CVE-2019-3862

Summary

An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit status message and no payload are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.

Affected Software

VendorProductVersion RangeStatus
The libssh2 Projectlibssh21.8.1affected

Weaknesses

  • CWE-130: CWE-130

ADP Enrichment

CVE Program Container

Additional References

References