Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
36 vulnerabilities found for libssh2 by libssh2
CVE-2025-15661 (GCVE-0-2025-15661)
Vulnerability from cvelistv5 – Published: 2026-06-18 20:18 – Updated: 2026-06-18 20:19 X_Open Source
VLAI
Title
libssh2 - Heap Buffer Over-read via sftp_symlink() in sftp.c
Summary
libssh2 through 1.11.1, fixed in commit 2dae302, contains an out-of-bounds heap read vulnerability in the sftp_symlink() function in src/sftp.c that allows a malicious SSH server or man-in-the-middle attacker to disclose heap memory contents or cause a crash by sending a crafted SSH_FXP_NAME response. Attackers can supply a link_len value larger than the actual packet data in SSH_FXP_NAME responses for SFTP READLINK and REALPATH operations, triggering a heap buffer over-read of up to target_len minus one bytes due to the missing validation of available packet buffer size before the memcpy operation.
Severity
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/libssh2/libssh2/pull/1705 | technical-description |
| https://github.com/libssh2/libssh2/pull/1717 | issue-tracking |
| https://github.com/libssh2/libssh2/commit/2dae302… | patch |
| https://www.vulncheck.com/advisories/libssh2-heap… | third-party-advisory |
Impacted products
Date Public
2025-10-06 00:00
Credits
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "libssh2",
"repo": "https://github.com/libssh2/libssh2",
"vendor": "libssh2",
"versions": [
{
"lessThanOrEqual": "1.11.1",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "2dae3024897e1898d389835151f4e9606227721d",
"versionType": "git"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Joshua Rogers"
},
{
"lang": "en",
"type": "reporter",
"value": "Tristan Madani (@TristanInSec)"
}
],
"datePublic": "2025-10-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "libssh2 through 1.11.1, fixed in commit 2dae302, contains an out-of-bounds heap read vulnerability in the sftp_symlink() function in src/sftp.c that allows a malicious SSH server or man-in-the-middle attacker to disclose heap memory contents or cause a crash by sending a crafted SSH_FXP_NAME response. Attackers can supply a link_len value larger than the actual packet data in SSH_FXP_NAME responses for SFTP READLINK and REALPATH operations, triggering a heap buffer over-read of up to target_len minus one bytes due to the missing validation of available packet buffer size before the memcpy operation."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-18T20:19:34.109Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "Researcher Pull Request",
"tags": [
"technical-description"
],
"url": "https://github.com/libssh2/libssh2/pull/1705"
},
{
"name": "Maintainer Pull Request",
"tags": [
"issue-tracking"
],
"url": "https://github.com/libssh2/libssh2/pull/1717"
},
{
"name": "Patch Commit",
"tags": [
"patch"
],
"url": "https://github.com/libssh2/libssh2/commit/2dae3024897e1898d389835151f4e9606227721d"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/libssh2-heap-buffer-over-read-via-sftp-symlink-in-sftp-c"
}
],
"source": {
"discovery": "UNKNOWN"
},
"tags": [
"x_open-source"
],
"title": "libssh2 - Heap Buffer Over-read via sftp_symlink() in sftp.c",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2025-15661",
"datePublished": "2026-06-18T20:18:29.475Z",
"dateReserved": "2026-06-18T20:12:38.095Z",
"dateUpdated": "2026-06-18T20:19:34.109Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-55200 (GCVE-0-2026-55200)
Vulnerability from cvelistv5 – Published: 2026-06-17 19:03 – Updated: 2026-06-18 11:46 X_Open Source
VLAI
Title
libssh2 - Out-of-Bounds Write via Unchecked packet_length in transport.c
Summary
libssh2 through 1.11.1, fixed in commit 7acf3df contains an out-of-bounds write vulnerability in ssh2_transport_read() that fails to enforce upper bounds on packet_length field. Remote attackers can send crafted SSH packets with excessively large packet_length values to corrupt heap memory and achieve remote code execution.
Severity
8.1 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-680 - Integer Overflow to Buffer Overflow
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/libssh2/libssh2/pull/2052 | issue-tracking |
| https://github.com/libssh2/libssh2/commit/97acf3d… | patch |
| https://www.vulncheck.com/advisories/libssh2-out-… | third-party-advisory |
Impacted products
Date Public
2026-06-12 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-55200",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-17T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-18T03:57:48.945Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "libssh2",
"repo": "https://github.com/libssh2/libssh2",
"vendor": "libssh2",
"versions": [
{
"lessThanOrEqual": "1.11.1",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "7acf3dfda80c91c3a8c9f2372546301d4a1a7a8",
"versionType": "git"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libssh2:libssh2:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.11.1",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Tristan Madani (@TristanInSec)"
}
],
"datePublic": "2026-06-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "libssh2 through 1.11.1, fixed in commit 7acf3df contains an out-of-bounds write vulnerability in ssh2_transport_read() that fails to enforce upper bounds on packet_length field. Remote attackers can send crafted SSH packets with excessively large packet_length values to corrupt heap memory and achieve remote code execution."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 9.2,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-680",
"description": "Integer Overflow to Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-18T11:46:01.897Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "Pull Request",
"tags": [
"issue-tracking"
],
"url": "https://github.com/libssh2/libssh2/pull/2052"
},
{
"name": "Patch Commit",
"tags": [
"patch"
],
"url": "https://github.com/libssh2/libssh2/commit/97acf3dfda80c91c3a8c9f2372546301d4a1a7a8"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/libssh2-out-of-bounds-write-via-unchecked-packet-length-in-transport-c"
}
],
"tags": [
"x_open-source"
],
"title": "libssh2 - Out-of-Bounds Write via Unchecked packet_length in transport.c",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2026-55200",
"datePublished": "2026-06-17T19:03:15.183Z",
"dateReserved": "2026-06-16T15:53:37.764Z",
"dateUpdated": "2026-06-18T11:46:01.897Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-55199 (GCVE-0-2026-55199)
Vulnerability from cvelistv5 – Published: 2026-06-17 18:44 – Updated: 2026-06-18 15:31 X_Open Source
VLAI
Title
libssh2 - Pre-Authentication DoS via SSH_MSG_EXT_INFO Handler
Summary
libssh2 through 1.11.1, fixed in commit 1762685, contains a pre-authentication denial of service vulnerability in the SSH_MSG_EXT_INFO handler in src/packet.c that allows a malicious SSH server to cause a client CPU exhaustion loop by sending a crafted extension count value. A malicious server can set nr_extensions to 0xFFFFFFFF during key exchange, causing the client to spin in a tight CPU loop for over 60 seconds because return values from _libssh2_get_string() are unchecked and the session timeout does not apply to CPU-bound loops.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/libssh2/libssh2/pull/1864 | issue-tracking |
| https://github.com/libssh2/libssh2/commit/1762685… | patch |
| https://www.vulncheck.com/advisories/libssh2-pre-… | third-party-advisory |
Impacted products
Date Public
2026-04-15 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-55199",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-18T15:31:38.712448Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-18T15:31:59.479Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "libssh2",
"repo": "https://github.com/libssh2/libssh2",
"vendor": "libssh2",
"versions": [
{
"lessThanOrEqual": "1.11.1",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "17626857d20b3c9a1addfa45979dadcee1cd84a4",
"versionType": "git"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libssh2:libssh2:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.11.1",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Tristan Madani (@TristanInSec)"
}
],
"datePublic": "2026-04-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "libssh2 through 1.11.1, fixed in commit 1762685, contains a pre-authentication denial of service vulnerability in the SSH_MSG_EXT_INFO handler in src/packet.c that allows a malicious SSH server to cause a client CPU exhaustion loop by sending a crafted extension count value. A malicious server can set nr_extensions to 0xFFFFFFFF during key exchange, causing the client to spin in a tight CPU loop for over 60 seconds because return values from _libssh2_get_string() are unchecked and the session timeout does not apply to CPU-bound loops."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-835",
"description": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-18T11:45:37.547Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "Pull Request",
"tags": [
"issue-tracking"
],
"url": "https://github.com/libssh2/libssh2/pull/1864"
},
{
"name": "Patch Commit",
"tags": [
"patch"
],
"url": "https://github.com/libssh2/libssh2/commit/17626857d20b3c9a1addfa45979dadcee1cd84a4"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/libssh2-pre-authentication-dos-via-ssh-msg-ext-info-handler"
}
],
"tags": [
"x_open-source"
],
"title": "libssh2 - Pre-Authentication DoS via SSH_MSG_EXT_INFO Handler",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2026-55199",
"datePublished": "2026-06-17T18:44:18.048Z",
"dateReserved": "2026-06-16T15:53:37.764Z",
"dateUpdated": "2026-06-18T15:31:59.479Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-7598 (GCVE-0-2026-7598)
Vulnerability from cvelistv5 – Published: 2026-05-01 21:30 – Updated: 2026-05-04 13:31 X_Open Source
VLAI
Title
libssh2 userauth.c userauth_password integer overflow
Summary
A security vulnerability has been detected in libssh2 up to 1.11.1. The impacted element is the function userauth_password of the file src/userauth.c. Such manipulation of the argument username_len/password_len leads to integer overflow. The attack may be launched remotely. The name of the patch is 256d04b60d80bf1190e96b0ad1e91b2174d744b1. A patch should be applied to remediate this issue.
Severity
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/360555 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/360555/cti | signaturepermissions-required |
| https://vuldb.com/submit/805564 | third-party-advisory |
| https://github.com/libssh2/libssh2/pull/1858 | issue-trackingpatch |
| https://github.com/libssh2/libssh2/commit/256d04b… | patch |
| https://github.com/libssh2/libssh2/ | product |
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-7598",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-04T13:31:33.083934Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-04T13:31:37.545Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://vuldb.com/submit/805564"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:libssh2:libssh2:*:*:*:*:*:*:*:*"
],
"product": "libssh2",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "1.11.0"
},
{
"status": "affected",
"version": "1.11.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "dapickle (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security vulnerability has been detected in libssh2 up to 1.11.1. The impacted element is the function userauth_password of the file src/userauth.c. Such manipulation of the argument username_len/password_len leads to integer overflow. The attack may be launched remotely. The name of the patch is 256d04b60d80bf1190e96b0ad1e91b2174d744b1. A patch should be applied to remediate this issue."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:ND/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "Integer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-189",
"description": "Numeric Error",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-01T21:30:11.006Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-360555 | libssh2 userauth.c userauth_password integer overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/360555"
},
{
"name": "VDB-360555 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/360555/cti"
},
{
"name": "Submit #805564 | libssh2 \u003c= 1.11.1 Integer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/805564"
},
{
"tags": [
"issue-tracking",
"patch"
],
"url": "https://github.com/libssh2/libssh2/pull/1858"
},
{
"tags": [
"patch"
],
"url": "https://github.com/libssh2/libssh2/commit/256d04b60d80bf1190e96b0ad1e91b2174d744b1"
},
{
"tags": [
"product"
],
"url": "https://github.com/libssh2/libssh2/"
}
],
"tags": [
"x_open-source"
],
"timeline": [
{
"lang": "en",
"time": "2026-05-01T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-05-01T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-05-01T12:50:16.000Z",
"value": "VulDB entry last update"
}
],
"title": "libssh2 userauth.c userauth_password integer overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-7598",
"datePublished": "2026-05-01T21:30:11.006Z",
"dateReserved": "2026-05-01T10:45:11.583Z",
"dateUpdated": "2026-05-04T13:31:37.545Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-48795 (GCVE-0-2023-48795)
Vulnerability from cvelistv5 – Published: 2023-12-18 00:00 – Updated: 2026-05-12 11:02
VLAI
Summary
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.
