CVE-2019-3858

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2019-3858
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-3858.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2019-3858
Downstream
Related
Published
2019-03-21T21:29:00Z
Modified
2025-09-16T07:05:44.963669Z
Severity
  • 9.1 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H CVSS Calculator
Summary
[none]
Details

An out of bounds read flaw was discovered in libssh2 before 1.8.1 when a specially crafted SFTP packet is received from the server. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.

References

Affected packages

Alpine:v3.10

libssh2

Package

Name
libssh2
Purl
pkg:apk/alpine/libssh2?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.8.1-r0

Affected versions

1.*

1.2.8-r0
1.2.9-r0
1.3.0-r0
1.4.0-r0
1.4.1-r0
1.4.2-r0
1.4.2-r1
1.4.3-r0
1.5.0-r0
1.6.0-r0
1.7.0-r0
1.7.0-r1
1.7.0-r2
1.8.0-r0
1.8.0-r1
1.8.0-r2
1.8.0-r3
1.8.0-r4

Alpine:v3.11

libssh2

Package

Name
libssh2
Purl
pkg:apk/alpine/libssh2?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.8.1-r0

Affected versions

1.*

1.2.8-r0
1.2.9-r0
1.3.0-r0
1.4.0-r0
1.4.1-r0
1.4.2-r0
1.4.2-r1
1.4.3-r0
1.5.0-r0
1.6.0-r0
1.7.0-r0
1.7.0-r1
1.7.0-r2
1.8.0-r0
1.8.0-r1
1.8.0-r2
1.8.0-r3
1.8.0-r4

Alpine:v3.12

libssh2

Package

Name
libssh2
Purl
pkg:apk/alpine/libssh2?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.8.1-r0

Affected versions

1.*

1.2.8-r0
1.2.9-r0
1.3.0-r0
1.4.0-r0
1.4.1-r0
1.4.2-r0
1.4.2-r1
1.4.3-r0
1.5.0-r0
1.6.0-r0
1.7.0-r0
1.7.0-r1
1.7.0-r2
1.8.0-r0
1.8.0-r1
1.8.0-r2
1.8.0-r3
1.8.0-r4

Alpine:v3.13

libssh2

Package

Name
libssh2
Purl
pkg:apk/alpine/libssh2?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.8.1-r0

Affected versions

1.*

1.2.8-r0
1.2.9-r0
1.3.0-r0
1.4.0-r0
1.4.1-r0
1.4.2-r0
1.4.2-r1
1.4.3-r0
1.5.0-r0
1.6.0-r0
1.7.0-r0
1.7.0-r1
1.7.0-r2
1.8.0-r0
1.8.0-r1
1.8.0-r2
1.8.0-r3
1.8.0-r4

Alpine:v3.14

libssh2

Package

Name
libssh2
Purl
pkg:apk/alpine/libssh2?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.8.1-r0

Affected versions

1.*

1.2.8-r0
1.2.9-r0
1.3.0-r0
1.4.0-r0
1.4.1-r0
1.4.2-r0
1.4.2-r1
1.4.3-r0
1.5.0-r0
1.6.0-r0
1.7.0-r0
1.7.0-r1
1.7.0-r2
1.8.0-r0
1.8.0-r1
1.8.0-r2
1.8.0-r3
1.8.0-r4

Alpine:v3.15

libssh2

Package

Name
libssh2
Purl
pkg:apk/alpine/libssh2?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.8.1-r0

Affected versions

1.*

1.2.8-r0
1.2.9-r0
1.3.0-r0
1.4.0-r0
1.4.1-r0
1.4.2-r0
1.4.2-r1
1.4.3-r0
1.5.0-r0
1.6.0-r0
1.7.0-r0
1.7.0-r1
1.7.0-r2
1.8.0-r0
1.8.0-r1
1.8.0-r2
1.8.0-r3
1.8.0-r4

Alpine:v3.16

libssh2

Package

Name
libssh2
Purl
pkg:apk/alpine/libssh2?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.8.1-r0

Affected versions

1.*

1.2.8-r0
1.2.9-r0
1.3.0-r0
1.4.0-r0
1.4.1-r0
1.4.2-r0
1.4.2-r1
1.4.3-r0
1.5.0-r0
1.6.0-r0
1.7.0-r0
1.7.0-r1
1.7.0-r2
1.8.0-r0
1.8.0-r1
1.8.0-r2
1.8.0-r3
1.8.0-r4

