": "VAR-201903-0388",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-155290"
}
],
"trust": 0.01
},
"last_update_date": "2025-12-22T21:51:03.499000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "[SECURITY] [DLA 1730-1] libssh2 security update",
"trust": 0.8,
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html"
},
{
"title": "DSA-4431",
"trust": 0.8,
"url": "https://www.debian.org/security/2019/dsa-4431"
},
{
"title": "FEDORA-2019-f31c14682f",
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XCWEA5ZCLKRDUK62QVVYMFWLWKOPX3LO/"
},
{
"title": "Possible integer overflow in transport read allows out-of-bounds write",
"trust": 0.8,
"url": "https://www.libssh2.org/CVE-2019-3855.html"
},
{
"title": "NTAP-20190327-0005",
"trust": 0.8,
"url": "https://security.netapp.com/advisory/ntap-20190327-0005/"
},
{
"title": "Bug 1687303",
"trust": 0.8,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3855"
},
{
"title": "RHSA-2019:0679",
"trust": 0.8,
"url": "https://access.redhat.com/errata/RHSA-2019:0679"
},
{
"title": "libssh2 Fixes for digital error vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=90196"
},
{
"title": "Red Hat: Important: libssh2 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20191652 - Security Advisory"
},
{
"title": "Red Hat: Important: libssh2 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20191791 - Security Advisory"
},
{
"title": "Red Hat: Important: libssh2 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20192399 - Security Advisory"
},
{
"title": "Red Hat: Important: libssh2 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20190679 - Security Advisory"
},
{
"title": "Red Hat: Important: libssh2 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20191943 - Security Advisory"
},
{
"title": "Debian CVElist Bug Report Logs: libssh2: CVE-2019-13115",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=fae8ca9a607a0d36a41864075e4d1739"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2019-3855"
},
{
"title": "Red Hat: Important: virt:rhel security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20191175 - Security Advisory"
},
{
"title": "Amazon Linux AMI: ALAS-2019-1254",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2019-1254"
},
{
"title": "Amazon Linux 2: ALAS2-2019-1199",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2019-1199"
},
{
"title": "IBM: IBM Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to multiple security vulnerabilities (CVE-2019-3855, CVE-2019-3856, CVE-2019-3857, CVE-2019-3863)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=90ea192442f00a544f31c35e3585a0e6"
},
{
"title": "Debian CVElist Bug Report Logs: libssh2: CVE-2019-3855 CVE-2019-3856 CVE-2019-3857 CVE-2019-3858 CVE-2019-3859 CVE-2019-3860 CVE-2019-3861 CVE-2019-3862 CVE-2019-3863",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=00191547a456d0cf5c7b101c1774a050"
},
{
"title": "Debian Security Advisories: DSA-4431-1 libssh2 -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=32e9048e9588619b2dfacda6369a23ee"
},
{
"title": "IBM: IBM Security Bulletin: IBM QRadar Network Security is affected by multiple libssh2 vulnerabilities (CVE-2019-3863, CVE-2019-3857, CVE-2019-3856, CVE-2019-3855)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=55b92934c6d6315aa40e8be4ce2a8bf4"
},
{
"title": "IBM: IBM Security Bulletin: Vulnerabiliies in libssh2 affect PowerKVM",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=6e0e5e527a9204c06a52ef667608c6e8"
},
{
"title": "Arch Linux Advisories: [ASA-201903-13] libssh2: multiple issues",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-201903-13"
},
{
"title": "Oracle VM Server for x86 Bulletins: Oracle VM Server for x86 Bulletin - July 2019",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_vm_server_for_x86_bulletins\u0026qid=b76ca4c2e9a0948d77d969fddc7b121b"
},
{
"title": "Oracle Linux Bulletins: Oracle Linux Bulletin - April 2019",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=0cf12ffad0c479958deb0741d0970b4e"
},
{
"title": "Oracle Linux Bulletins: Oracle Linux Bulletin - July 2019",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=767e8ff3a913d6c9b177c63c24420933"
},
{
"title": "IBM: IBM Security Bulletin: Vyatta 5600 vRouter Software Patches \u2013 Release 1801-z",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=4ef3e54cc5cdc194f0526779f9480f89"
},
{
"title": "Fortinet Security Advisories: libssh2 integer overflow and out of bounds read/write vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=fortinet_security_advisories\u0026qid=FG-IR-19-099"
},
{