Severity
5.9 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-354 - Improper Validation of Integrity Check Value
Assigner
References
139 references
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| Siemens | RUGGEDCOM APE1808 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SIMATIC S7-1500 CPU 1518-4 PN/DP MFP |
Affected:
V3.1.5 , < *
(custom)
|
|
| Siemens | SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP |
Affected:
V3.1.5 , < *
(custom)
|
|
| Siemens | SIPLUS S7-1500 CPU 1518-4 PN/DP MFP |
Affected:
V3.1.5 , < *
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T22:05:21.417Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.vicarius.io/vsociety/posts/cve-2023-48795-detect-openssh-vulnerabilit"
},
{
"url": "https://www.vicarius.io/vsociety/posts/cve-2023-48795-mitigate-openssh-vulnerability"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://matt.ucc.asn.au/dropbear/CHANGES"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.netsarang.com/en/xshell-update-history/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.paramiko.org/changelog.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.openssh.com/openbsd.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/openssh/openssh-portable/commits/master"
},
{
"tags": [
"x_transferred"
],
"url": "https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.bitvise.com/ssh-server-version-history"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/ronf/asyncssh/tags"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.com/libssh/libssh-mirror/-/tags"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.openssh.com/txt/release-9.6"
},
{
"tags": [
"x_transferred"
],
"url": "https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.terrapin-attack.com"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst"
},
{
"tags": [
"x_transferred"
],
"url": "https://thorntech.com/cve-2023-48795-and-sftp-gateway/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/warp-tech/russh/releases/tag/v0.40.2"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2023/12/18/2"
},
{
"tags": [
"x_transferred"
],
"url": "https://twitter.com/TrueSkrillor/status/1736774389725565005"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/paramiko/paramiko/issues/2337"
},
{
"tags": [
"x_transferred"
],
"url": "https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg"
},
{
"tags": [
"x_transferred"
],
"url": "https://news.ycombinator.com/item?id=38684904"
},
{
"tags": [
"x_transferred"
],
"url": "https://news.ycombinator.com/item?id=38685286"
},
{
"name": "[oss-security] 20231218 CVE-2023-48795: Prefix Truncation Attacks in SSH Specification (Terrapin Attack)",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/12/18/3"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/mwiede/jsch/issues/457"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10\u0026id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/erlang/otp/releases/tag/OTP-26.2.1"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/advisories/GHSA-45x7-px36-x8w8"
},
{
"tags": [
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/source-package/libssh2"
},
{
"tags": [
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg"
},
{
"tags": [
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2023-48795"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1217950"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254210"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugs.gentoo.org/920280"
},
{
"tags": [
"x_transferred"
],
"url": "https://ubuntu.com/security/CVE-2023-48795"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/"
},
{
"tags": [
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2023-48795"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/mwiede/jsch/pull/461"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/drakkan/sftpgo/releases/tag/v2.5.6"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/libssh2/libssh2/pull/1291"
},
{
"tags": [
"x_transferred"
],
"url": "https://forum.netgate.com/topic/184941/terrapin-ssh-attack"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/rapier1/hpn-ssh/releases"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/proftpd/proftpd/issues/456"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/TeraTermProject/teraterm/releases/tag/v5.1"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15"
},
{
"tags": [
"x_transferred"
],
"url": "https://oryx-embedded.com/download/#changelog"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3"
},
{
"tags": [
"x_transferred"
],
"url": "https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC"
},
{
"tags": [
"x_transferred"
],
"url": "https://crates.io/crates/thrussh/versions"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/NixOS/nixpkgs/pull/275249"
},
{
"name": "[oss-security] 20231219 Re: CVE-2023-48795: Prefix Truncation Attacks in SSH Specification (Terrapin Attack)",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/12/19/5"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc"
},
{
"tags": [
"x_transferred"
],
"url": "https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/"
},
{
"name": "[oss-security] 20231220 Re: CVE-2023-48795: Prefix Truncation Attacks in SSH Specification (Terrapin Attack)",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/12/20/3"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/apache/mina-sshd/issues/445"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/hierynomus/sshj/issues/916"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/janmojzis/tinyssh/issues/81"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2023/12/20/3"
},
{
"tags": [
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/source-package/trilead-ssh2"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16"
},
{
"name": "FEDORA-2023-0733306be9",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/"
},
{
"name": "DSA-5586",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5586"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.theregister.com/2023/12/20/terrapin_attack_ssh"
},
{
"tags": [
"x_transferred"
],
"url": "https://filezilla-project.org/versions.php"
},
{
"tags": [
"x_transferred"
],
"url": "https://nova.app/releases/#v11.8"
},
{
"tags": [
"x_transferred"
],
"url": "https://roumenpetrov.info/secsh/#news20231220"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.vandyke.com/products/securecrt/history.txt"
},
{
"tags": [
"x_transferred"
],
"url": "https://help.panic.com/releasenotes/transmit5/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/PowerShell/Win32-OpenSSH/issues/2189"
},
{
"tags": [
"x_transferred"
],
"url": "https://winscp.net/eng/docs/history#6.2.2"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.bitvise.com/ssh-client-version-history#933"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/cyd01/KiTTY/issues/520"
},
{
"name": "DSA-5588",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5588"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/ssh-mitm/ssh-mitm/issues/165"
},
{
"tags": [
"x_transferred"
],
"url": "https://news.ycombinator.com/item?id=38732005"
},
{
"name": "[debian-lts-announce] 20231226 [SECURITY] [DLA 3694-1] openssh security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html"
},
{
"name": "GLSA-202312-16",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202312-16"
},
{
"name": "GLSA-202312-17",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202312-17"
},
{
"name": "FEDORA-2023-20feb865d8",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/"
},
{
"name": "FEDORA-2023-cb8c606fbb",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/"
},
{
"name": "FEDORA-2023-e77300e4b5",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/"
},
{
"name": "FEDORA-2023-b87ec6cf47",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/"
},
{
"name": "FEDORA-2023-153404713b",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240105-0004/"
},
{
"name": "FEDORA-2024-3bb23c77f3",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/"
},
{
"name": "FEDORA-2023-55800423a8",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/"
},
{
"name": "FEDORA-2024-d946b9ad25",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/"
},
{
"name": "FEDORA-2024-71c2c6526c",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/"
},
{
"name": "FEDORA-2024-39a8c72ea9",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/"
},
{
"tags": [
"x_transferred"
],
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002"
},
{
"name": "FEDORA-2024-ae653fb07b",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/"
},
{
"name": "FEDORA-2024-2705241461",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/"
},
{
"name": "FEDORA-2024-fb32950d11",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/"
},
{
"name": "FEDORA-2024-7b08207cdb",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/"
},
{
"name": "FEDORA-2024-06ebb70bdd",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/"
},
{
"name": "[debian-lts-announce] 20240125 [SECURITY] [DLA 3718-1] php-phpseclib security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html"
},
{
"name": "[debian-lts-announce] 20240125 [SECURITY] [DLA 3719-1] phpseclib security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html"
},
{
"name": "FEDORA-2024-a53b24023d",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/"
},
{
"name": "FEDORA-2024-3fd1bc9276",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT214084"
},
{
"name": "20240313 APPLE-SA-03-07-2024-2 macOS Sonoma 14.4",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/Mar/21"
},
{
"name": "[debian-lts-announce] 20240425 [SECURITY] [DLA 3794-1] putty security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html"
},
{
"name": "[oss-security] 20240417 Terrapin vulnerability in Jenkins CLI client",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/04/17/8"
},
{
"name": "[oss-security] 20240306 Multiple vulnerabilities in Jenkins plugins",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/03/06/3"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/04/msg00028.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00032.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00042.html"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-48795",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2023-12-22T05:01:05.519910Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-354",
"description": "CWE-354 Improper Validation of Integrity Check Value",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-27T20:45:57.733Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM APE1808",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V3.1.5",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V3.1.5",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V3.1.5",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V3.1.5",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1518-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V3.1.5",
"versionType": "custom"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T11:02:25.905Z",
"orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
"shortName": "siemens-SADP"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-794697.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-364175.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-915275.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-769027.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-082556.html"
}
],
"x_adpType": "supplier"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH\u0027s use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-01T18:06:23.972Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html"
},
{
"url": "https://matt.ucc.asn.au/dropbear/CHANGES"
},
{
"url": "https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES"
},
{
"url": "https://www.netsarang.com/en/xshell-update-history/"
},
{
"url": "https://www.paramiko.org/changelog.html"
},
{
"url": "https://www.openssh.com/openbsd.html"
},
{
"url": "https://github.com/openssh/openssh-portable/commits/master"
},
{
"url": "https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ"
},
{
"url": "https://www.bitvise.com/ssh-server-version-history"
},
{
"url": "https://github.com/ronf/asyncssh/tags"
},
{
"url": "https://gitlab.com/libssh/libssh-mirror/-/tags"
},
{
"url": "https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/"
},
{
"url": "https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42"
},
{
"url": "https://www.openssh.com/txt/release-9.6"
},
{
"url": "https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/"
},
{
"url": "https://www.terrapin-attack.com"
},
{
"url": "https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25"
},
{
"url": "https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst"
},
{
"url": "https://thorntech.com/cve-2023-48795-and-sftp-gateway/"
},
{
"url": "https://github.com/warp-tech/russh/releases/tag/v0.40.2"
},
{
"url": "https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0"
},
{
"url": "https://www.openwall.com/lists/oss-security/2023/12/18/2"
},
{
"url": "https://twitter.com/TrueSkrillor/status/1736774389725565005"
},
{
"url": "https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d"
},
{
"url": "https://github.com/paramiko/paramiko/issues/2337"
},
{
"url": "https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg"
},
{
"url": "https://news.ycombinator.com/item?id=38684904"
},
{
"url": "https://news.ycombinator.com/item?id=38685286"
},
{
"name": "[oss-security] 20231218 CVE-2023-48795: Prefix Truncation Attacks in SSH Specification (Terrapin Attack)",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2023/12/18/3"
},
{
"url": "https://github.com/mwiede/jsch/issues/457"
},
{
"url": "https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10\u0026id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6"
},
{
"url": "https://github.com/erlang/otp/releases/tag/OTP-26.2.1"
},
{
"url": "https://github.com/advisories/GHSA-45x7-px36-x8w8"
},
{
"url": "https://security-tracker.debian.org/tracker/source-package/libssh2"
},
{
"url": "https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg"
},
{
"url": "https://security-tracker.debian.org/tracker/CVE-2023-48795"
},
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1217950"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254210"
},
{
"url": "https://bugs.gentoo.org/920280"
},
{
"url": "https://ubuntu.com/security/CVE-2023-48795"
},
{
"url": "https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/"
},
{
"url": "https://access.redhat.com/security/cve/cve-2023-48795"
},
{
"url": "https://github.com/mwiede/jsch/pull/461"
},
{
"url": "https://github.com/drakkan/sftpgo/releases/tag/v2.5.6"
},
{
"url": "https://github.com/libssh2/libssh2/pull/1291"
},
{
"url": "https://forum.netgate.com/topic/184941/terrapin-ssh-attack"
},
{
"url": "https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5"
},
{
"url": "https://github.com/rapier1/hpn-ssh/releases"
},
{
"url": "https://github.com/proftpd/proftpd/issues/456"
},
{
"url": "https://github.com/TeraTermProject/teraterm/releases/tag/v5.1"
},
{
"url": "https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15"
},
{
"url": "https://oryx-embedded.com/download/#changelog"
},
{
"url": "https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update"
},
{
"url": "https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22"
},
{
"url": "https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab"
},
{
"url": "https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3"
},
{
"url": "https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC"
},
{
"url": "https://crates.io/crates/thrussh/versions"
},
{
"url": "https://github.com/NixOS/nixpkgs/pull/275249"
},
{
"name": "[oss-security] 20231219 Re: CVE-2023-48795: Prefix Truncation Attacks in SSH Specification (Terrapin Attack)",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2023/12/19/5"
},
{
"url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc"
},
{
"url": "https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/"
},
{
"name": "[oss-security] 20231220 Re: CVE-2023-48795: Prefix Truncation Attacks in SSH Specification (Terrapin Attack)",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2023/12/20/3"
},
{
"url": "http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html"
},
{
"url": "https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES"
},
{
"url": "https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES"
},
{
"url": "https://github.com/apache/mina-sshd/issues/445"
},
{
"url": "https://github.com/hierynomus/sshj/issues/916"
},
{
"url": "https://github.com/janmojzis/tinyssh/issues/81"
},
{
"url": "https://www.openwall.com/lists/oss-security/2023/12/20/3"
},
{
"url": "https://security-tracker.debian.org/tracker/source-package/trilead-ssh2"
},
{
"url": "https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16"
},
{
"name": "FEDORA-2023-0733306be9",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/"
},
{
"name": "DSA-5586",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5586"
},
{
"url": "https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508"
},
{
"url": "https://www.theregister.com/2023/12/20/terrapin_attack_ssh"
},
{
"url": "https://filezilla-project.org/versions.php"
},
{
"url": "https://nova.app/releases/#v11.8"
},
{
"url": "https://roumenpetrov.info/secsh/#news20231220"
},
{
"url": "https://www.vandyke.com/products/securecrt/history.txt"
},
{
"url": "https://help.panic.com/releasenotes/transmit5/"
},
{
"url": "https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta"
},
{
"url": "https://github.com/PowerShell/Win32-OpenSSH/issues/2189"
},
{
"url": "https://winscp.net/eng/docs/history#6.2.2"
},
{
"url": "https://www.bitvise.com/ssh-client-version-history#933"
},
{
"url": "https://github.com/cyd01/KiTTY/issues/520"
},
{
"name": "DSA-5588",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5588"
},
{
"url": "https://github.com/ssh-mitm/ssh-mitm/issues/165"
},
{
"url": "https://news.ycombinator.com/item?id=38732005"
},
{
"name": "[debian-lts-announce] 20231226 [SECURITY] [DLA 3694-1] openssh security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html"
},
{
"name": "GLSA-202312-16",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202312-16"
},
{
"name": "GLSA-202312-17",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202312-17"
},
{
"name": "FEDORA-2023-20feb865d8",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/"
},
{
"name": "FEDORA-2023-cb8c606fbb",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/"
},
{
"name": "FEDORA-2023-e77300e4b5",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/"
},
{
"name": "FEDORA-2023-b87ec6cf47",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/"
},
{
"name": "FEDORA-2023-153404713b",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240105-0004/"
},
{
"name": "FEDORA-2024-3bb23c77f3",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/"
},
{
"name": "FEDORA-2023-55800423a8",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/"
},
{
"name": "FEDORA-2024-d946b9ad25",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/"
},
{
"name": "FEDORA-2024-71c2c6526c",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/"
},
{
"name": "FEDORA-2024-39a8c72ea9",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/"
},
{
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002"
},
{
"name": "FEDORA-2024-ae653fb07b",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/"
},
{
"name": "FEDORA-2024-2705241461",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/"
},
{
"name": "FEDORA-2024-fb32950d11",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/"
},
{
"name": "FEDORA-2024-7b08207cdb",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/"
},
{
"name": "FEDORA-2024-06ebb70bdd",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/"
},
{
"name": "[debian-lts-announce] 20240125 [SECURITY] [DLA 3718-1] php-phpseclib security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html"
},
{
"name": "[debian-lts-announce] 20240125 [SECURITY] [DLA 3719-1] phpseclib security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html"
},
{
"name": "FEDORA-2024-a53b24023d",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/"
},
{
"name": "FEDORA-2024-3fd1bc9276",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/"
},
{
"url": "https://support.apple.com/kb/HT214084"
},
{
"name": "20240313 APPLE-SA-03-07-2024-2 macOS Sonoma 14.4",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2024/Mar/21"
},
{
"name": "[debian-lts-announce] 20240425 [SECURITY] [DLA 3794-1] putty security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html"
},
{
"name": "[oss-security] 20240417 Terrapin vulnerability in Jenkins CLI client",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2024/04/17/8"
},
{
"name": "[oss-security] 20240306 Multiple vulnerabilities in Jenkins plugins",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2024/03/06/3"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-48795",
"datePublished": "2023-12-18T00:00:00.000Z",
"dateReserved": "2023-11-20T00:00:00.000Z",
"dateUpdated": "2026-05-12T11:02:25.905Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2020-22218 (GCVE-0-2020-22218)
Vulnerability from cvelistv5 – Published: 2023-08-22 00:00 – Updated: 2024-10-03 18:09
VLAI
Summary
An issue was discovered in function _libssh2_packet_add in libssh2 1.10.0 allows attackers to access out of bounds memory.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- n/a
Assigner
References
3 references
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:51:10.505Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/libssh2/libssh2/pull/476"
},
{
"name": "[debian-lts-announce] 20230908 [SECURITY] [DLA 3559-1] libssh2 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00006.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20231006-0002/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-22218",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-03T18:09:15.416860Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-03T18:09:37.723Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in function _libssh2_packet_add in libssh2 1.10.0 allows attackers to access out of bounds memory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-06T14:06:28.672Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/libssh2/libssh2/pull/476"
},
{
"name": "[debian-lts-announce] 20230908 [SECURITY] [DLA 3559-1] libssh2 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00006.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20231006-0002/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-22218",
"datePublished": "2023-08-22T00:00:00.000Z",
"dateReserved": "2020-08-13T00:00:00.000Z",
"dateUpdated": "2024-10-03T18:09:37.723Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-17498 (GCVE-0-2019-17498)
Vulnerability from cvelistv5 – Published: 2019-10-21 00:00 – Updated: 2024-08-05 01:40
VLAI
Summary
In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subsequent memory read. A crafted SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
12 references
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:40:15.913Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/libssh2/libssh2/blob/42d37aa63129a1b2644bf6495198923534322d64/src/packet.c#L480"
},
{
"tags": [
"x_transferred"
],
"url": "https://blog.semmle.com/libssh2-integer-overflow-CVE-2019-17498/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/kevinbackhouse/SecurityExploits/tree/8cbdbbe6363510f7d9ceec685373da12e6fc752d/libssh2/out_of_bounds_read_disconnect_CVE-2019-17498"
},
{
"name": "FEDORA-2019-91529f19e4",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TY7EEE34RFKCTXTMBQQWWSLXZWSCXNDB/"
},
{
"name": "openSUSE-SU-2019:2483",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00026.html"
},
{
"name": "[debian-lts-announce] 20191113 [SECURITY] [DLA 1991-1] libssh2 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00010.html"
},
{