Alpine:v3.17

libssh2

Package

Name
libssh2
Purl
pkg:apk/alpine/libssh2?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.8.1-r0

Affected versions

1.*

1.2.8-r0
1.2.9-r0
1.3.0-r0
1.4.0-r0
1.4.1-r0
1.4.2-r0
1.4.2-r1
1.4.3-r0
1.5.0-r0
1.6.0-r0
1.7.0-r0
1.7.0-r1
1.7.0-r2
1.8.0-r0
1.8.0-r1
1.8.0-r2
1.8.0-r3
1.8.0-r4

Alpine:v3.18

libssh2

Package

Name
libssh2
Purl
pkg:apk/alpine/libssh2?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.8.1-r0

Affected versions

1.*

1.2.8-r0
1.2.9-r0
1.3.0-r0
1.4.0-r0
1.4.1-r0
1.4.2-r0
1.4.2-r1
1.4.3-r0
1.5.0-r0
1.6.0-r0
1.7.0-r0
1.7.0-r1
1.7.0-r2
1.8.0-r0
1.8.0-r1
1.8.0-r2
1.8.0-r3
1.8.0-r4

Alpine:v3.19

libssh2

Package

Name
libssh2
Purl
pkg:apk/alpine/libssh2?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.8.1-r0

Affected versions

1.*

1.2.8-r0
1.2.9-r0
1.3.0-r0
1.4.0-r0
1.4.1-r0
1.4.2-r0
1.4.2-r1
1.4.3-r0
1.5.0-r0
1.6.0-r0
1.7.0-r0
1.7.0-r1
1.7.0-r2
1.8.0-r0
1.8.0-r1
1.8.0-r2
1.8.0-r3
1.8.0-r4

Alpine:v3.20

libssh2

Package

Name
libssh2
Purl
pkg:apk/alpine/libssh2?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.8.1-r0

Affected versions

1.*

1.2.8-r0
1.2.9-r0
1.3.0-r0
1.4.0-r0
1.4.1-r0
1.4.2-r0
1.4.2-r1
1.4.3-r0
1.5.0-r0
1.6.0-r0
1.7.0-r0
1.7.0-r1
1.7.0-r2
1.8.0-r0
1.8.0-r1
1.8.0-r2
1.8.0-r3
1.8.0-r4

Alpine:v3.21

libssh2

Package

Name
libssh2
Purl
pkg:apk/alpine/libssh2?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.8.1-r0

Affected versions

1.*

1.2.8-r0
1.2.9-r0
1.3.0-r0
1.4.0-r0
1.4.1-r0
1.4.2-r0
1.4.2-r1
1.4.3-r0
1.5.0-r0
1.6.0-r0
1.7.0-r0
1.7.0-r1
1.7.0-r2
1.8.0-r0
1.8.0-r1
1.8.0-r2
1.8.0-r3
1.8.0-r4

Alpine:v3.22

libssh2

Package

Name
libssh2
Purl
pkg:apk/alpine/libssh2?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.8.1-r0

Affected versions

1.*

1.2.8-r0
1.2.9-r0
1.3.0-r0
1.4.0-r0
1.4.1-r0
1.4.2-r0
1.4.2-r1
1.4.3-r0
1.5.0-r0
1.6.0-r0
1.7.0-r0
1.7.0-r1
1.7.0-r2
1.8.0-r0
1.8.0-r1
1.8.0-r2
1.8.0-r3
1.8.0-r4

Alpine:v3.9

libssh2

Package

Name
libssh2
Purl
pkg:apk/alpine/libssh2?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.8.1-r0

Affected versions

1.*

1.2.8-r0
1.2.9-r0
1.3.0-r0
1.4.0-r0
1.4.1-r0
1.4.2-r0
1.4.2-r1
1.4.3-r0
1.5.0-r0
1.6.0-r0
1.7.0-r0
1.7.0-r1
1.7.0-r2
1.8.0-r0
1.8.0-r1
1.8.0-r2
1.8.0-r3
1.8.0-r4

