CVE-2019-3856

Summary

An integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 before 1.8.1 in the way keyboard prompt requests are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.

Affected Software

VendorProductVersion RangeStatus
The libssh2 Projectlibssh21.8.1affected

Weaknesses

  • CWE-190: CWE-190
  • CWE-787: CWE-787

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References