"name": "FEDORA-2019-ec04c34768",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/22H4Q5XMGS3QNSA7OCL3U7UQZ4NXMR5O/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/libssh2/libssh2/commit/dedcbd106f8e52d5586b0205bc7677e4c9868f9c"
},
{
"name": "[debian-lts-announce] 20211217 [SECURITY] [DLA 2848-1] libssh2 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00013.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220909-0004/"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/172835/libssh2-1.9.0-Out-Of-Bounds-Read.html"
},
{
"name": "[debian-lts-announce] 20230908 [SECURITY] [DLA 3559-1] libssh2 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00006.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subsequent memory read. A crafted SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-08T13:06:20.499Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/libssh2/libssh2/blob/42d37aa63129a1b2644bf6495198923534322d64/src/packet.c#L480"
},
{
"url": "https://blog.semmle.com/libssh2-integer-overflow-CVE-2019-17498/"
},
{
"url": "https://github.com/kevinbackhouse/SecurityExploits/tree/8cbdbbe6363510f7d9ceec685373da12e6fc752d/libssh2/out_of_bounds_read_disconnect_CVE-2019-17498"
},
{
"name": "FEDORA-2019-91529f19e4",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TY7EEE34RFKCTXTMBQQWWSLXZWSCXNDB/"
},
{
"name": "openSUSE-SU-2019:2483",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00026.html"
},
{
"name": "[debian-lts-announce] 20191113 [SECURITY] [DLA 1991-1] libssh2 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00010.html"
},
{
"name": "FEDORA-2019-ec04c34768",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/22H4Q5XMGS3QNSA7OCL3U7UQZ4NXMR5O/"
},
{
"url": "https://github.com/libssh2/libssh2/commit/dedcbd106f8e52d5586b0205bc7677e4c9868f9c"
},
{
"name": "[debian-lts-announce] 20211217 [SECURITY] [DLA 2848-1] libssh2 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00013.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20220909-0004/"
},
{
"url": "http://packetstormsecurity.com/files/172835/libssh2-1.9.0-Out-Of-Bounds-Read.html"
},
{
"name": "[debian-lts-announce] 20230908 [SECURITY] [DLA 3559-1] libssh2 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00006.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-17498",
"datePublished": "2019-10-21T00:00:00.000Z",
"dateReserved": "2019-10-11T00:00:00.000Z",
"dateUpdated": "2024-08-05T01:40:15.913Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-13115 (GCVE-0-2019-13115)
Vulnerability from cvelistv5 – Published: 2019-07-16 00:00 – Updated: 2024-08-04 23:41
VLAI
Summary
In libssh2 before 1.9.0, kex_method_diffie_hellman_group_exchange_sha256_key_exchange in kex.c has an integer overflow that could lead to an out-of-bounds read in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server. This is related to an _libssh2_check_length mistake, and is different from the various issues fixed in 1.8.1, such as CVE-2019-3855.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
15 references
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:41:10.457Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/libssh2/libssh2/pull/350"
},
{
"tags": [
"x_transferred"
],
"url": "https://libssh2.org/changes.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/libssh2/libssh2/compare/02ecf17...42d37aa"
},
{
"tags": [
"x_transferred"
],
"url": "https://blog.semmle.com/libssh2-integer-overflow/"
},
{
"name": "[debian-lts-announce] 20190725 [SECURITY] [DLA 1730-3] libssh2 regression update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00024.html"
},
{
"name": "FEDORA-2019-9d85600fc7",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6LUNHPW64IGCASZ4JQ2J5KDXNZN53DWW/"
},
{
"name": "FEDORA-2019-5885663621",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M7IF3LNHOA75O4WZWIHJLIRMA5LJUED3/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190806-0002/"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K13322484"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K13322484?utm_source=f5support\u0026amp%3Butm_medium=RSS"
},
{
"name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[debian-lts-announce] 20211217 [SECURITY] [DLA 2848-1] libssh2 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00013.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/172834/libssh2-1.8.2-Out-Of-Bounds-Read.html"
},
{
"name": "[debian-lts-announce] 20230908 [SECURITY] [DLA 3559-1] libssh2 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00006.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In libssh2 before 1.9.0, kex_method_diffie_hellman_group_exchange_sha256_key_exchange in kex.c has an integer overflow that could lead to an out-of-bounds read in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server. This is related to an _libssh2_check_length mistake, and is different from the various issues fixed in 1.8.1, such as CVE-2019-3855."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-08T13:06:24.201Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/libssh2/libssh2/pull/350"
},
{
"url": "https://libssh2.org/changes.html"
},
{
"url": "https://github.com/libssh2/libssh2/compare/02ecf17...42d37aa"
},
{
"url": "https://blog.semmle.com/libssh2-integer-overflow/"
},
{
"name": "[debian-lts-announce] 20190725 [SECURITY] [DLA 1730-3] libssh2 regression update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00024.html"
},
{
"name": "FEDORA-2019-9d85600fc7",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6LUNHPW64IGCASZ4JQ2J5KDXNZN53DWW/"
},
{
"name": "FEDORA-2019-5885663621",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M7IF3LNHOA75O4WZWIHJLIRMA5LJUED3/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20190806-0002/"
},
{
"url": "https://support.f5.com/csp/article/K13322484"
},
{
"url": "https://support.f5.com/csp/article/K13322484?utm_source=f5support\u0026amp%3Butm_medium=RSS"
},
{
"name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[debian-lts-announce] 20211217 [SECURITY] [DLA 2848-1] libssh2 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00013.html"
},
{
"url": "http://packetstormsecurity.com/files/172834/libssh2-1.8.2-Out-Of-Bounds-Read.html"
},
{
"name": "[debian-lts-announce] 20230908 [SECURITY] [DLA 3559-1] libssh2 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00006.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-13115",
"datePublished": "2019-07-16T00:00:00.000Z",
"dateReserved": "2019-06-30T00:00:00.000Z",
"dateUpdated": "2024-08-04T23:41:10.457Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-3856 (GCVE-0-2019-3856)
Vulnerability from cvelistv5 – Published: 2019-03-25 18:31 – Updated: 2025-04-23 19:48
VLAI
Summary
An integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 before 1.8.1 in the way keyboard prompt requests are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
16 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| The libssh2 Project | libssh2 |
Affected:
1.8.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:19:18.557Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.libssh2.org/CVE-2019-3856.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3856"
},
{
"name": "[debian-lts-announce] 20190326 [SECURITY] [DLA 1730-1] libssh2 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190327-0005/"
},
{
"name": "RHSA-2019:0679",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0679"
},
{
"name": "openSUSE-SU-2019:1075",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html"
},
{
"name": "openSUSE-SU-2019:1109",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html"
},
{
"name": "FEDORA-2019-3348cb4934",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/"
},
{
"name": "DSA-4431",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4431"
},
{
"name": "20190415 [SECURITY] [DSA 4431-1] libssh2 security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Apr/25"
},
{
"name": "RHSA-2019:1175",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1175"
},
{
"name": "RHSA-2019:1652",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1652"
},
{
"name": "RHSA-2019:1791",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1791"
},
{
"name": "RHSA-2019:1943",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1943"
},
{
"name": "RHSA-2019:2399",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2399"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-3856",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T13:20:36.981205Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T19:48:00.365Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "libssh2",
"vendor": "The libssh2 Project",
"versions": [
{
"status": "affected",
"version": "1.8.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 before 1.8.1 in the way keyboard prompt requests are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-16T17:41:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.libssh2.org/CVE-2019-3856.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3856"
},
{
"name": "[debian-lts-announce] 20190326 [SECURITY] [DLA 1730-1] libssh2 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190327-0005/"
},
{
"name": "RHSA-2019:0679",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0679"
},
{
"name": "openSUSE-SU-2019:1075",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html"
},
{
"name": "openSUSE-SU-2019:1109",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html"
},
{
"name": "FEDORA-2019-3348cb4934",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/"
},
{
"name": "DSA-4431",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4431"
},
{
"name": "20190415 [SECURITY] [DSA 4431-1] libssh2 security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Apr/25"
},
{
"name": "RHSA-2019:1175",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1175"
},
{
"name": "RHSA-2019:1652",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1652"
},
{
"name": "RHSA-2019:1791",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1791"
},
{
"name": "RHSA-2019:1943",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1943"
},
{
"name": "RHSA-2019:2399",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2399"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2019-3856",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "libssh2",
"version": {
"version_data": [
{
"version_value": "1.8.1"
}
]
}
}
]
},
"vendor_name": "The libssh2 Project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 before 1.8.1 in the way keyboard prompt requests are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "7.5/CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-190"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-787"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.libssh2.org/CVE-2019-3856.html",
"refsource": "MISC",
"url": "https://www.libssh2.org/CVE-2019-3856.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3856",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3856"
},
{
"name": "[debian-lts-announce] 20190326 [SECURITY] [DLA 1730-1] libssh2 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190327-0005/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190327-0005/"
},
{
"name": "RHSA-2019:0679",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0679"
},
{
"name": "openSUSE-SU-2019:1075",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html"
},
{
"name": "openSUSE-SU-2019:1109",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html"
},
{
"name": "FEDORA-2019-3348cb4934",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/"
},
{
"name": "DSA-4431",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4431"
},
{
"name": "20190415 [SECURITY] [DSA 4431-1] libssh2 security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Apr/25"
},
{
"name": "RHSA-2019:1175",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1175"
},
{
"name": "RHSA-2019:1652",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1652"
},
{
"name": "RHSA-2019:1791",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1791"
},
{
"name": "RHSA-2019:1943",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1943"
},
{
"name": "RHSA-2019:2399",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2399"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
"refsource": "MISC",
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2019-3856",
"datePublished": "2019-03-25T18:31:03.000Z",
"dateReserved": "2019-01-03T00:00:00.000Z",
"dateUpdated": "2025-04-23T19:48:00.365Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-3857 (GCVE-0-2019-3857)
Vulnerability from cvelistv5 – Published: 2019-03-25 18:30 – Updated: 2025-04-23 19:48
VLAI
Summary
An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit signal are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
16 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| The libssh2 Project | libssh2 |
Affected:
1.8.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:19:18.668Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3857"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.libssh2.org/CVE-2019-3857.html"
},
{
"name": "[debian-lts-announce] 20190326 [SECURITY] [DLA 1730-1] libssh2 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190327-0005/"
},
{
"name": "RHSA-2019:0679",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0679"
},
{
"name": "openSUSE-SU-2019:1075",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html"
},
{
"name": "openSUSE-SU-2019:1109",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html"
},
{
"name": "FEDORA-2019-3348cb4934",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/"
},
{
"name": "DSA-4431",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4431"
},
{
"name": "20190415 [SECURITY] [DSA 4431-1] libssh2 security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Apr/25"
},
{
"name": "RHSA-2019:1175",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1175"
},
{
"name": "RHSA-2019:1652",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1652"
},
{
"name": "RHSA-2019:1791",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1791"
},
{
"name": "RHSA-2019:1943",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1943"
},
{
"name": "RHSA-2019:2399",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2399"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-3857",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T13:20:40.532184Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T19:48:11.114Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "libssh2",
"vendor": "The libssh2 Project",
"versions": [
{
"status": "affected",
"version": "1.8.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit signal are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-16T17:41:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3857"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.libssh2.org/CVE-2019-3857.html"
},
{
"name": "[debian-lts-announce] 20190326 [SECURITY] [DLA 1730-1] libssh2 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190327-0005/"
},
{
"name": "RHSA-2019:0679",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0679"
},
{
"name": "openSUSE-SU-2019:1075",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html"
},
{
"name": "openSUSE-SU-2019:1109",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html"
},
{
"name": "FEDORA-2019-3348cb4934",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/"
},
{
"name": "DSA-4431",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4431"
},
{
"name": "20190415 [SECURITY] [DSA 4431-1] libssh2 security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Apr/25"
},
{
"name": "RHSA-2019:1175",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1175"
},
{
"name": "RHSA-2019:1652",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1652"
},
{
"name": "RHSA-2019:1791",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1791"
},
{
"name": "RHSA-2019:1943",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1943"
},
{
"name": "RHSA-2019:2399",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2399"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2019-3857",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "libssh2",
"version": {
"version_data": [
{
"version_value": "1.8.1"
}
]
}
}
]
},
"vendor_name": "The libssh2 Project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit signal are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "7.5/CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-190"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-787"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3857",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3857"
},
{
"name": "https://www.libssh2.org/CVE-2019-3857.html",
"refsource": "MISC",
"url": "https://www.libssh2.org/CVE-2019-3857.html"
},
{
"name": "[debian-lts-announce] 20190326 [SECURITY] [DLA 1730-1] libssh2 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190327-0005/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190327-0005/"
},
{
"name": "RHSA-2019:0679",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0679"
},
{
"name": "openSUSE-SU-2019:1075",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html"
},
{
"name": "openSUSE-SU-2019:1109",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html"
},
{
"name": "FEDORA-2019-3348cb4934",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/"
},
{
"name": "DSA-4431",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4431"
},
{
"name": "20190415 [SECURITY] [DSA 4431-1] libssh2 security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Apr/25"
},
{
"name": "RHSA-2019:1175",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1175"
},
{
"name": "RHSA-2019:1652",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1652"
},
{
"name": "RHSA-2019:1791",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1791"
},
{
"name": "RHSA-2019:1943",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1943"
},
{
"name": "RHSA-2019:2399",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2399"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
"refsource": "MISC",
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2019-3857",
"datePublished": "2019-03-25T18:30:56.000Z",
"dateReserved": "2019-01-03T00:00:00.000Z",
"dateUpdated": "2025-04-23T19:48:11.114Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-3860 (GCVE-0-2019-3860)
Vulnerability from cvelistv5 – Published: 2019-03-25 18:30 – Updated: 2024-08-04 19:19
VLAI
Summary
An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SFTP packets with empty payloads are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.
Severity
5 (Medium)
CWE
Assigner
References
12 references
| URL | Tags |
|---|---|
| https://www.libssh2.org/CVE-2019-3860.html | x_refsource_MISC |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2… | x_refsource_CONFIRM |
| https://lists.debian.org/debian-lts-announce/2019… | mailing-listx_refsource_MLIST |
| https://security.netapp.com/advisory/ntap-2019032… | x_refsource_CONFIRM |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://www.debian.org/security/2019/dsa-4431 | vendor-advisoryx_refsource_DEBIAN |
| https://seclists.org/bugtraq/2019/Apr/25 | mailing-listx_refsource_BUGTRAQ |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| https://lists.debian.org/debian-lts-announce/2019… | mailing-listx_refsource_MLIST |
| https://www.oracle.com/technetwork/security-advis… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| The libssh2 Project | libssh2 |
Affected:
1.8.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:19:18.589Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.libssh2.org/CVE-2019-3860.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3860"
},
{
"name": "[debian-lts-announce] 20190326 [SECURITY] [DLA 1730-1] libssh2 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190327-0005/"
},
{
"name": "openSUSE-SU-2019:1075",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html"
},
{
"name": "openSUSE-SU-2019:1109",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html"
},
{
"name": "FEDORA-2019-3348cb4934",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/"
},
{
"name": "DSA-4431",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4431"
},
{
"name": "20190415 [SECURITY] [DSA 4431-1] libssh2 security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Apr/25"
},
{
"name": "openSUSE-SU-2019:1640",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00072.html"
},
{
"name": "[debian-lts-announce] 20190730 [SECURITY] [DLA 1730-4] libssh2 regression update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00028.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "libssh2",
"vendor": "The libssh2 Project",
"versions": [
{
"status": "affected",
"version": "1.8.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SFTP packets with empty payloads are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-16T17:41:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.libssh2.org/CVE-2019-3860.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3860"
},
{
"name": "[debian-lts-announce] 20190326 [SECURITY] [DLA 1730-1] libssh2 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190327-0005/"
},
{
"name": "openSUSE-SU-2019:1075",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html"
},
{
"name": "openSUSE-SU-2019:1109",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html"
},
{
"name": "FEDORA-2019-3348cb4934",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/"
},
{
"name": "DSA-4431",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4431"
},
{
"name": "20190415 [SECURITY] [DSA 4431-1] libssh2 security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Apr/25"
},
{
"name": "openSUSE-SU-2019:1640",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00072.html"
},
{
"name": "[debian-lts-announce] 20190730 [SECURITY] [DLA 1730-4] libssh2 regression update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00028.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2019-3860",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "libssh2",
"version": {
"version_data": [
{
"version_value": "1.8.1"
}
]
}
}
]
},
"vendor_name": "The libssh2 Project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SFTP packets with empty payloads are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "5.0/CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.libssh2.org/CVE-2019-3860.html",
"refsource": "MISC",
"url": "https://www.libssh2.org/CVE-2019-3860.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3860",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3860"
},
{
"name": "[debian-lts-announce] 20190326 [SECURITY] [DLA 1730-1] libssh2 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190327-0005/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190327-0005/"
},
{
"name": "openSUSE-SU-2019:1075",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html"
},
{
"name": "openSUSE-SU-2019:1109",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html"
},
{
"name": "FEDORA-2019-3348cb4934",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/"
},
{
"name": "DSA-4431",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4431"
},
{
"name": "20190415 [SECURITY] [DSA 4431-1] libssh2 security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Apr/25"
},
{
"name": "openSUSE-SU-2019:1640",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00072.html"
},
{
"name": "[debian-lts-announce] 20190730 [SECURITY] [DLA 1730-4] libssh2 regression update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00028.html"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
"refsource": "MISC",
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2019-3860",
"datePublished": "2019-03-25T18:30:50.000Z",
"dateReserved": "2019-01-03T00:00:00.000Z",
"dateUpdated": "2024-08-04T19:19:18.589Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-3861 (GCVE-0-2019-3861)
Vulnerability from cvelistv5 – Published: 2019-03-25 18:30 – Updated: 2024-08-04 19:19
VLAI
Summary
An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH packets with a padding length value greater than the packet length are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.