Debian:11

libssh2

Package

Name
libssh2
Purl
pkg:deb/debian/libssh2?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.8.0-2.1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:12

libssh2

Package

Name
libssh2
Purl
pkg:deb/debian/libssh2?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.8.0-2.1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:13

libssh2

Package

Name
libssh2
Purl
pkg:deb/debian/libssh2?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.8.0-2.1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:14

libssh2

Package

Name
libssh2
Purl
pkg:deb/debian/libssh2?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.8.0-2.1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Git

github.com/libssh2/libssh2

Affected ranges

Type
GIT
Repo
https://github.com/libssh2/libssh2
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
f15b1e297f72882214988101ccdc5e6ad30d7e6e

Database specific 

{
    "vanir_signatures": [
        {
            "target": {
                "file": "src/sftp.c",
                "function": "sftp_open"
            },
            "digest": {
                "length": 4408.0,
                "function_hash": "130513997029550922359825906680064252000"
            },
            "signature_version": "v1",
            "id": "CVE-2019-3858-0ca26948",
            "source": "https://github.com/libssh2/libssh2/commit/f15b1e297f72882214988101ccdc5e6ad30d7e6e",
            "signature_type": "Function",
            "deprecated": false
        },
        {
            "target": {
                "file": "src/sftp.c",
                "function": "sftp_readdir"
            },
            "digest": {
                "length": 3539.0,
                "function_hash": "156870125600685460170868214097255513227"
            },
            "signature_version": "v1",
            "id": "CVE-2019-3858-0e392e92",
            "source": "https://github.com/libssh2/libssh2/commit/f15b1e297f72882214988101ccdc5e6ad30d7e6e",
            "signature_type": "Function",
            "deprecated": false
        },
        {
            "target": {
                "file": "src/sftp.c",
                "function": "sftp_rmdir"
            },
            "digest": {
                "length": 1909.0,
                "function_hash": "4909406955743338623248799753191051693"
            },
            "signature_version": "v1",
            "id": "CVE-2019-3858-21c8b8e3",
            "source": "https://github.com/libssh2/libssh2/commit/f15b1e297f72882214988101ccdc5e6ad30d7e6e",
            "signature_type": "Function",
            "deprecated": false
        },
        {
            "target": {
                "file": "src/transport.c"
            },
            "digest": {
                "line_hashes": [
                    "103640067018174600133330910359064061656",
                    "251614726574061676586289990518126361186",
                    "160074926891258545270335781273850368025",
                    "175967038859953433788643658712700991614",
                    "252300636862946662459037524291845680275",
                    "205740744867692225602624986094250651221",
                    "207624455288639164266962776785126235995",
                    "163971524350525289386178785941670039263",
                    "276536363861099461625239258560197416473",
                    "97475082405096749075769309233547564320",
                    "94068023891273845685731676384258751860",
                    "37043339973854571182598270819587221390",
                    "117693848582867079457949872677006588348"
                ],
                "threshold": 0.9
            },
            "signature_version": "v1",
            "id": "CVE-2019-3858-2974ffb5",
            "source": "https://github.com/libssh2/libssh2/commit/f15b1e297f72882214988101ccdc5e6ad30d7e6e",
            "signature_type": "Line",
            "deprecated": false
        },
        {
            "target": {
                "file": "src/sftp.c",
                "function": "sftp_mkdir"
            },
            "digest": {
                "length": 2156.0,
                "function_hash": "316978795291479301498767208600174571070"
            },
            "signature_version": "v1",
            "id": "CVE-2019-3858-2be55118",
            "source": "https://github.com/libssh2/libssh2/commit/f15b1e297f72882214988101ccdc5e6ad30d7e6e",
            "signature_type": "Function",
            "deprecated": false
        },
        {
            "target": {
                "file": "src/sftp.c",
                "function": "sftp_init"
            },
            "digest": {
                "length": 4523.0,
                "function_hash": "247608176950622540586523868616884867221"
            },
            "signature_version": "v1",
            "id": "CVE-2019-3858-3ad1de42",
            "source": "https://github.com/libssh2/libssh2/commit/f15b1e297f72882214988101ccdc5e6ad30d7e6e",
            "signature_type": "Function",
            "deprecated": false
        },
        {
            "target": {
                "file": "src/packet.c"
            },
            "digest": {
                "line_hashes": [
                    "199396428921383754567904753674561677405",
                    "31270133804357931177586560687876822135",
