CVE-2019-3858
- Source
- https://cve.org/CVERecord?id=CVE-2019-3858
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-3858.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2019-3858
- Downstream
- Related
- Published
- 2019-03-21T21:29:00.573Z
- Modified
- 2026-02-17T00:22:53.097979Z
- Severity
-
- 9.1 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
An out of bounds read flaw was discovered in libssh2 before 1.8.1 when a specially crafted SFTP packet is received from the server. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.
- References
-
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XCWEA5ZCLKRDUK62QVVYMFWLWKOPX3LO/
- https://seclists.org/bugtraq/2019/Apr/25
- http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html
- http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html
- http://packetstormsecurity.com/files/152136/Slackware-Security-Advisory-libssh2-Updates.html
- http://www.openwall.com/lists/oss-security/2019/03/18/3
- http://www.securityfocus.com/bid/107485
- https://access.redhat.com/errata/RHSA-2019:2136
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3858
- https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html
- https://seclists.org/bugtraq/2019/Mar/25
- https://security.netapp.com/advisory/ntap-20190327-0005/
- https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-767
- https://www.debian.org/security/2019/dsa-4431
- https://www.libssh2.org/CVE-2019-3858.html
- https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3858
- http://www.openwall.com/lists/oss-security/2019/03/18/3
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3858
- https://www.libssh2.org/CVE-2019-3858.html
- http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html
- http://www.openwall.com/lists/oss-security/2019/03/18/3
- https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html
- https://seclists.org/bugtraq/2019/Mar/25
Affected packages
Git / github.com/libgd/libgd
Affected ranges
- Type
- GIT
- Repo
- https://github.com/libgd/libgd
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
Other
GD_1_3_0
GD_1_4_0
GD_1_5_0
GD_1_6_0
GD_1_6_1
GD_1_6_2
GD_1_6_3
GD_1_7_0
GD_1_7_1
GD_1_7_2
GD_1_7_3
GD_1_8_0
Database specific
source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-3858.json"
vanir_signatures
[
{
"source": "https://github.com/libgd/libgd/commit/f5c6ed397689b9066a0609499160b53e5f6f5bc1",
"digest": {
"line_hashes": [
"137915413096395880728503305135935978133",
"277236217732869499402072349118882642960",
"170488336305138368057433891519791541571",
"21452950250127782488511167294389179997"
],
"threshold": 0.9
},
"id": "CVE-2019-3858-021daba8",
"deprecated": false,
"signature_type": "Line",
"signature_version": "v1",
"target": {
"file": "src/webpng.c"
}
},
{
"source": "https://github.com/libgd/libgd/commit/f5c6ed397689b9066a0609499160b53e5f6f5bc1",
"digest": {
"length": 5300.0,
"function_hash": "131064140078457992767059123153693383321"
},
"id": "CVE-2019-3858-0d48526b",
"deprecated": false,
"signature_type": "Function",
"signature_version": "v1",
"target": {
"file": "src/gdtest.c",
"function": "main"
}
},
{
"source": "https://github.com/libgd/libgd/commit/f5c6ed397689b9066a0609499160b53e5f6f5bc1",
"digest": {
"length": 764.0,
"function_hash": "177513414542882278560249180141119463653"
},
"id": "CVE-2019-3858-27f82875",
"deprecated": false,
"signature_type": "Function",
"signature_version": "v1",
"target": {
"file": "src/gd_jpeg.c",
"function": "jpeg_gdIOCtx_src"
}
},
{
"source": "https://github.com/libgd/libgd/commit/f5c6ed397689b9066a0609499160b53e5f6f5bc1",
"digest": {
"length": 2730.0,
"function_hash": "220793328367414583509659095804761009665"
},
"id": "CVE-2019-3858-4b78d6ec",
"deprecated": false,
"signature_type": "Function",
"signature_version": "v1",
"target": {