Severity
5 (Medium)
CWE
Assigner
References
11 references
| URL | Tags |
|---|---|
| https://www.libssh2.org/CVE-2019-3861.html | x_refsource_MISC |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2… | x_refsource_CONFIRM |
| https://lists.debian.org/debian-lts-announce/2019… | mailing-listx_refsource_MLIST |
| https://security.netapp.com/advisory/ntap-2019032… | x_refsource_CONFIRM |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://www.debian.org/security/2019/dsa-4431 | vendor-advisoryx_refsource_DEBIAN |
| https://seclists.org/bugtraq/2019/Apr/25 | mailing-listx_refsource_BUGTRAQ |
| https://access.redhat.com/errata/RHSA-2019:2136 | vendor-advisoryx_refsource_REDHAT |
| https://www.oracle.com/technetwork/security-advis… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| The libssh2 Project | libssh2 |
Affected:
1.8.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:19:18.629Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.libssh2.org/CVE-2019-3861.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3861"
},
{
"name": "[debian-lts-announce] 20190326 [SECURITY] [DLA 1730-1] libssh2 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190327-0005/"
},
{
"name": "openSUSE-SU-2019:1075",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html"
},
{
"name": "openSUSE-SU-2019:1109",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html"
},
{
"name": "FEDORA-2019-3348cb4934",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/"
},
{
"name": "DSA-4431",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4431"
},
{
"name": "20190415 [SECURITY] [DSA 4431-1] libssh2 security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Apr/25"
},
{
"name": "RHSA-2019:2136",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2136"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "libssh2",
"vendor": "The libssh2 Project",
"versions": [
{
"status": "affected",
"version": "1.8.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH packets with a padding length value greater than the packet length are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-16T17:41:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.libssh2.org/CVE-2019-3861.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3861"
},
{
"name": "[debian-lts-announce] 20190326 [SECURITY] [DLA 1730-1] libssh2 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190327-0005/"
},
{
"name": "openSUSE-SU-2019:1075",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html"
},
{
"name": "openSUSE-SU-2019:1109",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html"
},
{
"name": "FEDORA-2019-3348cb4934",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/"
},
{
"name": "DSA-4431",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4431"
},
{
"name": "20190415 [SECURITY] [DSA 4431-1] libssh2 security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Apr/25"
},
{
"name": "RHSA-2019:2136",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2136"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2019-3861",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "libssh2",
"version": {
"version_data": [
{
"version_value": "1.8.1"
}
]
}
}
]
},
"vendor_name": "The libssh2 Project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH packets with a padding length value greater than the packet length are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "5.0/CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.libssh2.org/CVE-2019-3861.html",
"refsource": "MISC",
"url": "https://www.libssh2.org/CVE-2019-3861.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3861",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3861"
},
{
"name": "[debian-lts-announce] 20190326 [SECURITY] [DLA 1730-1] libssh2 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190327-0005/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190327-0005/"
},
{
"name": "openSUSE-SU-2019:1075",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html"
},
{
"name": "openSUSE-SU-2019:1109",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html"
},
{
"name": "FEDORA-2019-3348cb4934",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/"
},
{
"name": "DSA-4431",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4431"
},
{
"name": "20190415 [SECURITY] [DSA 4431-1] libssh2 security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Apr/25"
},
{
"name": "RHSA-2019:2136",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2136"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
"refsource": "MISC",
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2019-3861",
"datePublished": "2019-03-25T18:30:43.000Z",
"dateReserved": "2019-01-03T00:00:00.000Z",
"dateUpdated": "2024-08-04T19:19:18.629Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-3863 (GCVE-0-2019-3863)
Vulnerability from cvelistv5 – Published: 2019-03-25 17:52 – Updated: 2025-12-19 03:02
VLAI
Summary
A flaw was found in libssh2 before 1.8.1 creating a vulnerability on the SSH client side. A server could send a multiple keyboard interactive response messages whose total length are greater than unsigned char max characters. This value is used by the SSH client as an index to copy memory causing in an out of bounds memory write error.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
16 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| The libssh2 Project | libssh2 |
Affected:
1.8.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:19:18.614Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3863"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.libssh2.org/CVE-2019-3863.html"
},
{
"name": "[debian-lts-announce] 20190326 [SECURITY] [DLA 1730-1] libssh2 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190327-0005/"
},
{
"name": "RHSA-2019:0679",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0679"
},
{
"name": "openSUSE-SU-2019:1075",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html"
},
{
"name": "openSUSE-SU-2019:1109",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html"
},
{
"name": "FEDORA-2019-3348cb4934",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/"
},
{
"name": "DSA-4431",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4431"
},
{
"name": "20190415 [SECURITY] [DSA 4431-1] libssh2 security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Apr/25"
},
{
"name": "RHSA-2019:1175",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1175"
},
{
"name": "RHSA-2019:1652",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1652"
},
{
"name": "RHSA-2019:1791",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1791"
},
{
"name": "RHSA-2019:1943",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1943"
},
{
"name": "RHSA-2019:2399",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2399"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-3863",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T13:20:45.609039Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T19:48:19.703Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "libssh2",
"vendor": "The libssh2 Project",
"versions": [
{
"status": "affected",
"version": "1.8.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in libssh2 before 1.8.1 creating a vulnerability on the SSH client side. A server could send a multiple keyboard interactive response messages whose total length are greater than unsigned char max characters. This value is used by the SSH client as an index to copy memory causing in an out of bounds memory write error."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-19T03:02:32.466Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3863"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.libssh2.org/CVE-2019-3863.html"
},
{
"name": "[debian-lts-announce] 20190326 [SECURITY] [DLA 1730-1] libssh2 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190327-0005/"
},
{
"name": "RHSA-2019:0679",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0679"
},
{
"name": "openSUSE-SU-2019:1075",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html"
},
{
"name": "openSUSE-SU-2019:1109",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html"
},
{
"name": "FEDORA-2019-3348cb4934",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/"
},
{
"name": "DSA-4431",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4431"
},
{
"name": "20190415 [SECURITY] [DSA 4431-1] libssh2 security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Apr/25"
},
{
"name": "RHSA-2019:1175",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1175"
},
{
"name": "RHSA-2019:1652",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1652"
},
{
"name": "RHSA-2019:1791",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1791"
},
{
"name": "RHSA-2019:1943",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1943"
},
{
"name": "RHSA-2019:2399",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2399"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2019-3863",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "libssh2",
"version": {
"version_data": [
{
"version_value": "1.8.1"
}
]
}
}
]
},
"vendor_name": "The libssh2 Project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in libssh2 before 1.8.1. A server could send a multiple keyboard interactive response messages whose total length are greater than unsigned char max characters. This value is used as an index to copy memory causing in an out of bounds memory write error."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "7.5/CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-190"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-787"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3863",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3863"
},
{
"name": "https://www.libssh2.org/CVE-2019-3863.html",
"refsource": "MISC",
"url": "https://www.libssh2.org/CVE-2019-3863.html"
},
{
"name": "[debian-lts-announce] 20190326 [SECURITY] [DLA 1730-1] libssh2 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190327-0005/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190327-0005/"
},
{
"name": "RHSA-2019:0679",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0679"
},
{
"name": "openSUSE-SU-2019:1075",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html"
},
{
"name": "openSUSE-SU-2019:1109",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html"
},
{
"name": "FEDORA-2019-3348cb4934",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/"
},
{
"name": "DSA-4431",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4431"
},
{
"name": "20190415 [SECURITY] [DSA 4431-1] libssh2 security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Apr/25"
},
{
"name": "RHSA-2019:1175",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1175"
},
{
"name": "RHSA-2019:1652",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1652"
},
{
"name": "RHSA-2019:1791",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1791"
},
{
"name": "RHSA-2019:1943",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1943"
},
{
"name": "RHSA-2019:2399",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2399"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
"refsource": "MISC",
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2019-3863",
"datePublished": "2019-03-25T17:52:10.000Z",
"dateReserved": "2019-01-03T00:00:00.000Z",
"dateUpdated": "2025-12-19T03:02:32.466Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2019-3858 (GCVE-0-2019-3858)
Vulnerability from cvelistv5 – Published: 2019-03-21 20:22 – Updated: 2024-08-04 19:19
VLAI
Summary
An out of bounds read flaw was discovered in libssh2 before 1.8.1 when a specially crafted SFTP packet is received from the server. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.
Severity
5 (Medium)
CWE
Assigner
References
17 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| The libssh2 Project | libssh2 |
Affected:
1.8.1
|
Date Public
2019-03-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:19:18.593Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20190318 [SECURITY ADVISORIES] libssh2",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/03/18/3"
},
{
"name": "20190319 [slackware-security] libssh2 (SSA:2019-077-01)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Mar/25"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3858"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.libssh2.org/CVE-2019-3858.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/152136/Slackware-Security-Advisory-libssh2-Updates.html"
},
{
"name": "107485",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/107485"
},
{
"name": "FEDORA-2019-f31c14682f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XCWEA5ZCLKRDUK62QVVYMFWLWKOPX3LO/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-767"
},
{
"name": "[debian-lts-announce] 20190326 [SECURITY] [DLA 1730-1] libssh2 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190327-0005/"
},
{
"name": "openSUSE-SU-2019:1075",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html"
},
{
"name": "openSUSE-SU-2019:1109",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html"
},
{
"name": "FEDORA-2019-3348cb4934",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/"
},
{
"name": "DSA-4431",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4431"
},
{
"name": "20190415 [SECURITY] [DSA 4431-1] libssh2 security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Apr/25"
},
{
"name": "RHSA-2019:2136",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2136"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "libssh2",
"vendor": "The libssh2 Project",
"versions": [
{
"status": "affected",
"version": "1.8.1"
}
]
}
],
"datePublic": "2019-03-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An out of bounds read flaw was discovered in libssh2 before 1.8.1 when a specially crafted SFTP packet is received from the server. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-16T17:41:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20190318 [SECURITY ADVISORIES] libssh2",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/03/18/3"
},
{
"name": "20190319 [slackware-security] libssh2 (SSA:2019-077-01)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Mar/25"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3858"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.libssh2.org/CVE-2019-3858.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/152136/Slackware-Security-Advisory-libssh2-Updates.html"
},
{
"name": "107485",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/107485"
},
{
"name": "FEDORA-2019-f31c14682f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XCWEA5ZCLKRDUK62QVVYMFWLWKOPX3LO/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-767"
},
{
"name": "[debian-lts-announce] 20190326 [SECURITY] [DLA 1730-1] libssh2 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190327-0005/"
},
{
"name": "openSUSE-SU-2019:1075",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html"
},
{
"name": "openSUSE-SU-2019:1109",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html"
},
{
"name": "FEDORA-2019-3348cb4934",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/"
},
{
"name": "DSA-4431",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4431"
},
{
"name": "20190415 [SECURITY] [DSA 4431-1] libssh2 security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Apr/25"
},
{
"name": "RHSA-2019:2136",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2136"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2019-3858",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "libssh2",
"version": {
"version_data": [
{
"version_value": "1.8.1"
}
]
}
}
]
},
"vendor_name": "The libssh2 Project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An out of bounds read flaw was discovered in libssh2 before 1.8.1 when a specially crafted SFTP packet is received from the server. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "5.0/CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20190318 [SECURITY ADVISORIES] libssh2",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/03/18/3"
},
{
"name": "20190319 [slackware-security] libssh2 (SSA:2019-077-01)",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Mar/25"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3858",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3858"
},
{
"name": "https://www.libssh2.org/CVE-2019-3858.html",
"refsource": "MISC",
"url": "https://www.libssh2.org/CVE-2019-3858.html"
},
{
"name": "http://packetstormsecurity.com/files/152136/Slackware-Security-Advisory-libssh2-Updates.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/152136/Slackware-Security-Advisory-libssh2-Updates.html"
},
{
"name": "107485",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107485"
},
{
"name": "FEDORA-2019-f31c14682f",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XCWEA5ZCLKRDUK62QVVYMFWLWKOPX3LO/"
},
{
"name": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-767",
"refsource": "CONFIRM",
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-767"
},
{
"name": "[debian-lts-announce] 20190326 [SECURITY] [DLA 1730-1] libssh2 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190327-0005/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190327-0005/"
},
{
"name": "openSUSE-SU-2019:1075",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html"
},
{
"name": "openSUSE-SU-2019:1109",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html"
},
{
"name": "FEDORA-2019-3348cb4934",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/"
},
{
"name": "DSA-4431",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4431"
},
{
"name": "20190415 [SECURITY] [DSA 4431-1] libssh2 security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Apr/25"
},
{
"name": "RHSA-2019:2136",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2136"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
"refsource": "MISC",
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2019-3858",
"datePublished": "2019-03-21T20:22:47.000Z",
"dateReserved": "2019-01-03T00:00:00.000Z",
"dateUpdated": "2024-08-04T19:19:18.593Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-3855 (GCVE-0-2019-3855)
Vulnerability from cvelistv5 – Published: 2019-03-21 20:13 – Updated: 2025-12-17 21:40
VLAI
Summary
An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
27 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| The libssh2 Project | libssh2 |
Affected:
1.8.1
|
Date Public
2019-03-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:19:18.675Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20190318 [SECURITY ADVISORIES] libssh2",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/03/18/3"
},
{
"name": "20190319 [slackware-security] libssh2 (SSA:2019-077-01)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Mar/25"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.libssh2.org/CVE-2019-3855.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3855"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/152136/Slackware-Security-Advisory-libssh2-Updates.html"