                    "323494851822450658344732192105776836261",
                    "142904498334225816359222279156429574219",
                    "169213715357542628219828394899215327742",
                    "246723504391855212743667096651081259770",
                    "219723528149573161056324137910968385847",
                    "99693739572536478413343126564542209099",
                    "16230607100086614390618655014737886935",
                    "28864690644433868393505781328262715087",
                    "283415771086431288375148369345601439353",
                    "214993028641586205385716756194042343297",
                    "30674174382679724740545357973292301528",
                    "291367533649477489803520153245601884780",
                    "13527362274155811114909863399079036034",
                    "337874180370048735146254978566702197608",
                    "73397564045854670126237563937225855875",
                    "124804228161260961836001165961206847102",
                    "320614444515314617417442576224728719669",
                    "133936557929027914058817960718498019923",
                    "262097959832462143885816594370464631676",
                    "203691769679753352705204953988371625577",
                    "243194598704361328605250134210260591689",
                    "326831759020577706739183718505705905050",
                    "71871589318446607018536788288997050415",
                    "253954920303967547017471681273447093624",
                    "170568547844691926401536349425002763636",
                    "187090474249837812343676850997532421230"
                ],
                "threshold": 0.9
            },
            "signature_version": "v1",
            "id": "CVE-2019-3858-425b2318",
            "source": "https://github.com/libssh2/libssh2/commit/f15b1e297f72882214988101ccdc5e6ad30d7e6e",
            "signature_type": "Line",
            "deprecated": false
        },
        {
            "target": {
                "file": "src/sftp.c",
                "function": "sftp_packet_read"
            },
            "digest": {
                "length": 2605.0,
                "function_hash": "29007860238940795080508963162592432190"
            },
            "signature_version": "v1",
            "id": "CVE-2019-3858-46137bf3",
            "source": "https://github.com/libssh2/libssh2/commit/f15b1e297f72882214988101ccdc5e6ad30d7e6e",
            "signature_type": "Function",
            "deprecated": false
        },
        {
            "target": {
                "file": "src/sftp.c",
                "function": "sftp_stat"
            },
            "digest": {
                "length": 2584.0,
                "function_hash": "254966901820516394836965153946132231984"
            },
            "signature_version": "v1",
            "id": "CVE-2019-3858-4ecb9954",
            "source": "https://github.com/libssh2/libssh2/commit/f15b1e297f72882214988101ccdc5e6ad30d7e6e",
            "signature_type": "Function",
            "deprecated": false
        },
        {
            "target": {
                "file": "src/sftp.c",
                "function": "sftp_rename"
            },
            "digest": {
                "length": 2773.0,
                "function_hash": "249582709169939548119986391714566587458"
            },
            "signature_version": "v1",
            "id": "CVE-2019-3858-57e9cb40",
            "source": "https://github.com/libssh2/libssh2/commit/f15b1e297f72882214988101ccdc5e6ad30d7e6e",
            "signature_type": "Function",
            "deprecated": false
        },
        {
            "target": {
                "file": "src/sftp.c",
                "function": "sftp_packet_require"
            },
            "digest": {
                "length": 755.0,
                "function_hash": "223967078130286108809695263676424007701"
            },
            "signature_version": "v1",
            "id": "CVE-2019-3858-59a9cc8e",
            "source": "https://github.com/libssh2/libssh2/commit/f15b1e297f72882214988101ccdc5e6ad30d7e6e",
            "signature_type": "Function",
            "deprecated": false
        },
        {
            "target": {
                "file": "src/sftp.c",
                "function": "sftp_statvfs"
            },
            "digest": {
                "length": 3022.0,
                "function_hash": "193066954364750455190143169852470119048"
            },
            "signature_version": "v1",
            "id": "CVE-2019-3858-640fa543",
            "source": "https://github.com/libssh2/libssh2/commit/f15b1e297f72882214988101ccdc5e6ad30d7e6e",
            "signature_type": "Function",
            "deprecated": false
        },
        {
            "target": {
                "file": "src/sftp.c",
                "function": "sftp_fstat"
            },
            "digest": {
                "length": 2297.0,
                "function_hash": "87552939035090404817081513900749527780"
            },
            "signature_version": "v1",
            "id": "CVE-2019-3858-6a03a4b9",
            "source": "https://github.com/libssh2/libssh2/commit/f15b1e297f72882214988101ccdc5e6ad30d7e6e",
            "signature_type": "Function",
            "deprecated": false
        },
        {
            "target": {
