CVE-2019-3863

Source
https://nvd.nist.gov/vuln/detail/CVE-2019-3863
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-3863.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2019-3863
Related
Published
2019-03-25T18:29:01Z
Modified
2024-10-12T05:15:10.189626Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

A flaw was found in libssh2 before 1.8.1. A server could send a multiple keyboard interactive response messages whose total length are greater than unsigned char max characters. This value is used as an index to copy memory causing in an out of bounds memory write error.

References

Affected packages

Alpine:v3.10 / libssh2

Package

Name
libssh2
Purl
pkg:apk/alpine/libssh2?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.8.1-r0

Affected versions

1.*

1.2.8-r0
1.2.9-r0
1.3.0-r0
1.4.0-r0
1.4.1-r0
1.4.2-r0
1.4.2-r1
1.4.3-r0
1.5.0-r0
1.6.0-r0
1.7.0-r0
1.7.0-r1
1.7.0-r2
1.8.0-r0
1.8.0-r1
1.8.0-r2
1.8.0-r3
1.8.0-r4

Alpine:v3.11 / libssh2

Package

Name
libssh2
Purl
pkg:apk/alpine/libssh2?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.8.1-r0

Affected versions

1.*

1.2.8-r0
1.2.9-r0
1.3.0-r0
1.4.0-r0
1.4.1-r0
1.4.2-r0
1.4.2-r1
1.4.3-r0
1.5.0-r0
1.6.0-r0
1.7.0-r0
1.7.0-r1
1.7.0-r2
1.8.0-r0
1.8.0-r1
1.8.0-r2
1.8.0-r3
1.8.0-r4

Alpine:v3.12 / libssh2

Package

Name
libssh2
Purl
pkg:apk/alpine/libssh2?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.8.1-r0

Affected versions

1.*

1.2.8-r0
1.2.9-r0
1.3.0-r0
1.4.0-r0
1.4.1-r0
1.4.2-r0
1.4.2-r1
1.4.3-r0
1.5.0-r0
1.6.0-r0
1.7.0-r0
1.7.0-r1
1.7.0-r2
1.8.0-r0
1.8.0-r1
1.8.0-r2
1.8.0-r3
1.8.0-r4

Alpine:v3.13 / libssh2

Package

Name
libssh2
Purl
pkg:apk/alpine/libssh2?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.8.1-r0

Affected versions

1.*

1.2.8-r0
1.2.9-r0
1.3.0-r0
1.4.0-r0
1.4.1-r0
1.4.2-r0
1.4.2-r1
1.4.3-r0
1.5.0-r0
1.6.0-r0
1.7.0-r0
1.7.0-r1
1.7.0-r2
1.8.0-r0
1.8.0-r1
1.8.0-r2
1.8.0-r3
1.8.0-r4

Alpine:v3.14 / libssh2

Package

Name
libssh2
Purl
pkg:apk/alpine/libssh2?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.8.1-r0

Affected versions

1.*

1.2.8-r0
1.2.9-r0
1.3.0-r0
1.4.0-r0
1.4.1-r0
1.4.2-r0
1.4.2-r1
1.4.3-r0
1.5.0-r0
1.6.0-r0
1.7.0-r0
1.7.0-r1
1.7.0-r2
1.8.0-r0
1.8.0-r1
1.8.0-r2
1.8.0-r3
1.8.0-r4

Alpine:v3.15 / libssh2

Package

Name
libssh2
Purl
pkg:apk/alpine/libssh2?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.8.1-r0

Affected versions

1.*

1.2.8-r0
1.2.9-r0
1.3.0-r0
1.4.0-r0
1.4.1-r0
1.4.2-r0
1.4.2-r1
1.4.3-r0
1.5.0-r0
1.6.0-r0
1.7.0-r0
1.7.0-r1
1.7.0-r2
1.8.0-r0
1.8.0-r1
1.8.0-r2
1.8.0-r3
1.8.0-r4

Alpine:v3.16 / libssh2

Package

Name
libssh2
Purl
pkg:apk/alpine/libssh2?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.8.1-r0

Affected versions

1.*

1.2.8-r0
1.2.9-r0
1.3.0-r0
1.4.0-r0
1.4.1-r0
1.4.2-r0
1.4.2-r1
1.4.3-r0
1.5.0-r0
1.6.0-r0
1.7.0-r0
1.7.0-r1
1.7.0-r2
1.8.0-r0
1.8.0-r1
1.8.0-r2
1.8.0-r3
1.8.0-r4