},
{
"name": "107485",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/107485"
},
{
"name": "FEDORA-2019-f31c14682f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XCWEA5ZCLKRDUK62QVVYMFWLWKOPX3LO/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-767"
},
{
"name": "[debian-lts-announce] 20190326 [SECURITY] [DLA 1730-1] libssh2 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190327-0005/"
},
{
"name": "RHSA-2019:0679",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0679"
},
{
"name": "openSUSE-SU-2019:1075",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html"
},
{
"name": "openSUSE-SU-2019:1109",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html"
},
{
"name": "FEDORA-2019-3348cb4934",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/"
},
{
"name": "DSA-4431",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4431"
},
{
"name": "20190415 [SECURITY] [DSA 4431-1] libssh2 security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Apr/25"
},
{
"name": "RHSA-2019:1175",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1175"
},
{
"name": "RHSA-2019:1652",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1652"
},
{
"name": "RHSA-2019:1791",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1791"
},
{
"name": "RHSA-2019:1943",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1943"
},
{
"name": "FEDORA-2019-9d85600fc7",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6LUNHPW64IGCASZ4JQ2J5KDXNZN53DWW/"
},
{
"name": "FEDORA-2019-5885663621",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M7IF3LNHOA75O4WZWIHJLIRMA5LJUED3/"
},
{
"name": "RHSA-2019:2399",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2399"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT210609"
},
{
"name": "20190927 APPLE-SA-2019-9-26-7 Xcode 11.0",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Sep/49"
},
{
"name": "20190927 APPLE-SA-2019-9-26-7 Xcode 11.0",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Sep/42"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-3855",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-17T21:39:23.503426Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-17T21:40:11.249Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "libssh2",
"vendor": "The libssh2 Project",
"versions": [
{
"status": "affected",
"version": "1.8.1"
}
]
}
],
"datePublic": "2019-03-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-16T17:41:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20190318 [SECURITY ADVISORIES] libssh2",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/03/18/3"
},
{
"name": "20190319 [slackware-security] libssh2 (SSA:2019-077-01)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Mar/25"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.libssh2.org/CVE-2019-3855.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3855"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/152136/Slackware-Security-Advisory-libssh2-Updates.html"
},
{
"name": "107485",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/107485"
},
{
"name": "FEDORA-2019-f31c14682f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XCWEA5ZCLKRDUK62QVVYMFWLWKOPX3LO/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-767"
},
{
"name": "[debian-lts-announce] 20190326 [SECURITY] [DLA 1730-1] libssh2 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190327-0005/"
},
{
"name": "RHSA-2019:0679",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0679"
},
{
"name": "openSUSE-SU-2019:1075",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html"
},
{
"name": "openSUSE-SU-2019:1109",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html"
},
{
"name": "FEDORA-2019-3348cb4934",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/"
},
{
"name": "DSA-4431",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4431"
},
{
"name": "20190415 [SECURITY] [DSA 4431-1] libssh2 security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Apr/25"
},
{
"name": "RHSA-2019:1175",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1175"
},
{
"name": "RHSA-2019:1652",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1652"
},
{
"name": "RHSA-2019:1791",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1791"
},
{
"name": "RHSA-2019:1943",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1943"
},
{
"name": "FEDORA-2019-9d85600fc7",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6LUNHPW64IGCASZ4JQ2J5KDXNZN53DWW/"
},
{
"name": "FEDORA-2019-5885663621",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M7IF3LNHOA75O4WZWIHJLIRMA5LJUED3/"
},
{
"name": "RHSA-2019:2399",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2399"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT210609"
},
{
"name": "20190927 APPLE-SA-2019-9-26-7 Xcode 11.0",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Sep/49"
},
{
"name": "20190927 APPLE-SA-2019-9-26-7 Xcode 11.0",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Sep/42"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2019-3855",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "libssh2",
"version": {
"version_data": [
{
"version_value": "1.8.1"
}
]
}
}
]
},
"vendor_name": "The libssh2 Project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "7.5/CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-190"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-787"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20190318 [SECURITY ADVISORIES] libssh2",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/03/18/3"
},
{
"name": "20190319 [slackware-security] libssh2 (SSA:2019-077-01)",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Mar/25"
},
{
"name": "https://www.libssh2.org/CVE-2019-3855.html",
"refsource": "MISC",
"url": "https://www.libssh2.org/CVE-2019-3855.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3855",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3855"
},
{
"name": "http://packetstormsecurity.com/files/152136/Slackware-Security-Advisory-libssh2-Updates.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/152136/Slackware-Security-Advisory-libssh2-Updates.html"
},
{
"name": "107485",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107485"
},
{
"name": "FEDORA-2019-f31c14682f",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XCWEA5ZCLKRDUK62QVVYMFWLWKOPX3LO/"
},
{
"name": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-767",
"refsource": "CONFIRM",
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-767"
},
{
"name": "[debian-lts-announce] 20190326 [SECURITY] [DLA 1730-1] libssh2 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190327-0005/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190327-0005/"
},
{
"name": "RHSA-2019:0679",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0679"
},
{
"name": "openSUSE-SU-2019:1075",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html"
},
{
"name": "openSUSE-SU-2019:1109",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html"
},
{
"name": "FEDORA-2019-3348cb4934",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/"
},
{
"name": "DSA-4431",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4431"
},
{
"name": "20190415 [SECURITY] [DSA 4431-1] libssh2 security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Apr/25"
},
{
"name": "RHSA-2019:1175",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1175"
},
{
"name": "RHSA-2019:1652",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1652"
},
{
"name": "RHSA-2019:1791",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1791"
},
{
"name": "RHSA-2019:1943",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1943"
},
{
"name": "FEDORA-2019-9d85600fc7",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6LUNHPW64IGCASZ4JQ2J5KDXNZN53DWW/"
},
{
"name": "FEDORA-2019-5885663621",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M7IF3LNHOA75O4WZWIHJLIRMA5LJUED3/"
},
{
"name": "RHSA-2019:2399",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2399"
},
{
"name": "https://support.apple.com/kb/HT210609",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT210609"
},
{
"name": "20190927 APPLE-SA-2019-9-26-7 Xcode 11.0",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Sep/49"
},
{
"name": "20190927 APPLE-SA-2019-9-26-7 Xcode 11.0",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/Sep/42"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
"refsource": "MISC",
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2019-3855",
"datePublished": "2019-03-21T20:13:25.000Z",
"dateReserved": "2019-01-03T00:00:00.000Z",
"dateUpdated": "2025-12-17T21:40:11.249Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2019-3862 (GCVE-0-2019-3862)
Vulnerability from cvelistv5 – Published: 2019-03-20 21:39 – Updated: 2024-08-04 19:19
VLAI
Summary
An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit status message and no payload are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.
Severity
7.3 (High)
CWE
Assigner
References
18 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| The libssh2 Project | libssh2 |
Affected:
1.8.1
|
Date Public
2019-03-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:19:18.615Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20190318 [SECURITY ADVISORIES] libssh2",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/03/18/3"
},
{
"name": "20190319 [slackware-security] libssh2 (SSA:2019-077-01)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Mar/25"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.libssh2.org/CVE-2019-3862.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3862"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/152136/Slackware-Security-Advisory-libssh2-Updates.html"
},
{
"name": "107485",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/107485"
},
{
"name": "FEDORA-2019-f31c14682f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XCWEA5ZCLKRDUK62QVVYMFWLWKOPX3LO/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-767"
},
{
"name": "[debian-lts-announce] 20190326 [SECURITY] [DLA 1730-1] libssh2 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190327-0005/"
},
{
"name": "openSUSE-SU-2019:1075",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html"
},
{
"name": "openSUSE-SU-2019:1109",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html"
},
{
"name": "FEDORA-2019-3348cb4934",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/"
},
{
"name": "DSA-4431",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4431"
},
{
"name": "20190415 [SECURITY] [DSA 4431-1] libssh2 security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Apr/25"
},
{
"name": "RHSA-2019:1884",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1884"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "libssh2",
"vendor": "The libssh2 Project",
"versions": [
{
"status": "affected",
"version": "1.8.1"
}
]
}
],
"datePublic": "2019-03-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit status message and no payload are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-130",
"description": "CWE-130",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-15T19:15:26.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20190318 [SECURITY ADVISORIES] libssh2",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/03/18/3"
},
{
"name": "20190319 [slackware-security] libssh2 (SSA:2019-077-01)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Mar/25"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.libssh2.org/CVE-2019-3862.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3862"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/152136/Slackware-Security-Advisory-libssh2-Updates.html"
},
{
"name": "107485",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/107485"
},
{
"name": "FEDORA-2019-f31c14682f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XCWEA5ZCLKRDUK62QVVYMFWLWKOPX3LO/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-767"
},
{
"name": "[debian-lts-announce] 20190326 [SECURITY] [DLA 1730-1] libssh2 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190327-0005/"
},
{
"name": "openSUSE-SU-2019:1075",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html"
},
{
"name": "openSUSE-SU-2019:1109",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html"
},
{
"name": "FEDORA-2019-3348cb4934",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/"
},
{
"name": "DSA-4431",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4431"
},
{
"name": "20190415 [SECURITY] [DSA 4431-1] libssh2 security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Apr/25"
},
{
"name": "RHSA-2019:1884",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1884"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2019-3862",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "libssh2",
"version": {
"version_data": [
{
"version_value": "1.8.1"
}
]
}
}
]
},
"vendor_name": "The libssh2 Project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit status message and no payload are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "7.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-130"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20190318 [SECURITY ADVISORIES] libssh2",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/03/18/3"
},
{
"name": "20190319 [slackware-security] libssh2 (SSA:2019-077-01)",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Mar/25"
},
{
"name": "https://www.libssh2.org/CVE-2019-3862.html",
"refsource": "MISC",
"url": "https://www.libssh2.org/CVE-2019-3862.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3862",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3862"
},
{
"name": "http://packetstormsecurity.com/files/152136/Slackware-Security-Advisory-libssh2-Updates.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/152136/Slackware-Security-Advisory-libssh2-Updates.html"
},
{
"name": "107485",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107485"
},
{
"name": "FEDORA-2019-f31c14682f",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XCWEA5ZCLKRDUK62QVVYMFWLWKOPX3LO/"
},
{
"name": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-767",
"refsource": "CONFIRM",
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-767"
},
{
"name": "[debian-lts-announce] 20190326 [SECURITY] [DLA 1730-1] libssh2 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190327-0005/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190327-0005/"
},
{
"name": "openSUSE-SU-2019:1075",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html"
},
{
"name": "openSUSE-SU-2019:1109",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html"
},
{
"name": "FEDORA-2019-3348cb4934",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/"
},
{
"name": "DSA-4431",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4431"
},
{
"name": "20190415 [SECURITY] [DSA 4431-1] libssh2 security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Apr/25"
},
{
"name": "RHSA-2019:1884",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1884"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
"refsource": "MISC",
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2019-3862",
"datePublished": "2019-03-20T21:39:52.000Z",
"dateReserved": "2019-01-03T00:00:00.000Z",
"dateUpdated": "2024-08-04T19:19:18.615Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2026-7598 (GCVE-0-2026-7598)
Vulnerability from nvd – Published: 2026-05-01 21:30 – Updated: 2026-05-04 13:31 X_Open Source
VLAI
Title
libssh2 userauth.c userauth_password integer overflow
Summary
A security vulnerability has been detected in libssh2 up to 1.11.1. The impacted element is the function userauth_password of the file src/userauth.c. Such manipulation of the argument username_len/password_len leads to integer overflow. The attack may be launched remotely. The name of the patch is 256d04b60d80bf1190e96b0ad1e91b2174d744b1. A patch should be applied to remediate this issue.
Severity
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/360555 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/360555/cti | signaturepermissions-required |
| https://vuldb.com/submit/805564 | third-party-advisory |
| https://github.com/libssh2/libssh2/pull/1858 | issue-trackingpatch |
| https://github.com/libssh2/libssh2/commit/256d04b… | patch |
| https://github.com/libssh2/libssh2/ | product |
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-7598",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-04T13:31:33.083934Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-04T13:31:37.545Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://vuldb.com/submit/805564"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:libssh2:libssh2:*:*:*:*:*:*:*:*"
],
"product": "libssh2",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "1.11.0"
},
{
"status": "affected",
"version": "1.11.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "dapickle (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security vulnerability has been detected in libssh2 up to 1.11.1. The impacted element is the function userauth_password of the file src/userauth.c. Such manipulation of the argument username_len/password_len leads to integer overflow. The attack may be launched remotely. The name of the patch is 256d04b60d80bf1190e96b0ad1e91b2174d744b1. A patch should be applied to remediate this issue."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:ND/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "Integer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-189",
"description": "Numeric Error",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-01T21:30:11.006Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-360555 | libssh2 userauth.c userauth_password integer overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/360555"
},
{
"name": "VDB-360555 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/360555/cti"
},
{
"name": "Submit #805564 | libssh2 \u003c= 1.11.1 Integer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/805564"
},
{
"tags": [
"issue-tracking",
"patch"
],
"url": "https://github.com/libssh2/libssh2/pull/1858"
},
{
"tags": [
"patch"
],
"url": "https://github.com/libssh2/libssh2/commit/256d04b60d80bf1190e96b0ad1e91b2174d744b1"
},
{
"tags": [
"product"
],
"url": "https://github.com/libssh2/libssh2/"
}
],
"tags": [
"x_open-source"
],
"timeline": [
{
"lang": "en",
"time": "2026-05-01T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-05-01T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-05-01T12:50:16.000Z",
"value": "VulDB entry last update"
}
],
"title": "libssh2 userauth.c userauth_password integer overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-7598",
"datePublished": "2026-05-01T21:30:11.006Z",
"dateReserved": "2026-05-01T10:45:11.583Z",
"dateUpdated": "2026-05-04T13:31:37.545Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-48795 (GCVE-0-2023-48795)
Vulnerability from nvd – Published: 2023-12-18 00:00 – Updated: 2026-05-12 11:02
VLAI
Summary
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.