                "file": "src/sftp.c",
                "function": "sftp_fstatvfs"
            },
            "digest": {
                "length": 3007.0,
                "function_hash": "154740709970448259212685139117790334031"
            },
            "signature_version": "v1",
            "id": "CVE-2019-3858-783199a0",
            "source": "https://github.com/libssh2/libssh2/commit/f15b1e297f72882214988101ccdc5e6ad30d7e6e",
            "signature_type": "Function",
            "deprecated": false
        },
        {
            "target": {
                "file": "src/sftp.c",
                "function": "sftp_fsync"
            },
            "digest": {
                "length": 1911.0,
                "function_hash": "70978722542747169381628534237088897245"
            },
            "signature_version": "v1",
            "id": "CVE-2019-3858-7da31b87",
            "source": "https://github.com/libssh2/libssh2/commit/f15b1e297f72882214988101ccdc5e6ad30d7e6e",
            "signature_type": "Function",
            "deprecated": false
        },
        {
            "target": {
                "file": "src/comp.c",
                "function": "comp_method_zlib_decomp"
            },
            "digest": {
                "length": 1654.0,
                "function_hash": "208535582750504528373704712557279675537"
            },
            "signature_version": "v1",
            "id": "CVE-2019-3858-9673ff73",
            "source": "https://github.com/libssh2/libssh2/commit/f15b1e297f72882214988101ccdc5e6ad30d7e6e",
            "signature_type": "Function",
            "deprecated": false
        },
        {
            "target": {
                "file": "src/sftp.c",
                "function": "sftp_unlink"
            },
            "digest": {
                "length": 1920.0,
                "function_hash": "238207622479120586066667974561029709217"
            },
            "signature_version": "v1",
            "id": "CVE-2019-3858-97f35798",
            "source": "https://github.com/libssh2/libssh2/commit/f15b1e297f72882214988101ccdc5e6ad30d7e6e",
            "signature_type": "Function",
            "deprecated": false
        },
        {
            "target": {
                "file": "src/sftp.c",
                "function": "sftp_read"
            },
            "digest": {
                "length": 4981.0,
                "function_hash": "124395554584902358064113245536469288122"
            },
            "signature_version": "v1",
            "id": "CVE-2019-3858-9fe2ce69",
            "source": "https://github.com/libssh2/libssh2/commit/f15b1e297f72882214988101ccdc5e6ad30d7e6e",
            "signature_type": "Function",
            "deprecated": false
        },
        {
            "target": {
                "file": "src/packet.c",
                "function": "_libssh2_packet_add"
            },
            "digest": {
                "length": 11818.0,
                "function_hash": "139263013769379301112963821642518252508"
            },
            "signature_version": "v1",
            "id": "CVE-2019-3858-a66e6b6f",
            "source": "https://github.com/libssh2/libssh2/commit/f15b1e297f72882214988101ccdc5e6ad30d7e6e",
            "signature_type": "Function",
            "deprecated": false
        },
        {
            "target": {
                "file": "src/sftp.c",
                "function": "sftp_close_handle"
            },
            "digest": {
                "length": 2400.0,
                "function_hash": "66510952666634007487595159615921400704"
            },
            "signature_version": "v1",
            "id": "CVE-2019-3858-a730579c",
            "source": "https://github.com/libssh2/libssh2/commit/f15b1e297f72882214988101ccdc5e6ad30d7e6e",
            "signature_type": "Function",
            "deprecated": false
        },
        {
            "target": {
                "file": "src/transport.c",
                "function": "_libssh2_transport_read"
            },
            "digest": {
                "length": 4342.0,
                "function_hash": "86799271662232441093211086418938079874"
            },
            "signature_version": "v1",
            "id": "CVE-2019-3858-acd172be",
            "source": "https://github.com/libssh2/libssh2/commit/f15b1e297f72882214988101ccdc5e6ad30d7e6e",
            "signature_type": "Function",
            "deprecated": false
        },
        {
            "target": {
                "file": "src/sftp.c",
                "function": "sftp_write"
            },
            "digest": {
                "length": 2761.0,
                "function_hash": "140906860977583506650338755207525446836"
            },
            "signature_version": "v1",
            "id": "CVE-2019-3858-b1dd8ea0",
            "source": "https://github.com/libssh2/libssh2/commit/f15b1e297f72882214988101ccdc5e6ad30d7e6e",
            "signature_type": "Function",
            "deprecated": false
        },
        {
            "target": {
                "file": "src/comp.c"
            },
            "digest": {
                "line_hashes": [
                    "138738530997871058217324760481727426837",
                    "107696138087189122395259564886294388409",
                    "112290794496393128758852903264868162876",
