MGASA-2019-0139

See a problem?
Please try reporting it to the source first.
Source
https://advisories.mageia.org/MGASA-2019-0139.html
Import Source
https://advisories.mageia.org/MGASA-2019-0139.json
JSON Data
https://api.test.osv.dev/v1/vulns/MGASA-2019-0139
Related
Published
2019-04-10T21:25:19Z
Modified
2019-04-10T20:39:20Z
Summary
Updated libssh2 packages fix security vulnerability
Details

Possible integer overflow in transport read allows out-of-bounds write. (CVE-2019-3855)

Possible integer overflow in keyboard interactive handling allows out-of-bounds write. (CVE-2019-3856)

Possible integer overflow leading to zero-byte allocation and out-of-bounds write. (CVE-2019-3857)

Possible zero-byte allocation leading to an out-of-bounds read. (CVE-2019-3858)

Out-of-bounds reads with specially crafted payloads due to unchecked use of _libssh2_packet_require and _libssh2_packet_requirev. (CVE-2019-3859)

Out-of-bounds reads with specially crafted SFTP packets. (CVE-2019-3860)

Out-of-bounds reads with specially crafted SSH packets. (CVE-2019-3861)

Out-of-bounds memory comparison. (CVE-2019-3862)

Integer overflow in user authenicate keyboard interactive allows out-of-bounds writes. (CVE-2019-3863)

References
Credits

Affected packages

Mageia:6 / libssh2

Package

Name
libssh2
Purl
pkg:rpm/mageia/libssh2?distro=mageia-6

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.7.0-2.1.mga6

Ecosystem specific 

{
    "section": "core"
}