Severity
5.9 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-354 - Improper Validation of Integrity Check Value
Assigner
References
139 references
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| Siemens | RUGGEDCOM APE1808 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SIMATIC S7-1500 CPU 1518-4 PN/DP MFP |
Affected:
V3.1.5 , < *
(custom)
|
|
| Siemens | SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP |
Affected:
V3.1.5 , < *
(custom)
|
|
| Siemens | SIPLUS S7-1500 CPU 1518-4 PN/DP MFP |
Affected:
V3.1.5 , < *
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T22:05:21.417Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.vicarius.io/vsociety/posts/cve-2023-48795-detect-openssh-vulnerabilit"
},
{
"url": "https://www.vicarius.io/vsociety/posts/cve-2023-48795-mitigate-openssh-vulnerability"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://matt.ucc.asn.au/dropbear/CHANGES"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.netsarang.com/en/xshell-update-history/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.paramiko.org/changelog.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.openssh.com/openbsd.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/openssh/openssh-portable/commits/master"
},
{
"tags": [
"x_transferred"
],
"url": "https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.bitvise.com/ssh-server-version-history"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/ronf/asyncssh/tags"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.com/libssh/libssh-mirror/-/tags"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.openssh.com/txt/release-9.6"
},
{
"tags": [
"x_transferred"
],
"url": "https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.terrapin-attack.com"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst"
},
{
"tags": [
"x_transferred"
],
"url": "https://thorntech.com/cve-2023-48795-and-sftp-gateway/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/warp-tech/russh/releases/tag/v0.40.2"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2023/12/18/2"
},
{
"tags": [
"x_transferred"
],
"url": "https://twitter.com/TrueSkrillor/status/1736774389725565005"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/paramiko/paramiko/issues/2337"
},
{
"tags": [
"x_transferred"
],
"url": "https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg"
},
{
"tags": [
"x_transferred"
],
"url": "https://news.ycombinator.com/item?id=38684904"
},
{
"tags": [
"x_transferred"
],
"url": "https://news.ycombinator.com/item?id=38685286"
},
{
"name": "[oss-security] 20231218 CVE-2023-48795: Prefix Truncation Attacks in SSH Specification (Terrapin Attack)",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/12/18/3"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/mwiede/jsch/issues/457"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10\u0026id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/erlang/otp/releases/tag/OTP-26.2.1"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/advisories/GHSA-45x7-px36-x8w8"
},
{
"tags": [
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/source-package/libssh2"
},
{
"tags": [
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg"
},
{
"tags": [
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2023-48795"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1217950"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254210"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugs.gentoo.org/920280"
},
{
"tags": [
"x_transferred"
],
"url": "https://ubuntu.com/security/CVE-2023-48795"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/"
},
{
"tags": [
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2023-48795"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/mwiede/jsch/pull/461"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/drakkan/sftpgo/releases/tag/v2.5.6"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/libssh2/libssh2/pull/1291"
},
{
"tags": [
"x_transferred"
],
"url": "https://forum.netgate.com/topic/184941/terrapin-ssh-attack"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/rapier1/hpn-ssh/releases"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/proftpd/proftpd/issues/456"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/TeraTermProject/teraterm/releases/tag/v5.1"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15"
},
{
"tags": [
"x_transferred"
],
"url": "https://oryx-embedded.com/download/#changelog"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3"
},
{
"tags": [
"x_transferred"
],
"url": "https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC"
},
{
"tags": [
"x_transferred"
],
"url": "https://crates.io/crates/thrussh/versions"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/NixOS/nixpkgs/pull/275249"
},
{
"name": "[oss-security] 20231219 Re: CVE-2023-48795: Prefix Truncation Attacks in SSH Specification (Terrapin Attack)",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/12/19/5"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc"
},
{
"tags": [
"x_transferred"
],
"url": "https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/"
},
{
"name": "[oss-security] 20231220 Re: CVE-2023-48795: Prefix Truncation Attacks in SSH Specification (Terrapin Attack)",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/12/20/3"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/apache/mina-sshd/issues/445"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/hierynomus/sshj/issues/916"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/janmojzis/tinyssh/issues/81"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2023/12/20/3"
},
{
"tags": [
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/source-package/trilead-ssh2"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16"
},
{
"name": "FEDORA-2023-0733306be9",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/"
},
{
"name": "DSA-5586",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5586"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.theregister.com/2023/12/20/terrapin_attack_ssh"
},
{
"tags": [
"x_transferred"
],
"url": "https://filezilla-project.org/versions.php"
},
{
"tags": [
"x_transferred"
],
"url": "https://nova.app/releases/#v11.8"
},
{
"tags": [
"x_transferred"
],
"url": "https://roumenpetrov.info/secsh/#news20231220"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.vandyke.com/products/securecrt/history.txt"
},
{
"tags": [
"x_transferred"
],
"url": "https://help.panic.com/releasenotes/transmit5/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/PowerShell/Win32-OpenSSH/issues/2189"
},
{
"tags": [
"x_transferred"
],
"url": "https://winscp.net/eng/docs/history#6.2.2"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.bitvise.com/ssh-client-version-history#933"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/cyd01/KiTTY/issues/520"
},
{
"name": "DSA-5588",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5588"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/ssh-mitm/ssh-mitm/issues/165"
},
{
"tags": [
"x_transferred"
],
"url": "https://news.ycombinator.com/item?id=38732005"
},
{
"name": "[debian-lts-announce] 20231226 [SECURITY] [DLA 3694-1] openssh security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html"
},
{
"name": "GLSA-202312-16",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202312-16"
},
{
"name": "GLSA-202312-17",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202312-17"
},
{
"name": "FEDORA-2023-20feb865d8",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/"
},
{
"name": "FEDORA-2023-cb8c606fbb",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/"
},
{
"name": "FEDORA-2023-e77300e4b5",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/"
},
{
"name": "FEDORA-2023-b87ec6cf47",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/"
},
{
"name": "FEDORA-2023-153404713b",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240105-0004/"
},
{
"name": "FEDORA-2024-3bb23c77f3",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/"
},
{
"name": "FEDORA-2023-55800423a8",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/"
},
{
"name": "FEDORA-2024-d946b9ad25",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/"
},
{
"name": "FEDORA-2024-71c2c6526c",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/"
},
{
"name": "FEDORA-2024-39a8c72ea9",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/"
},
{
"tags": [
"x_transferred"
],
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002"
},
{
"name": "FEDORA-2024-ae653fb07b",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/"
},
{
"name": "FEDORA-2024-2705241461",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/"
},
{
"name": "FEDORA-2024-fb32950d11",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/"
},
{
"name": "FEDORA-2024-7b08207cdb",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/"
},
{
"name": "FEDORA-2024-06ebb70bdd",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/"
},
{
"name": "[debian-lts-announce] 20240125 [SECURITY] [DLA 3718-1] php-phpseclib security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html"
},
{
"name": "[debian-lts-announce] 20240125 [SECURITY] [DLA 3719-1] phpseclib security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html"
},
{
"name": "FEDORA-2024-a53b24023d",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/"
},
{
"name": "FEDORA-2024-3fd1bc9276",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT214084"
},
{
"name": "20240313 APPLE-SA-03-07-2024-2 macOS Sonoma 14.4",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/Mar/21"
},
{
"name": "[debian-lts-announce] 20240425 [SECURITY] [DLA 3794-1] putty security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html"
},
{
"name": "[oss-security] 20240417 Terrapin vulnerability in Jenkins CLI client",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/04/17/8"
},
{
"name": "[oss-security] 20240306 Multiple vulnerabilities in Jenkins plugins",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/03/06/3"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/04/msg00028.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00032.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00042.html"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-48795",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2023-12-22T05:01:05.519910Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-354",
"description": "CWE-354 Improper Validation of Integrity Check Value",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-27T20:45:57.733Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM APE1808",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V3.1.5",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V3.1.5",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V3.1.5",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V3.1.5",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1518-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V3.1.5",
"versionType": "custom"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T11:02:25.905Z",
"orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
"shortName": "siemens-SADP"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-794697.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-364175.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-915275.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-769027.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-082556.html"
}
],
"x_adpType": "supplier"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH\u0027s use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-01T18:06:23.972Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html"
},
{
"url": "https://matt.ucc.asn.au/dropbear/CHANGES"
},
{
"url": "https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES"
},
{
"url": "https://www.netsarang.com/en/xshell-update-history/"
},
{
"url": "https://www.paramiko.org/changelog.html"
},
{
"url": "https://www.openssh.com/openbsd.html"
},
{
"url": "https://github.com/openssh/openssh-portable/commits/master"
},
{
"url": "https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ"
},
{
"url": "https://www.bitvise.com/ssh-server-version-history"
},
{
"url": "https://github.com/ronf/asyncssh/tags"
},
{
"url": "https://gitlab.com/libssh/libssh-mirror/-/tags"
},
{
"url": "https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/"
},
{
"url": "https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42"
},
{
"url": "https://www.openssh.com/txt/release-9.6"
},
{
"url": "https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/"
},
{
"url": "https://www.terrapin-attack.com"
},
{
"url": "https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25"
},
{
"url": "https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst"
},
{
"url": "https://thorntech.com/cve-2023-48795-and-sftp-gateway/"
},
{
"url": "https://github.com/warp-tech/russh/releases/tag/v0.40.2"
},
{
"url": "https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0"
},
{
"url": "https://www.openwall.com/lists/oss-security/2023/12/18/2"
},
{
"url": "https://twitter.com/TrueSkrillor/status/1736774389725565005"
},
{
"url": "https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d"
},
{
"url": "https://github.com/paramiko/paramiko/issues/2337"
},
{
"url": "https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg"
},
{
"url": "https://news.ycombinator.com/item?id=38684904"
},
{
"url": "https://news.ycombinator.com/item?id=38685286"
},
{
"name": "[oss-security] 20231218 CVE-2023-48795: Prefix Truncation Attacks in SSH Specification (Terrapin Attack)",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2023/12/18/3"
},
{
"url": "https://github.com/mwiede/jsch/issues/457"
},
{
"url": "https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10\u0026id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6"
},
{
"url": "https://github.com/erlang/otp/releases/tag/OTP-26.2.1"
},
{
"url": "https://github.com/advisories/GHSA-45x7-px36-x8w8"
},
{
"url": "https://security-tracker.debian.org/tracker/source-package/libssh2"
},
{
"url": "https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg"
},
{
"url": "https://security-tracker.debian.org/tracker/CVE-2023-48795"
},
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1217950"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254210"
},
{
"url": "https://bugs.gentoo.org/920280"
},
{
"url": "https://ubuntu.com/security/CVE-2023-48795"
},
{
"url": "https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/"
},
{
"url": "https://access.redhat.com/security/cve/cve-2023-48795"
},
{
"url": "https://github.com/mwiede/jsch/pull/461"
},
{
"url": "https://github.com/drakkan/sftpgo/releases/tag/v2.5.6"
},
{
"url": "https://github.com/libssh2/libssh2/pull/1291"
},
{
"url": "https://forum.netgate.com/topic/184941/terrapin-ssh-attack"
},
{
"url": "https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5"
},
{
"url": "https://github.com/rapier1/hpn-ssh/releases"
},
{
"url": "https://github.com/proftpd/proftpd/issues/456"
},
{
"url": "https://github.com/TeraTermProject/teraterm/releases/tag/v5.1"
},
{
"url": "https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15"
},
{
"url": "https://oryx-embedded.com/download/#changelog"
},
{
"url": "https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update"
},
{
"url": "https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22"
},
{
"url": "https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab"
},
{
"url": "https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3"
},
{
"url": "https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC"
},
{
"url": "https://crates.io/crates/thrussh/versions"
},
{
"url": "https://github.com/NixOS/nixpkgs/pull/275249"
},
{
"name": "[oss-security] 20231219 Re: CVE-2023-48795: Prefix Truncation Attacks in SSH Specification (Terrapin Attack)",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2023/12/19/5"
},
{
"url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc"
},
{
"url": "https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/"
},
{
"name": "[oss-security] 20231220 Re: CVE-2023-48795: Prefix Truncation Attacks in SSH Specification (Terrapin Attack)",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2023/12/20/3"
},
{
"url": "http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html"
},
{
"url": "https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES"
},
{
"url": "https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES"
},
{
"url": "https://github.com/apache/mina-sshd/issues/445"
},
{
"url": "https://github.com/hierynomus/sshj/issues/916"
},
{
"url": "https://github.com/janmojzis/tinyssh/issues/81"
},
{
"url": "https://www.openwall.com/lists/oss-security/2023/12/20/3"
},
{
"url": "https://security-tracker.debian.org/tracker/source-package/trilead-ssh2"
},
{
"url": "https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16"
},
{
"name": "FEDORA-2023-0733306be9",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/"
},
{
"name": "DSA-5586",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5586"
},
{
"url": "https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508"
},
{
"url": "https://www.theregister.com/2023/12/20/terrapin_attack_ssh"
},
{
"url": "https://filezilla-project.org/versions.php"
},
{
"url": "https://nova.app/releases/#v11.8"
},
{
"url": "https://roumenpetrov.info/secsh/#news20231220"
},
{
"url": "https://www.vandyke.com/products/securecrt/history.txt"
},
{
"url": "https://help.panic.com/releasenotes/transmit5/"
},
{
"url": "https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta"
},
{
"url": "https://github.com/PowerShell/Win32-OpenSSH/issues/2189"
},
{
"url": "https://winscp.net/eng/docs/history#6.2.2"
},
{
"url": "https://www.bitvise.com/ssh-client-version-history#933"
},
{
"url": "https://github.com/cyd01/KiTTY/issues/520"
},
{
"name": "DSA-5588",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5588"
},
{
"url": "https://github.com/ssh-mitm/ssh-mitm/issues/165"
},
{
"url": "https://news.ycombinator.com/item?id=38732005"
},
{
"name": "[debian-lts-announce] 20231226 [SECURITY] [DLA 3694-1] openssh security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html"
},
{
"name": "GLSA-202312-16",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202312-16"
},
{
"name": "GLSA-202312-17",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202312-17"
},
{
"name": "FEDORA-2023-20feb865d8",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/"
},
{
"name": "FEDORA-2023-cb8c606fbb",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/"
},
{
"name": "FEDORA-2023-e77300e4b5",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/"
},
{
"name": "FEDORA-2023-b87ec6cf47",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/"
},
{
"name": "FEDORA-2023-153404713b",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240105-0004/"
},
{
"name": "FEDORA-2024-3bb23c77f3",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/"
},
{
"name": "FEDORA-2023-55800423a8",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/"
},
{
"name": "FEDORA-2024-d946b9ad25",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/"
},
{
"name": "FEDORA-2024-71c2c6526c",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/"
},
{
"name": "FEDORA-2024-39a8c72ea9",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/"
},
{
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002"
},
{
"name": "FEDORA-2024-ae653fb07b",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/"
},
{
"name": "FEDORA-2024-2705241461",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/"
},
{
"name": "FEDORA-2024-fb32950d11",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/"
},
{
"name": "FEDORA-2024-7b08207cdb",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/"
},
{
"name": "FEDORA-2024-06ebb70bdd",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/"
},
{
"name": "[debian-lts-announce] 20240125 [SECURITY] [DLA 3718-1] php-phpseclib security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html"
},
{
"name": "[debian-lts-announce] 20240125 [SECURITY] [DLA 3719-1] phpseclib security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html"
},
{
"name": "FEDORA-2024-a53b24023d",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/"
},
{
"name": "FEDORA-2024-3fd1bc9276",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/"
},
{
"url": "https://support.apple.com/kb/HT214084"
},
{
"name": "20240313 APPLE-SA-03-07-2024-2 macOS Sonoma 14.4",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2024/Mar/21"
},
{
"name": "[debian-lts-announce] 20240425 [SECURITY] [DLA 3794-1] putty security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html"
},
{
"name": "[oss-security] 20240417 Terrapin vulnerability in Jenkins CLI client",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2024/04/17/8"
},
{
"name": "[oss-security] 20240306 Multiple vulnerabilities in Jenkins plugins",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2024/03/06/3"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-48795",
"datePublished": "2023-12-18T00:00:00.000Z",
"dateReserved": "2023-11-20T00:00:00.000Z",
"dateUpdated": "2026-05-12T11:02:25.905Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2020-22218 (GCVE-0-2020-22218)
Vulnerability from nvd – Published: 2023-08-22 00:00 – Updated: 2024-10-03 18:09