                    "52809053727959276374355721959295612802",
                    "12770254551893424450503600189042573183",
                    "45617965563845038229481539466585268405",
                    "215001412866021085991442586565829484801",
                    "235590017375331229929012890388037113137"
                ],
                "threshold": 0.9
            },
            "signature_version": "v1",
            "id": "CVE-2019-3858-b7f606b3",
            "source": "https://github.com/libssh2/libssh2/commit/f15b1e297f72882214988101ccdc5e6ad30d7e6e",
            "signature_type": "Line",
            "deprecated": false
        },
        {
            "target": {
                "file": "src/sftp.c"
            },
            "digest": {
                "line_hashes": [
                    "65971095931925607474165134484707703870",
                    "222723814939289348153355218146051798198",
                    "113480671933772311259999772610030569336",
                    "19695196832547598462457606834888635615",
                    "127049609747369336629182122475223020099",
                    "12470525589096534373276772728943659418",
                    "32155044467733481342404278069036594458",
                    "137779044843821191784305731216222529813",
                    "35747479322450766103434935566647633406",
                    "264759112087557798261983845359922580641",
                    "124088991803049945995184704852618995659",
                    "69805208474528674640255646942333298757",
                    "39601999874935426976778124523015805251",
                    "57580518838138542592417823173772120049",
                    "186690662476264171509820097736854606281",
                    "338722790218394493408045181185693330324",
                    "31318634649267370158387018395801710174",
                    "95863922084561089809966480355738672597",
                    "58562536153111486358663849161738575391",
                    "257586373076696049531271256992484549527",
                    "31318634649267370158387018395801710174",
                    "277941692672437854805067903895533117024",
                    "930195365551914465066024542022810991",
                    "61520882827881812082931468515474380345",
                    "124281258548907136504826399210771877949",
                    "155501579177461536138581566675440960402",
                    "186607624919055905161998020334857839241",
                    "47681059168272189731028481248166910692",
                    "215514296480026391178757771523218541956",
                    "88090310640409556215378225968635983611",
                    "282858968097619018335710218937956472745",
                    "206723659974232298975308156384218492425",
                    "62643511169649774551098817898864425199",
                    "90588068352132509662273725952670578185",
                    "5949032184103962164393255491741662758",
                    "267358470374560428876951903194556027302",
                    "153569500645276666280424855998876298522",
                    "308768677104799613741566934932725626192",
                    "155730129718991520697083261850045961201",
                    "91042509781940371706750289238285346291",
                    "27799944137411759435370625571730748854",
                    "256161885760382376840634742225089632239",
                    "262936591145080649541521842326296296120",
                    "168851920835715716094680876322044398117",
                    "275637493478533621538051109460065311802",
                    "230638497528559349553204731718158904924",
                    "113678694170965915210742920031675088874",
                    "40465521627419482603241296577906043282",
                    "63974396562076364004410605472592576352",
                    "61451944515453976870439667744169564234",
                    "180215300447983459927482916705205222939",
                    "9266068043088845311367125596569259713",
                    "71419377436793728620258786506371560031",
                    "145210085632340086396633827167546162936",
                    "47807591203379758147825292113223787016",
                    "111998017294301633208648524004364157841",
                    "258785824145221317512203237360247127886",
                    "211961257851835882353516745411066373895",
                    "114392684302371829813918826047439646487",
                    "63516389893263173839425079822194386402",
                    "44995087142340885320955708510142028317",
                    "315785706471591786547760636496876835558",
                    "281287673267630434740913578343761857834",
                    "82055086117350736593464579596242579390",
                    "240697114719864734704130356037410003492",
                    "25980792220443664312812863780509491933",
                    "309375271014376797390582696640938854802",
                    "267194618946616474740169495452809792277",
                    "278271064226926070568271101273169969544",
                    "8355910987929864717976471771471060091",
                    "327462548944843076303582838559055658150",
                    "294256946859065932751589814290439689937",
