CVE-2019-3863

Sažetak

A flaw was found in libssh2 before 1.8.1. A server could send a multiple keyboard interactive response messages whose total length are greater than unsigned char max characters. This value is used as an index to copy memory causing in an out of bounds memory write error.

Reference

https://www.libssh2.org/CVE-2019-3863.html
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3863
https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html
https://security.netapp.com/advisory/ntap-20190327-0005/
https://access.redhat.com/errata/RHSA-2019:0679
http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html
https://www.debian.org/security/2019/dsa-4431
https://seclists.org/bugtraq/2019/Apr/25
https://access.redhat.com/errata/RHSA-2019:1175
https://access.redhat.com/errata/RHSA-2019:1652
https://access.redhat.com/errata/RHSA-2019:1791
https://access.redhat.com/errata/RHSA-2019:1943
https://access.redhat.com/errata/RHSA-2019:2399
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/

CVSS

Base:	6.8
Impact:	6.4
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:M/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

07-11-2023 - 03:10

Objavljeno

25-03-2019 - 18:29