VLAI
Summary
An issue was discovered in function _libssh2_packet_add in libssh2 1.10.0 allows attackers to access out of bounds memory.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- n/a
Assigner
References
3 references
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:51:10.505Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/libssh2/libssh2/pull/476"
},
{
"name": "[debian-lts-announce] 20230908 [SECURITY] [DLA 3559-1] libssh2 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00006.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20231006-0002/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-22218",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-03T18:09:15.416860Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-03T18:09:37.723Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in function _libssh2_packet_add in libssh2 1.10.0 allows attackers to access out of bounds memory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-06T14:06:28.672Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/libssh2/libssh2/pull/476"
},
{
"name": "[debian-lts-announce] 20230908 [SECURITY] [DLA 3559-1] libssh2 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00006.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20231006-0002/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-22218",
"datePublished": "2023-08-22T00:00:00.000Z",
"dateReserved": "2020-08-13T00:00:00.000Z",
"dateUpdated": "2024-10-03T18:09:37.723Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-17498 (GCVE-0-2019-17498)
Vulnerability from nvd – Published: 2019-10-21 00:00 – Updated: 2024-08-05 01:40
VLAI
Summary
In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subsequent memory read. A crafted SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
12 references
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:40:15.913Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/libssh2/libssh2/blob/42d37aa63129a1b2644bf6495198923534322d64/src/packet.c#L480"
},
{
"tags": [
"x_transferred"
],
"url": "https://blog.semmle.com/libssh2-integer-overflow-CVE-2019-17498/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/kevinbackhouse/SecurityExploits/tree/8cbdbbe6363510f7d9ceec685373da12e6fc752d/libssh2/out_of_bounds_read_disconnect_CVE-2019-17498"
},
{
"name": "FEDORA-2019-91529f19e4",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TY7EEE34RFKCTXTMBQQWWSLXZWSCXNDB/"
},
{
"name": "openSUSE-SU-2019:2483",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00026.html"
},
{
"name": "[debian-lts-announce] 20191113 [SECURITY] [DLA 1991-1] libssh2 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00010.html"
},
{
"name": "FEDORA-2019-ec04c34768",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/22H4Q5XMGS3QNSA7OCL3U7UQZ4NXMR5O/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/libssh2/libssh2/commit/dedcbd106f8e52d5586b0205bc7677e4c9868f9c"
},
{
"name": "[debian-lts-announce] 20211217 [SECURITY] [DLA 2848-1] libssh2 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00013.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220909-0004/"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/172835/libssh2-1.9.0-Out-Of-Bounds-Read.html"
},
{
"name": "[debian-lts-announce] 20230908 [SECURITY] [DLA 3559-1] libssh2 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00006.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subsequent memory read. A crafted SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-08T13:06:20.499Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/libssh2/libssh2/blob/42d37aa63129a1b2644bf6495198923534322d64/src/packet.c#L480"
},
{
"url": "https://blog.semmle.com/libssh2-integer-overflow-CVE-2019-17498/"
},
{
"url": "https://github.com/kevinbackhouse/SecurityExploits/tree/8cbdbbe6363510f7d9ceec685373da12e6fc752d/libssh2/out_of_bounds_read_disconnect_CVE-2019-17498"
},
{
"name": "FEDORA-2019-91529f19e4",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TY7EEE34RFKCTXTMBQQWWSLXZWSCXNDB/"
},
{
"name": "openSUSE-SU-2019:2483",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00026.html"
},
{
"name": "[debian-lts-announce] 20191113 [SECURITY] [DLA 1991-1] libssh2 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00010.html"
},
{
"name": "FEDORA-2019-ec04c34768",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/22H4Q5XMGS3QNSA7OCL3U7UQZ4NXMR5O/"
},
{
"url": "https://github.com/libssh2/libssh2/commit/dedcbd106f8e52d5586b0205bc7677e4c9868f9c"
},
{
"name": "[debian-lts-announce] 20211217 [SECURITY] [DLA 2848-1] libssh2 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00013.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20220909-0004/"
},
{
"url": "http://packetstormsecurity.com/files/172835/libssh2-1.9.0-Out-Of-Bounds-Read.html"
},
{
"name": "[debian-lts-announce] 20230908 [SECURITY] [DLA 3559-1] libssh2 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00006.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-17498",
"datePublished": "2019-10-21T00:00:00.000Z",
"dateReserved": "2019-10-11T00:00:00.000Z",
"dateUpdated": "2024-08-05T01:40:15.913Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-13115 (GCVE-0-2019-13115)
Vulnerability from nvd – Published: 2019-07-16 00:00 – Updated: 2024-08-04 23:41
VLAI
Summary
In libssh2 before 1.9.0, kex_method_diffie_hellman_group_exchange_sha256_key_exchange in kex.c has an integer overflow that could lead to an out-of-bounds read in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server. This is related to an _libssh2_check_length mistake, and is different from the various issues fixed in 1.8.1, such as CVE-2019-3855.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
15 references
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:41:10.457Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/libssh2/libssh2/pull/350"
},
{
"tags": [
"x_transferred"
],
"url": "https://libssh2.org/changes.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/libssh2/libssh2/compare/02ecf17...42d37aa"
},
{
"tags": [
"x_transferred"
],
"url": "https://blog.semmle.com/libssh2-integer-overflow/"
},
{
"name": "[debian-lts-announce] 20190725 [SECURITY] [DLA 1730-3] libssh2 regression update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00024.html"
},
{
"name": "FEDORA-2019-9d85600fc7",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6LUNHPW64IGCASZ4JQ2J5KDXNZN53DWW/"
},
{
"name": "FEDORA-2019-5885663621",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M7IF3LNHOA75O4WZWIHJLIRMA5LJUED3/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190806-0002/"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K13322484"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K13322484?utm_source=f5support\u0026amp%3Butm_medium=RSS"
},
{
"name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[debian-lts-announce] 20211217 [SECURITY] [DLA 2848-1] libssh2 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00013.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/172834/libssh2-1.8.2-Out-Of-Bounds-Read.html"
},
{
"name": "[debian-lts-announce] 20230908 [SECURITY] [DLA 3559-1] libssh2 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00006.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In libssh2 before 1.9.0, kex_method_diffie_hellman_group_exchange_sha256_key_exchange in kex.c has an integer overflow that could lead to an out-of-bounds read in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server. This is related to an _libssh2_check_length mistake, and is different from the various issues fixed in 1.8.1, such as CVE-2019-3855."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-08T13:06:24.201Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/libssh2/libssh2/pull/350"
},
{
"url": "https://libssh2.org/changes.html"
},
{
"url": "https://github.com/libssh2/libssh2/compare/02ecf17...42d37aa"
},
{
"url": "https://blog.semmle.com/libssh2-integer-overflow/"
},
{
"name": "[debian-lts-announce] 20190725 [SECURITY] [DLA 1730-3] libssh2 regression update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00024.html"
},
{
"name": "FEDORA-2019-9d85600fc7",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6LUNHPW64IGCASZ4JQ2J5KDXNZN53DWW/"
},
{
"name": "FEDORA-2019-5885663621",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M7IF3LNHOA75O4WZWIHJLIRMA5LJUED3/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20190806-0002/"
},
{
"url": "https://support.f5.com/csp/article/K13322484"
},
{
"url": "https://support.f5.com/csp/article/K13322484?utm_source=f5support\u0026amp%3Butm_medium=RSS"
},
{
"name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[debian-lts-announce] 20211217 [SECURITY] [DLA 2848-1] libssh2 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00013.html"
},
{
"url": "http://packetstormsecurity.com/files/172834/libssh2-1.8.2-Out-Of-Bounds-Read.html"
},
{
"name": "[debian-lts-announce] 20230908 [SECURITY] [DLA 3559-1] libssh2 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00006.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-13115",
"datePublished": "2019-07-16T00:00:00.000Z",
"dateReserved": "2019-06-30T00:00:00.000Z",
"dateUpdated": "2024-08-04T23:41:10.457Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-3856 (GCVE-0-2019-3856)
Vulnerability from nvd – Published: 2019-03-25 18:31 – Updated: 2025-04-23 19:48
VLAI
Summary
An integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 before 1.8.1 in the way keyboard prompt requests are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
16 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| The libssh2 Project | libssh2 |
Affected:
1.8.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:19:18.557Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.libssh2.org/CVE-2019-3856.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3856"
},
{
"name": "[debian-lts-announce] 20190326 [SECURITY] [DLA 1730-1] libssh2 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190327-0005/"
},
{
"name": "RHSA-2019:0679",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0679"
},
{
"name": "openSUSE-SU-2019:1075",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html"
},
{
"name": "openSUSE-SU-2019:1109",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html"
},
{
"name": "FEDORA-2019-3348cb4934",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/"
},
{
"name": "DSA-4431",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4431"
},
{
"name": "20190415 [SECURITY] [DSA 4431-1] libssh2 security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Apr/25"
},
{
"name": "RHSA-2019:1175",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1175"
},
{
"name": "RHSA-2019:1652",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1652"
},
{
"name": "RHSA-2019:1791",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1791"
},
{
"name": "RHSA-2019:1943",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1943"
},
{
"name": "RHSA-2019:2399",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2399"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-3856",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T13:20:36.981205Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T19:48:00.365Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "libssh2",
"vendor": "The libssh2 Project",
"versions": [
{
"status": "affected",
"version": "1.8.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 before 1.8.1 in the way keyboard prompt requests are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-16T17:41:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.libssh2.org/CVE-2019-3856.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3856"
},
{
"name": "[debian-lts-announce] 20190326 [SECURITY] [DLA 1730-1] libssh2 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190327-0005/"
},
{
"name": "RHSA-2019:0679",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0679"
},
{
"name": "openSUSE-SU-2019:1075",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html"
},
{
"name": "openSUSE-SU-2019:1109",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html"
},
{
"name": "FEDORA-2019-3348cb4934",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/"
},
{
"name": "DSA-4431",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4431"
},
{
"name": "20190415 [SECURITY] [DSA 4431-1] libssh2 security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Apr/25"
},
{
"name": "RHSA-2019:1175",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1175"
},
{
"name": "RHSA-2019:1652",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1652"
},
{
"name": "RHSA-2019:1791",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1791"
},
{
"name": "RHSA-2019:1943",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1943"
},
{
"name": "RHSA-2019:2399",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2399"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2019-3856",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "libssh2",
"version": {
"version_data": [
{
"version_value": "1.8.1"
}
]
}
}
]
},
"vendor_name": "The libssh2 Project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 before 1.8.1 in the way keyboard prompt requests are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "7.5/CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-190"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-787"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.libssh2.org/CVE-2019-3856.html",
"refsource": "MISC",
"url": "https://www.libssh2.org/CVE-2019-3856.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3856",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3856"
},
{
"name": "[debian-lts-announce] 20190326 [SECURITY] [DLA 1730-1] libssh2 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190327-0005/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190327-0005/"
},
{
"name": "RHSA-2019:0679",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0679"
},
{
"name": "openSUSE-SU-2019:1075",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html"
},
{
"name": "openSUSE-SU-2019:1109",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html"
},
{
"name": "FEDORA-2019-3348cb4934",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/"
},
{
"name": "DSA-4431",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4431"
},
{
"name": "20190415 [SECURITY] [DSA 4431-1] libssh2 security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Apr/25"
},
{
"name": "RHSA-2019:1175",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1175"
},
{
"name": "RHSA-2019:1652",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1652"
},
{
"name": "RHSA-2019:1791",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1791"
},
{
"name": "RHSA-2019:1943",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1943"
},
{
"name": "RHSA-2019:2399",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2399"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
"refsource": "MISC",
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2019-3856",
"datePublished": "2019-03-25T18:31:03.000Z",
"dateReserved": "2019-01-03T00:00:00.000Z",
"dateUpdated": "2025-04-23T19:48:00.365Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-3857 (GCVE-0-2019-3857)
Vulnerability from nvd – Published: 2019-03-25 18:30 – Updated: 2025-04-23 19:48
VLAI
Summary
An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit signal are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
16 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| The libssh2 Project | libssh2 |
Affected:
1.8.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:19:18.668Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3857"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.libssh2.org/CVE-2019-3857.html"
},
{
"name": "[debian-lts-announce] 20190326 [SECURITY] [DLA 1730-1] libssh2 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190327-0005/"
},
{
"name": "RHSA-2019:0679",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0679"
},
{
"name": "openSUSE-SU-2019:1075",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html"
},
{
"name": "openSUSE-SU-2019:1109",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html"
},
{
"name": "FEDORA-2019-3348cb4934",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/"
},
{
"name": "DSA-4431",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4431"
},
{
"name": "20190415 [SECURITY] [DSA 4431-1] libssh2 security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Apr/25"
},
{
"name": "RHSA-2019:1175",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1175"
},
{
"name": "RHSA-2019:1652",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1652"
},
{
"name": "RHSA-2019:1791",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1791"
},
{
"name": "RHSA-2019:1943",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1943"
},
{
"name": "RHSA-2019:2399",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2399"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-3857",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T13:20:40.532184Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T19:48:11.114Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "libssh2",
"vendor": "The libssh2 Project",
"versions": [
{
"status": "affected",
"version": "1.8.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit signal are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-16T17:41:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3857"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.libssh2.org/CVE-2019-3857.html"
},
{
"name": "[debian-lts-announce] 20190326 [SECURITY] [DLA 1730-1] libssh2 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190327-0005/"
},
{
"name": "RHSA-2019:0679",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0679"
},
{
"name": "openSUSE-SU-2019:1075",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html"
},
{
"name": "openSUSE-SU-2019:1109",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html"
},
{
"name": "FEDORA-2019-3348cb4934",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/"
},
{
"name": "DSA-4431",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4431"
},
{
"name": "20190415 [SECURITY] [DSA 4431-1] libssh2 security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Apr/25"
},
{
"name": "RHSA-2019:1175",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1175"
},
{
"name": "RHSA-2019:1652",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1652"
},
{
"name": "RHSA-2019:1791",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1791"
},
{
"name": "RHSA-2019:1943",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1943"
},
{
"name": "RHSA-2019:2399",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2399"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2019-3857",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "libssh2",
"version": {
"version_data": [
{
"version_value": "1.8.1"
}
]
}
}
]
},
"vendor_name": "The libssh2 Project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit signal are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "7.5/CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-190"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-787"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3857",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3857"
},
{
"name": "https://www.libssh2.org/CVE-2019-3857.html",
"refsource": "MISC",
"url": "https://www.libssh2.org/CVE-2019-3857.html"
},
{
"name": "[debian-lts-announce] 20190326 [SECURITY] [DLA 1730-1] libssh2 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190327-0005/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190327-0005/"
},
{
"name": "RHSA-2019:0679",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0679"
},
{
"name": "openSUSE-SU-2019:1075",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html"
},
{
"name": "openSUSE-SU-2019:1109",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html"
},
{
"name": "FEDORA-2019-3348cb4934",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/"
},
{
"name": "DSA-4431",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4431"
},
{
"name": "20190415 [SECURITY] [DSA 4431-1] libssh2 security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Apr/25"
},
{
"name": "RHSA-2019:1175",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1175"
},
{
"name": "RHSA-2019:1652",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1652"
},
{
"name": "RHSA-2019:1791",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1791"
},
{
"name": "RHSA-2019:1943",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1943"
},
{
"name": "RHSA-2019:2399",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2399"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
"refsource": "MISC",
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2019-3857",
"datePublished": "2019-03-25T18:30:56.000Z",
"dateReserved": "2019-01-03T00:00:00.000Z",
"dateUpdated": "2025-04-23T19:48:11.114Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-3860 (GCVE-0-2019-3860)
Vulnerability from nvd – Published: 2019-03-25 18:30 – Updated: 2024-08-04 19:19
VLAI
Summary
An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SFTP packets with empty payloads are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.