                    "185313271949990824169815147014670785682",
                    "53475186571127548974763691221223138970",
                    "337563969164289193366204957787591802359",
                    "92644892202845676742578405296835828825",
                    "86087153852978759774299934062152989962",
                    "112964276935553004836376032254016672688",
                    "289579509164681042336399307119694177534",
                    "298033822111783483321705680237256265678",
                    "209162555698799178220780671810814560572",
                    "13689337585668230087589507524772507124",
                    "75362359045000927892893310693532857619",
                    "78804669067230340826741349486387747146",
                    "261623767361555437110036042798504602926",
                    "103134360100103820481559057987273522738",
                    "50384679293043126667677926233974939327",
                    "229668762245312120457285614608594240879",
                    "165754131809779153140883632498189461641",
                    "193034515654885850997808592801924841630",
                    "335591587411946502325695806052608880345",
                    "52281048307288099264109015654793140510",
                    "44205016054515026345581986368518233972",
                    "39841262345021971125844634990927640977",
                    "232718353402101803513266714102983644072",
                    "168798127306700442159352040865028449896",
                    "128239354073677256529295492671255772437",
                    "252565854097638444761537694175149212092",
                    "72395714320895708330889239108283513575",
                    "122302543619529130893031948749102209273",
                    "95841681264838622280224943970048938054",
                    "324685089401091111393322302699745158459",
                    "178707709333783344491235177861913131455",
                    "295983542749776270534596316135177109219",
                    "29854098181896915129826445024171510731",
                    "337549952105635249669764912428209516193",
                    "55266472864524757707705108776494277414",
                    "79356641381436487603846310142759879643",
                    "34792662147523098743641077256885522470",
                    "93461199567666421290296820833655260890",
                    "298621117493045171771395055030238789388",
                    "69848770615224363219844122459323722609",
                    "35921323436327693860879660953410172195",
                    "82564147952529436183823380744155964769",
                    "11858037141856020586467799175878458608",
                    "335009752433316231962913636175368933142",
                    "239365244743271890997198862873294469238",
                    "330219164155508602015846383834294347152",
                    "29586653335739588545945019563268098986",
                    "48013272687762206755489564924592530729",
                    "284543039639426751679002065098106022213",
                    "200438280933182403304629807783836713122",
                    "257202731296099122138381793481315861782",
                    "241271294108767055642727677604659391630",
                    "267885774582818383503282869863045070932",
                    "34441547194473610201163048245293020542",
                    "229448937312690753453483851599264381932",
                    "100195684414310996402914543955609069823",
                    "8605136978013357756025765119857267745",
                    "249435438705802222905355549201951325819",
                    "181152445570287677124124990101939343845",
                    "335792651507686945617272029432643296012",
                    "32802119658179107979174637314732177078",
                    "312926963816273394802981816116845581862",
                    "103030351090938202301754232920473257916",
                    "324790573564236878299053896704383402611",
                    "333527735370601391781275787584413733631",
                    "320384936982751123847438764316116953848",
                    "251951326985529864956843125396668566696",
                    "68330753670659192255694925297889863963",
                    "61786365292793417296096874403737634813",
                    "286470647739747073742467474246217568694",
                    "142216805141072893913524675812838378923",
                    "48988159106810550940032179867644065778",
                    "290440625174490493531749932745669754405",
                    "224616978884452045617453603718386650868",
                    "55544229816361082848277849865020565203",
                    "82693726025499378285847793081683433160",
                    "288609726654228990926199491382998811482",
                    "268875361056801277377869759652344798556",
                    "333527735370601391781275787584413733631",
                    "104860605808974076465809389005223186298",
                    "51538934081336964157461772117271611281",
                    "51017454342430543419503018118769891394",
                    "26318238546097311212082765259642192583",
                    "154843417833589417577055145332299757133",
                    "253211409990975367809086894924569379890",