"title": "IBM: IBM Security Bulletin: Multiple Security vulnerabilities have been fixed in the IBM Security Access Manager Appliance",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=1519a5f830589c3bab8a20f4163374ae"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=ec6577109e640dac19a6ddb978afe82d"
},
{
"title": "TrivyWeb",
"trust": 0.1,
"url": "https://github.com/KorayAgaya/TrivyWeb "
},
{
"title": "github_aquasecurity_trivy",
"trust": 0.1,
"url": "https://github.com/back8/github_aquasecurity_trivy "
},
{
"title": "trivy",
"trust": 0.1,
"url": "https://github.com/simiyo/trivy "
},
{
"title": "security",
"trust": 0.1,
"url": "https://github.com/umahari/security "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Mohzeela/external-secret "
},
{
"title": "Vulnerability-Scanner-for-Containers",
"trust": 0.1,
"url": "https://github.com/t31m0/Vulnerability-Scanner-for-Containers "
},
{
"title": "trivy",
"trust": 0.1,
"url": "https://github.com/siddharthraopotukuchi/trivy "
},
{
"title": "trivy",
"trust": 0.1,
"url": "https://github.com/aquasecurity/trivy "
},
{
"title": "trivy",
"trust": 0.1,
"url": "https://github.com/knqyf263/trivy "
},
{
"title": "PoC-in-GitHub",
"trust": 0.1,
"url": "https://github.com/developer3000S/PoC-in-GitHub "
},
{
"title": "CVE-POC",
"trust": 0.1,
"url": "https://github.com/0xT11/CVE-POC "
},
{
"title": "PoC-in-GitHub",
"trust": 0.1,
"url": "https://github.com/nomi-sec/PoC-in-GitHub "
},
{
"title": "PoC-in-GitHub",
"trust": 0.1,
"url": "https://github.com/hectorgie/PoC-in-GitHub "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-3855"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-634"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002832"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-190",
"trust": 1.9
},
{
"problemtype": "CWE-787",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-155290"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002832"
},
{
"db": "NVD",
"id": "CVE-2019-3855"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "http://packetstormsecurity.com/files/152136/slackware-security-advisory-libssh2-updates.html"
},
{
"trust": 2.4,
"url": "http://www.securityfocus.com/bid/107485"
},
{
"trust": 2.4,
"url": "https://www.debian.org/security/2019/dsa-4431"
},
{
"trust": 1.9,
"url": "https://access.redhat.com/errata/rhsa-2019:0679"
},
{
"trust": 1.9,
"url": "https://access.redhat.com/errata/rhsa-2019:1652"
},
{
"trust": 1.9,
"url": "https://access.redhat.com/errata/rhsa-2019:1791"
},
{
"trust": 1.9,
"url": "https://access.redhat.com/errata/rhsa-2019:1943"
},
{
"trust": 1.9,
"url": "https://access.redhat.com/errata/rhsa-2019:2399"
},
{
"trust": 1.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3855"
},
{
"trust": 1.8,
"url": "https://seclists.org/bugtraq/2019/mar/25"
},
{
"trust": 1.8,
"url": "https://seclists.org/bugtraq/2019/apr/25"
},
{
"trust": 1.8,
"url": "https://seclists.org/bugtraq/2019/sep/49"
},
{
"trust": 1.8,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=cve-2019-3855"
},
{
"trust": 1.8,
"url": "https://security.netapp.com/advisory/ntap-20190327-0005/"
},
{
"trust": 1.8,
"url": "https://support.apple.com/kb/ht210609"
},
{
"trust": 1.8,
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-767"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2019/sep/42"
},
{
"trust": 1.8,
"url": "https://www.libssh2.org/cve-2019-3855.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"trust": 1.8,
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html"
},
{
"trust": 1.8,
"url": "http://www.openwall.com/lists/oss-security/2019/03/18/3"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2019:1175"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/xcwea5zclkrduk62qvvymfwlwkopx3lo/"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5dk6vo2ceutajfyikwnzkekymyr3no2o/"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6lunhpw64igcasz4jq2j5kdxnzn53dww/"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/m7if3lnhoa75o4wzwihjlirma5ljued3/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3855\\"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5dk6vo2ceutajfyikwnzkekymyr3no2o/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/m7if3lnhoa75o4wzwihjlirma5ljued3/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6lunhpw64igcasz4jq2j5kdxnzn53dww/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/xcwea5zclkrduk62qvvymfwlwkopx3lo/"
},
{
"trust": 0.6,
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20190655-1.html"
},
{
"trust": 0.6,
"url": "https://fortiguard.com/psirt/fg-ir-19-099"
},
{
"trust": 0.6,
