Vulnerability CVE-2019-3863


Published: 2019-03-25

Description:
A flaw was found in libssh2 before 1.8.1. A server could send a multiple keyboard interactive response messages whose total length are greater than unsigned char max characters. This value is used as an index to copy memory causing in an out of bounds memory write error.

Type:

CWE-787

Vendor: Debian
Product: Debian linux 
Version: 8.0;
Vendor: Redhat
Product: Enterprise linux server tus 
Version: 7.6;
Product: Enterprise linux server eus 
Version: 7.6;
Product: Enterprise linux server aus 
Version: 7.6;
Product: Enterprise linux server 
Version: 7.0;
Product: Enterprise linux workstation 
Version: 7.0;
Product: Enterprise linux desktop 
Version: 7.0;
Vendor: Opensuse
Product: LEAP 
Version: 42.3; 15.0;
Vendor: Libssh2
Product: Libssh2 
Version:
1.8.0
1.7.0
1.6.0
1.5.0
1.4.3
1.4.2
1.4.1
1.4.0
1.3.0
1.2.9
1.2.8
1.2.7
1.2.6
1.2.5
1.2.4
1.2.3
1.2.2
1.2.1
1.2
1.1
1.0
0.8
0.7
0.6
0.5
0.3
0.18
0.17
0.16
0.15
0.14
0.13
0.12
0.11
0.10
Vendor: Netapp
Product: Ontap select deploy administration utility 

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.8/10
6.4/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial

 References:
http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html
https://access.redhat.com/errata/RHSA-2019:0679
https://access.redhat.com/errata/RHSA-2019:1175
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3863
https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/
https://seclists.org/bugtraq/2019/Apr/25
https://security.netapp.com/advisory/ntap-20190327-0005/
https://www.debian.org/security/2019/dsa-4431
https://www.libssh2.org/CVE-2019-3863.html

Related CVE
CVE-2019-5497
NetApp AFF A700s Baseboard Management Controller (BMC) firmware versions 1.22 and higher were shipped with a default account enabled that could allow unauthorized arbitrary command execution.
CVE-2019-8936
NTP through 4.2.8p12 has a NULL Pointer Dereference.
CVE-2019-5492
Element Plug-in for vCenter Server versions prior to 4.2.3 may disclose sensitive account information to an unauthenticated attacker. NetApp HCI Compute Node versions prior to 1.4P2 bundle affected versions of Element Plug-in for vCenter Server.
CVE-2019-11035
When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_iif_add_value function. This may lead to information disclosure or crash.
CVE-2019-11034
When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_process_IFD_TAG function. This may lead to information disclosure or crash.
CVE-2018-20449
The hidma_chan_stats function in drivers/dma/qcom/hidma_dbg.c in the Linux kernel 4.14.90 allows local users to obtain sensitive address information by reading "callback=" lines in a debugfs file.
CVE-2019-9946
Cloud Native Computing Foundation (CNCF) CNI (Container Networking Interface) 0.7.4 has a network firewall misconfiguration which affects Kubernetes. The CNI 'portmap' plugin, used to setup HostPorts for CNI, inserts rules at the front of the iptable...
CVE-2019-0222
In Apache ActiveMQ 5.0.0 - 5.15.8, unmarshalling corrupt MQTT frame can lead to broker Out of Memory exception making it unresponsive.

Copyright 2019, cxsecurity.com

 

Back to Top