                    "79625918431933636717345291440747130492",
                    "183572491089278745947131740599860704786",
                    "135309236174200592466520246653642658054",
                    "105361015126032660211071059373026847209",
                    "87578362019669109801966768192408966505",
                    "227543258507976190481950008223679214826",
                    "328586714866202099419917549760057778940",
                    "79625918431933636717345291440747130492",
                    "25302490782050586745203522004483747970",
                    "24903589728618869564855089009837533522",
                    "289921611383971045717345298168855529303",
                    "283390309832871614962769806139433723827",
                    "54560776545286361784950090303914848633",
                    "302252221570731585287640313191875333916",
                    "79625918431933636717345291440747130492",
                    "297215847698455143965816521190004531801",
                    "282737104716336697088580419529099096210",
                    "254565416488565427064818775725351866745",
                    "231065676751345376281102256010984817035",
                    "68984405426815457249298147373349203119",
                    "291365839665883361548384776738004842727",
                    "238651297682930144651966495022134699791",
                    "174800485988229659875224033552284296567",
                    "198234272447601820668374162789938227624",
                    "322799026089645498443822212709176295369",
                    "710674258222870202709518609147075289",
                    "164814568105973671659204681195078440816",
                    "125524353926834576058499224351393324674",
                    "234807091231144583136364698532677977768",
                    "103068025833541066735574443881785806140",
                    "253238820049730472494259852459688219340",
                    "266528477362298232042453899676309248769",
                    "292337139153980869680215941573780055061",
                    "296898326922424954932700838967752867397",
                    "32802119658179107979174637314732177078",
                    "298708163951692866016080190435144709292",
                    "132673035362168830908785363969255425940",
                    "248089546207792900547541375589979958770",
                    "34792662147523098743641077256885522470",
                    "255237575265875068672146120583307373998",
                    "189648308884693257036150127320802169210",
                    "199788790621018672579779240874188173145",
                    "61966220155080096774444514593258776927",
                    "267583222670584456445189804748637348059"
                ],
                "threshold": 0.9
            },
            "signature_version": "v1",
            "id": "CVE-2019-3858-c37c10bd",
            "source": "https://github.com/libssh2/libssh2/commit/f15b1e297f72882214988101ccdc5e6ad30d7e6e",
            "signature_type": "Line",
            "deprecated": false
        },
        {
            "target": {
                "file": "src/sftp.c",
                "function": "sftp_packet_add"
            },
            "digest": {
                "length": 1579.0,
                "function_hash": "320106694470257626261390603374947973232"
            },
            "signature_version": "v1",
            "id": "CVE-2019-3858-cf460c89",
            "source": "https://github.com/libssh2/libssh2/commit/f15b1e297f72882214988101ccdc5e6ad30d7e6e",
            "signature_type": "Function",
            "deprecated": false
        },
        {
            "target": {
                "file": "src/sftp.c",
                "function": "sftp_bin2attr"
            },
            "digest": {
                "length": 732.0,
                "function_hash": "172731995241483846760821216506079248173"
            },
            "signature_version": "v1",
            "id": "CVE-2019-3858-d33f0c92",
            "source": "https://github.com/libssh2/libssh2/commit/f15b1e297f72882214988101ccdc5e6ad30d7e6e",
            "signature_type": "Function",
            "deprecated": false
        },
        {
            "target": {
                "file": "src/sftp.c",
                "function": "sftp_packet_requirev"
            },
            "digest": {
                "length": 970.0,
                "function_hash": "301312821367067488469848435822307916452"
            },
            "signature_version": "v1",
            "id": "CVE-2019-3858-dfa5cee2",
            "source": "https://github.com/libssh2/libssh2/commit/f15b1e297f72882214988101ccdc5e6ad30d7e6e",
            "signature_type": "Function",
            "deprecated": false
        },
        {
            "target": {
                "file": "src/sftp.c",
                "function": "sftp_symlink"
            },
            "digest": {
                "length": 3195.0,
                "function_hash": "221544842930002450920983577552015030504"
            },
            "signature_version": "v1",
            "id": "CVE-2019-3858-f3db2fbf",
            "source": "https://github.com/libssh2/libssh2/commit/f15b1e297f72882214988101ccdc5e6ad30d7e6e",
            "signature_type": "Function",
            "deprecated": false
        }
    ]
}