"url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00028.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1115655"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1115643"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1115649"
},
{
"trust": 0.6,
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-201913982-1.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6520674"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/libssh2-multiple-vulnerabilities-28768"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/77838"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1120209"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht210609"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1116357"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2340/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.4226/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1170634"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/79010"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4341/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/77478"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/77406"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4479.2/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-integrated-management-module-ii-imm2-is-affected-by-multiple-vulnerabilities-in-libssh2/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.4083"
},
{
"trust": 0.5,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3856"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3857"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3863"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2019-3863"
},
{
"trust": 0.5,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2019-3857"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2019-3856"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2019-3855"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/787.html"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/190.html"
},
{
"trust": 0.1,
"url": "https://tools.cisco.com/security/center/viewalert.x?alertid=59797"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/korayagaya/trivyweb"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-155290"
},
{
"db": "VULMON",
"id": "CVE-2019-3855"
},
{
"db": "PACKETSTORM",
"id": "153510"
},
{
"db": "PACKETSTORM",
"id": "152282"
},
{
"db": "PACKETSTORM",
"id": "153969"
},
{
"db": "PACKETSTORM",
"id": "153654"
},
{
"db": "PACKETSTORM",
"id": "153811"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-634"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002832"
},
{
"db": "NVD",
"id": "CVE-2019-3855"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-155290"
},
{
"db": "VULMON",
"id": "CVE-2019-3855"
},
{
"db": "PACKETSTORM",
"id": "153510"
},
{
"db": "PACKETSTORM",
"id": "152282"
},
{
"db": "PACKETSTORM",
"id": "153969"
},
{
"db": "PACKETSTORM",
"id": "153654"
},
{
"db": "PACKETSTORM",
"id": "153811"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-634"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002832"
},
{
"db": "NVD",
"id": "CVE-2019-3855"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-03-21T00:00:00",
"db": "VULHUB",
"id": "VHN-155290"
},
{
"date": "2019-03-21T00:00:00",
"db": "VULMON",
"id": "CVE-2019-3855"
},
{
"date": "2019-07-02T14:08:10",
"db": "PACKETSTORM",
"id": "153510"
},
{
"date": "2019-03-28T16:23:48",
"db": "PACKETSTORM",
"id": "152282"
},
{
"date": "2019-08-07T20:10:33",
"db": "PACKETSTORM",
"id": "153969"
},
{
"date": "2019-07-16T20:10:44",
"db": "PACKETSTORM",
"id": "153654"
},
{
"date": "2019-07-30T18:13:57",
"db": "PACKETSTORM",
"id": "153811"
},
{
"date": "2019-03-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201903-634"
},
{
"date": "2019-04-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-002832"
},
{
"date": "2019-03-21T21:29:00.433000",
"db": "NVD",
"id": "CVE-2019-3855"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-10-15T00:00:00",
"db": "VULHUB",
"id": "VHN-155290"
},
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2019-3855"
},
{
"date": "2021-12-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201903-634"
},
{
"date": "2019-04-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-002832"
},
{
"date": "2024-11-21T04:42:43.427000",
"db": "NVD",
"id": "CVE-2019-3855"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201903-634"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "libssh2 Integer overflow vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-002832"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201903-634"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…