Alpine:v3.17 / libssh2

Package

Name
libssh2
Purl
pkg:apk/alpine/libssh2?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.8.1-r0

Affected versions

1.*

1.2.8-r0
1.2.9-r0
1.3.0-r0
1.4.0-r0
1.4.1-r0
1.4.2-r0
1.4.2-r1
1.4.3-r0
1.5.0-r0
1.6.0-r0
1.7.0-r0
1.7.0-r1
1.7.0-r2
1.8.0-r0
1.8.0-r1
1.8.0-r2
1.8.0-r3
1.8.0-r4

Alpine:v3.18 / libssh2

Package

Name
libssh2
Purl
pkg:apk/alpine/libssh2?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.8.1-r0

Affected versions

1.*

1.2.8-r0
1.2.9-r0
1.3.0-r0
1.4.0-r0
1.4.1-r0
1.4.2-r0
1.4.2-r1
1.4.3-r0
1.5.0-r0
1.6.0-r0
1.7.0-r0
1.7.0-r1
1.7.0-r2
1.8.0-r0
1.8.0-r1
1.8.0-r2
1.8.0-r3
1.8.0-r4

Alpine:v3.19 / libssh2

Package

Name
libssh2
Purl
pkg:apk/alpine/libssh2?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.8.1-r0

Affected versions

1.*

1.2.8-r0
1.2.9-r0
1.3.0-r0
1.4.0-r0
1.4.1-r0
1.4.2-r0
1.4.2-r1
1.4.3-r0
1.5.0-r0
1.6.0-r0
1.7.0-r0
1.7.0-r1
1.7.0-r2
1.8.0-r0
1.8.0-r1
1.8.0-r2
1.8.0-r3
1.8.0-r4

Alpine:v3.20 / libssh2

Package

Name
libssh2
Purl
pkg:apk/alpine/libssh2?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.8.1-r0

Affected versions

1.*

1.2.8-r0
1.2.9-r0
1.3.0-r0
1.4.0-r0
1.4.1-r0
1.4.2-r0
1.4.2-r1
1.4.3-r0
1.5.0-r0
1.6.0-r0
1.7.0-r0
1.7.0-r1
1.7.0-r2
1.8.0-r0
1.8.0-r1
1.8.0-r2
1.8.0-r3
1.8.0-r4

Alpine:v3.9 / libssh2

Package

Name
libssh2
Purl
pkg:apk/alpine/libssh2?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.8.1-r0

Affected versions

1.*

1.2.8-r0
1.2.9-r0
1.3.0-r0
1.4.0-r0
1.4.1-r0
1.4.2-r0
1.4.2-r1
1.4.3-r0
1.5.0-r0
1.6.0-r0
1.7.0-r0
1.7.0-r1
1.7.0-r2
1.8.0-r0
1.8.0-r1
1.8.0-r2
1.8.0-r3
1.8.0-r4

Debian:11 / libssh2

Package

Name
libssh2
Purl
pkg:deb/debian/libssh2?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.8.0-2.1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / libssh2

Package

Name
libssh2
Purl
pkg:deb/debian/libssh2?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.8.0-2.1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / libssh2

Package

Name
libssh2
Purl
pkg:deb/debian/libssh2?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.8.0-2.1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/libssh2/libssh2

Affected ranges

Type
GIT
Repo
https://github.com/libssh2/libssh2
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

RELEASE.*

RELEASE.0.1
RELEASE.0.10
RELEASE.0.11
RELEASE.0.12
RELEASE.0.13
RELEASE.0.14
RELEASE.0.15
RELEASE.0.16
RELEASE.0.17
RELEASE.0.18
RELEASE.0.3
RELEASE.0.5
RELEASE.0.6
RELEASE.0.7
RELEASE.0.8
RELEASE.1.0
RELEASE.1.1

beforenb-0.*

beforenb-0.14

beforenb2-0.*

beforenb2-0.14

libssh2-1.*

libssh2-1.2
libssh2-1.2.1
libssh2-1.2.2
libssh2-1.2.3
libssh2-1.2.4
libssh2-1.2.5
libssh2-1.2.6
libssh2-1.2.7
libssh2-1.2.8
libssh2-1.2.9
libssh2-1.3.0
libssh2-1.4.0
libssh2-1.4.1
libssh2-1.4.2
libssh2-1.4.3
libssh2-1.5.0
libssh2-1.6.0
libssh2-1.7.0
libssh2-1.8.0