"file": "src/gd_jpeg.c",
"function": "gdImageJpegCtx"
}
},
{
"source": "https://github.com/libgd/libgd/commit/f5c6ed397689b9066a0609499160b53e5f6f5bc1",
"digest": {
"line_hashes": [
"224423994825038667307141301155751553735",
"292714708515125075163756294727559787069",
"337617725532924062007045778005701036310",
"174614396102191080896510500059869910648",
"56645488172952556022589976590553249121",
"153031174850674200027322620847886115148",
"335113054853271229697242520545913132036",
"40924818275124890660927331783578354695",
"18408746503759056172017516155517138707"
],
"threshold": 0.9
},
"id": "CVE-2019-3858-5cbd398b",
"deprecated": false,
"signature_type": "Line",
"signature_version": "v1",
"target": {
"file": "src/gdtest.c"
}
},
{
"source": "https://github.com/libgd/libgd/commit/f5c6ed397689b9066a0609499160b53e5f6f5bc1",
"digest": {
"length": 722.0,
"function_hash": "284963176223091723684131513472998469154"
},
"id": "CVE-2019-3858-85038992",
"deprecated": false,
"signature_type": "Function",
"signature_version": "v1",
"target": {
"file": "src/gd_jpeg.c",
"function": "fill_input_buffer"
}
},
{
"source": "https://github.com/libgd/libgd/commit/f5c6ed397689b9066a0609499160b53e5f6f5bc1",
"digest": {
"line_hashes": [
"92027813412245511228175260678020980351",
"19202763470955262429907545705753888061",
"90648497159821018088557580904225503459",
"335284539198289226667516519837819860452",
"264570628012787246558033389536225893843",
"170986940905451578773716922740581047940",
"228210499806179441990079550759709312848",
"314760180470581370622173575343989054833",
"35728893004215015549566936295944604597",
"34116484165307112838051483865746614127",
"127100112845686150451208997106448836970",
"137294658079916939406682014481860952302",
"72837178876052625632971622938339868341",
"281053250726914694712603466490815965331",
"186989632807399597734925020513052103586",
"267247066562033380678500648090759820128",
"300379325935806289308192142129312583149",
"107040836487939615475929916045710306309",
"229529881442102924723809398188482135452",
"87130760552061580197406699965420625586",
"163524514859426213782012476175325606758",
"21403512049603514621518078791184163331",
"151576547230273911608893838087713076656",
"229209451583912385440806234465493655727",
"61182527184331939651430275926397704276",
"252399512054102246539100396592391886474",
"282168081380286860030483765468680342163",
"16468852505240699003245208821828612557",
"32531481576374770092545051702198171782",
"97394890758811697936631939486410323410",
"21340125076763800215727715751426201391",
"100160308337738380823085426411652020687",
"72459472508214804136942630212911591013",
"323391161206220080810529478610935359148",
"125759265947751348105436147463034484196",
"127289350108876893742203786376277925814",
"41248696925263513983647350802678637488",
"291063352854247978504787104756484532639",
"151523811494609781397202161998219660840"
],
"threshold": 0.9
},
"id": "CVE-2019-3858-91eb519b",
"deprecated": false,
"signature_type": "Line",
"signature_version": "v1",
"target": {
"file": "src/gd_jpeg.c"
}
},
{
"source": "https://github.com/libgd/libgd/commit/f5c6ed397689b9066a0609499160b53e5f6f5bc1",
"digest": {
"length": 442.0,
"function_hash": "19539184677227801573481016672807987928"
},
"id": "CVE-2019-3858-939eb752",
"deprecated": false,
"signature_type": "Function",
"signature_version": "v1",
"target": {
"file": "src/gd_jpeg.c",
"function": "jpeg_gdIOCtx_dest"
}
},
{
"source": "https://github.com/libgd/libgd/commit/f5c6ed397689b9066a0609499160b53e5f6f5bc1",
"digest": {
"length": 304.0,
"function_hash": "228495996660393621966434124090105314625"
},
"id": "CVE-2019-3858-d192c9c5",
"deprecated": false,
"signature_type": "Function",
"signature_version": "v1",
"target": {
"file": "src/gd_jpeg.c",
"function": "init_destination"
}
}
]