Severity
5 (Medium)
CWE
Assigner
References
12 references
| URL | Tags |
|---|---|
| https://www.libssh2.org/CVE-2019-3860.html | x_refsource_MISC |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2… | x_refsource_CONFIRM |
| https://lists.debian.org/debian-lts-announce/2019… | mailing-listx_refsource_MLIST |
| https://security.netapp.com/advisory/ntap-2019032… | x_refsource_CONFIRM |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://www.debian.org/security/2019/dsa-4431 | vendor-advisoryx_refsource_DEBIAN |
| https://seclists.org/bugtraq/2019/Apr/25 | mailing-listx_refsource_BUGTRAQ |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| https://lists.debian.org/debian-lts-announce/2019… | mailing-listx_refsource_MLIST |
| https://www.oracle.com/technetwork/security-advis… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| The libssh2 Project | libssh2 |
Affected:
1.8.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:19:18.589Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.libssh2.org/CVE-2019-3860.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3860"
},
{
"name": "[debian-lts-announce] 20190326 [SECURITY] [DLA 1730-1] libssh2 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190327-0005/"
},
{
"name": "openSUSE-SU-2019:1075",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html"
},
{
"name": "openSUSE-SU-2019:1109",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html"
},
{
"name": "FEDORA-2019-3348cb4934",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/"
},
{
"name": "DSA-4431",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4431"
},
{
"name": "20190415 [SECURITY] [DSA 4431-1] libssh2 security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Apr/25"
},
{
"name": "openSUSE-SU-2019:1640",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00072.html"
},
{
"name": "[debian-lts-announce] 20190730 [SECURITY] [DLA 1730-4] libssh2 regression update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00028.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "libssh2",
"vendor": "The libssh2 Project",
"versions": [
{
"status": "affected",
"version": "1.8.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SFTP packets with empty payloads are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-16T17:41:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.libssh2.org/CVE-2019-3860.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3860"
},
{
"name": "[debian-lts-announce] 20190326 [SECURITY] [DLA 1730-1] libssh2 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190327-0005/"
},
{
"name": "openSUSE-SU-2019:1075",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html"
},
{
"name": "openSUSE-SU-2019:1109",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html"
},
{
"name": "FEDORA-2019-3348cb4934",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/"
},
{
"name": "DSA-4431",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4431"
},
{
"name": "20190415 [SECURITY] [DSA 4431-1] libssh2 security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Apr/25"
},
{
"name": "openSUSE-SU-2019:1640",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00072.html"
},
{
"name": "[debian-lts-announce] 20190730 [SECURITY] [DLA 1730-4] libssh2 regression update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00028.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2019-3860",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "libssh2",
"version": {
"version_data": [
{
"version_value": "1.8.1"
}
]
}
}
]
},
"vendor_name": "The libssh2 Project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SFTP packets with empty payloads are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "5.0/CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.libssh2.org/CVE-2019-3860.html",
"refsource": "MISC",
"url": "https://www.libssh2.org/CVE-2019-3860.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3860",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3860"
},
{
"name": "[debian-lts-announce] 20190326 [SECURITY] [DLA 1730-1] libssh2 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190327-0005/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190327-0005/"
},
{
"name": "openSUSE-SU-2019:1075",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html"
},
{
"name": "openSUSE-SU-2019:1109",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html"
},
{
"name": "FEDORA-2019-3348cb4934",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/"
},
{
"name": "DSA-4431",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4431"
},
{
"name": "20190415 [SECURITY] [DSA 4431-1] libssh2 security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Apr/25"
},
{
"name": "openSUSE-SU-2019:1640",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00072.html"
},
{
"name": "[debian-lts-announce] 20190730 [SECURITY] [DLA 1730-4] libssh2 regression update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00028.html"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
"refsource": "MISC",
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2019-3860",
"datePublished": "2019-03-25T18:30:50.000Z",
"dateReserved": "2019-01-03T00:00:00.000Z",
"dateUpdated": "2024-08-04T19:19:18.589Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-3861 (GCVE-0-2019-3861)
Vulnerability from nvd – Published: 2019-03-25 18:30 – Updated: 2024-08-04 19:19
VLAI
Summary
An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH packets with a padding length value greater than the packet length are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.
Severity
5 (Medium)
CWE
Assigner
References
11 references
| URL | Tags |
|---|---|
| https://www.libssh2.org/CVE-2019-3861.html | x_refsource_MISC |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2… | x_refsource_CONFIRM |
| https://lists.debian.org/debian-lts-announce/2019… | mailing-listx_refsource_MLIST |
| https://security.netapp.com/advisory/ntap-2019032… | x_refsource_CONFIRM |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://www.debian.org/security/2019/dsa-4431 | vendor-advisoryx_refsource_DEBIAN |
| https://seclists.org/bugtraq/2019/Apr/25 | mailing-listx_refsource_BUGTRAQ |
| https://access.redhat.com/errata/RHSA-2019:2136 | vendor-advisoryx_refsource_REDHAT |
| https://www.oracle.com/technetwork/security-advis… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| The libssh2 Project | libssh2 |
Affected:
1.8.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:19:18.629Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.libssh2.org/CVE-2019-3861.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3861"
},
{
"name": "[debian-lts-announce] 20190326 [SECURITY] [DLA 1730-1] libssh2 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190327-0005/"
},
{
"name": "openSUSE-SU-2019:1075",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html"
},
{
"name": "openSUSE-SU-2019:1109",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html"
},
{
"name": "FEDORA-2019-3348cb4934",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/"
},
{
"name": "DSA-4431",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4431"
},
{
"name": "20190415 [SECURITY] [DSA 4431-1] libssh2 security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Apr/25"
},
{
"name": "RHSA-2019:2136",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2136"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "libssh2",
"vendor": "The libssh2 Project",
"versions": [
{
"status": "affected",
"version": "1.8.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH packets with a padding length value greater than the packet length are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-16T17:41:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.libssh2.org/CVE-2019-3861.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3861"
},
{
"name": "[debian-lts-announce] 20190326 [SECURITY] [DLA 1730-1] libssh2 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190327-0005/"
},
{
"name": "openSUSE-SU-2019:1075",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html"
},
{
"name": "openSUSE-SU-2019:1109",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html"
},
{
"name": "FEDORA-2019-3348cb4934",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/"
},
{
"name": "DSA-4431",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4431"
},
{
"name": "20190415 [SECURITY] [DSA 4431-1] libssh2 security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Apr/25"
},
{
"name": "RHSA-2019:2136",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2136"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2019-3861",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "libssh2",
"version": {
"version_data": [
{
"version_value": "1.8.1"
}
]
}
}
]
},
"vendor_name": "The libssh2 Project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH packets with a padding length value greater than the packet length are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "5.0/CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.libssh2.org/CVE-2019-3861.html",
"refsource": "MISC",
"url": "https://www.libssh2.org/CVE-2019-3861.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3861",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3861"
},
{
"name": "[debian-lts-announce] 20190326 [SECURITY] [DLA 1730-1] libssh2 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190327-0005/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190327-0005/"
},
{
"name": "openSUSE-SU-2019:1075",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html"
},
{
"name": "openSUSE-SU-2019:1109",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html"
},
{
"name": "FEDORA-2019-3348cb4934",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/"
},
{
"name": "DSA-4431",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4431"
},
{
"name": "20190415 [SECURITY] [DSA 4431-1] libssh2 security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Apr/25"
},
{
"name": "RHSA-2019:2136",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2136"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
"refsource": "MISC",
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2019-3861",
"datePublished": "2019-03-25T18:30:43.000Z",
"dateReserved": "2019-01-03T00:00:00.000Z",
"dateUpdated": "2024-08-04T19:19:18.629Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-3863 (GCVE-0-2019-3863)
Vulnerability from nvd – Published: 2019-03-25 17:52 – Updated: 2025-12-19 03:02
VLAI
Summary
A flaw was found in libssh2 before 1.8.1 creating a vulnerability on the SSH client side. A server could send a multiple keyboard interactive response messages whose total length are greater than unsigned char max characters. This value is used by the SSH client as an index to copy memory causing in an out of bounds memory write error.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
16 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| The libssh2 Project | libssh2 |
Affected:
1.8.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:19:18.614Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3863"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.libssh2.org/CVE-2019-3863.html"
},
{
"name": "[debian-lts-announce] 20190326 [SECURITY] [DLA 1730-1] libssh2 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190327-0005/"
},
{
"name": "RHSA-2019:0679",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0679"
},
{
"name": "openSUSE-SU-2019:1075",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html"
},
{
"name": "openSUSE-SU-2019:1109",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html"
},
{
"name": "FEDORA-2019-3348cb4934",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/"
},
{
"name": "DSA-4431",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4431"
},
{
"name": "20190415 [SECURITY] [DSA 4431-1] libssh2 security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Apr/25"
},
{
"name": "RHSA-2019:1175",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1175"
},
{
"name": "RHSA-2019:1652",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1652"
},
{
"name": "RHSA-2019:1791",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1791"
},
{
"name": "RHSA-2019:1943",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1943"
},
{
"name": "RHSA-2019:2399",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2399"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-3863",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T13:20:45.609039Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T19:48:19.703Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "libssh2",
"vendor": "The libssh2 Project",
"versions": [
{
"status": "affected",
"version": "1.8.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in libssh2 before 1.8.1 creating a vulnerability on the SSH client side. A server could send a multiple keyboard interactive response messages whose total length are greater than unsigned char max characters. This value is used by the SSH client as an index to copy memory causing in an out of bounds memory write error."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-19T03:02:32.466Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3863"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.libssh2.org/CVE-2019-3863.html"
},
{
"name": "[debian-lts-announce] 20190326 [SECURITY] [DLA 1730-1] libssh2 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190327-0005/"
},
{
"name": "RHSA-2019:0679",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0679"
},
{
"name": "openSUSE-SU-2019:1075",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html"
},
{
"name": "openSUSE-SU-2019:1109",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html"
},
{
"name": "FEDORA-2019-3348cb4934",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/"
},
{
"name": "DSA-4431",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4431"
},
{
"name": "20190415 [SECURITY] [DSA 4431-1] libssh2 security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Apr/25"
},
{
"name": "RHSA-2019:1175",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1175"
},
{
"name": "RHSA-2019:1652",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1652"
},
{
"name": "RHSA-2019:1791",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1791"
},
{
"name": "RHSA-2019:1943",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1943"
},
{
"name": "RHSA-2019:2399",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2399"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2019-3863",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "libssh2",
"version": {
"version_data": [
{
"version_value": "1.8.1"
}
]
}
}
]
},
"vendor_name": "The libssh2 Project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in libssh2 before 1.8.1. A server could send a multiple keyboard interactive response messages whose total length are greater than unsigned char max characters. This value is used as an index to copy memory causing in an out of bounds memory write error."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "7.5/CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-190"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-787"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3863",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3863"
},
{
"name": "https://www.libssh2.org/CVE-2019-3863.html",
"refsource": "MISC",
"url": "https://www.libssh2.org/CVE-2019-3863.html"
},
{
"name": "[debian-lts-announce] 20190326 [SECURITY] [DLA 1730-1] libssh2 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190327-0005/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190327-0005/"
},
{
"name": "RHSA-2019:0679",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0679"
},
{
"name": "openSUSE-SU-2019:1075",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html"
},
{
"name": "openSUSE-SU-2019:1109",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html"
},
{
"name": "FEDORA-2019-3348cb4934",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/"
},
{
"name": "DSA-4431",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4431"
},
{
"name": "20190415 [SECURITY] [DSA 4431-1] libssh2 security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Apr/25"
},
{
"name": "RHSA-2019:1175",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1175"
},
{
"name": "RHSA-2019:1652",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1652"
},
{
"name": "RHSA-2019:1791",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1791"
},
{
"name": "RHSA-2019:1943",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1943"
},
{
"name": "RHSA-2019:2399",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2399"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
"refsource": "MISC",
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2019-3863",
"datePublished": "2019-03-25T17:52:10.000Z",
"dateReserved": "2019-01-03T00:00:00.000Z",
"dateUpdated": "2025-12-19T03:02:32.466Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2019-3858 (GCVE-0-2019-3858)
Vulnerability from nvd – Published: 2019-03-21 20:22 – Updated: 2024-08-04 19:19
VLAI
Summary
An out of bounds read flaw was discovered in libssh2 before 1.8.1 when a specially crafted SFTP packet is received from the server. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.
Severity
5 (Medium)
CWE
Assigner
References
17 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| The libssh2 Project | libssh2 |
Affected:
1.8.1
|
Date Public
2019-03-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:19:18.593Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20190318 [SECURITY ADVISORIES] libssh2",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/03/18/3"
},
{
"name": "20190319 [slackware-security] libssh2 (SSA:2019-077-01)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Mar/25"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3858"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.libssh2.org/CVE-2019-3858.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/152136/Slackware-Security-Advisory-libssh2-Updates.html"
},
{
"name": "107485",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/107485"
},
{
"name": "FEDORA-2019-f31c14682f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XCWEA5ZCLKRDUK62QVVYMFWLWKOPX3LO/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-767"
},
{
"name": "[debian-lts-announce] 20190326 [SECURITY] [DLA 1730-1] libssh2 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190327-0005/"
},
{
"name": "openSUSE-SU-2019:1075",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html"
},
{
"name": "openSUSE-SU-2019:1109",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html"
},
{
"name": "FEDORA-2019-3348cb4934",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/"
},
{
"name": "DSA-4431",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4431"
},
{
"name": "20190415 [SECURITY] [DSA 4431-1] libssh2 security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Apr/25"
},
{
"name": "RHSA-2019:2136",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2136"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "libssh2",
"vendor": "The libssh2 Project",
"versions": [
{
"status": "affected",
"version": "1.8.1"
}
]
}
],
"datePublic": "2019-03-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An out of bounds read flaw was discovered in libssh2 before 1.8.1 when a specially crafted SFTP packet is received from the server. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-16T17:41:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20190318 [SECURITY ADVISORIES] libssh2",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/03/18/3"
},
{
"name": "20190319 [slackware-security] libssh2 (SSA:2019-077-01)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Mar/25"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3858"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.libssh2.org/CVE-2019-3858.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/152136/Slackware-Security-Advisory-libssh2-Updates.html"
},
{
"name": "107485",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/107485"
},
{
"name": "FEDORA-2019-f31c14682f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XCWEA5ZCLKRDUK62QVVYMFWLWKOPX3LO/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-767"
},
{
"name": "[debian-lts-announce] 20190326 [SECURITY] [DLA 1730-1] libssh2 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190327-0005/"
},
{
"name": "openSUSE-SU-2019:1075",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html"
},
{
"name": "openSUSE-SU-2019:1109",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html"
},
{
"name": "FEDORA-2019-3348cb4934",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/"
},
{
"name": "DSA-4431",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4431"
},
{
"name": "20190415 [SECURITY] [DSA 4431-1] libssh2 security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Apr/25"
},
{
"name": "RHSA-2019:2136",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2136"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2019-3858",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "libssh2",
"version": {
"version_data": [
{
"version_value": "1.8.1"
}
]
}
}
]
},
"vendor_name": "The libssh2 Project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An out of bounds read flaw was discovered in libssh2 before 1.8.1 when a specially crafted SFTP packet is received from the server. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "5.0/CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20190318 [SECURITY ADVISORIES] libssh2",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/03/18/3"
},
{
"name": "20190319 [slackware-security] libssh2 (SSA:2019-077-01)",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Mar/25"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3858",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3858"
},
{
"name": "https://www.libssh2.org/CVE-2019-3858.html",
"refsource": "MISC",
"url": "https://www.libssh2.org/CVE-2019-3858.html"
},
{
"name": "http://packetstormsecurity.com/files/152136/Slackware-Security-Advisory-libssh2-Updates.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/152136/Slackware-Security-Advisory-libssh2-Updates.html"
},
{
"name": "107485",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107485"
},
{
"name": "FEDORA-2019-f31c14682f",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XCWEA5ZCLKRDUK62QVVYMFWLWKOPX3LO/"
},
{
"name": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-767",
"refsource": "CONFIRM",
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-767"
},
{
"name": "[debian-lts-announce] 20190326 [SECURITY] [DLA 1730-1] libssh2 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190327-0005/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190327-0005/"
},
{
"name": "openSUSE-SU-2019:1075",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html"
},
{
"name": "openSUSE-SU-2019:1109",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html"
},
{
"name": "FEDORA-2019-3348cb4934",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/"
},
{
"name": "DSA-4431",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4431"
},
{
"name": "20190415 [SECURITY] [DSA 4431-1] libssh2 security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Apr/25"
},
{
"name": "RHSA-2019:2136",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2136"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
"refsource": "MISC",
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2019-3858",
"datePublished": "2019-03-21T20:22:47.000Z",
"dateReserved": "2019-01-03T00:00:00.000Z",
"dateUpdated": "2024-08-04T19:19:18.593Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-3855 (GCVE-0-2019-3855)
Vulnerability from nvd – Published: 2019-03-21 20:13 – Updated: 2025-12-17 21:40
VLAI
Summary
An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
27 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| The libssh2 Project | libssh2 |
Affected:
1.8.1
|
Date Public
2019-03-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:19:18.675Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20190318 [SECURITY ADVISORIES] libssh2",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/03/18/3"
},
{
"name": "20190319 [slackware-security] libssh2 (SSA:2019-077-01)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Mar/25"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.libssh2.org/CVE-2019-3855.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3855"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/152136/Slackware-Security-Advisory-libssh2-Updates.html"
},
{
"name": "107485",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/107485"
},
{
"name": "FEDORA-2019-f31c14682f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XCWEA5ZCLKRDUK62QVVYMFWLWKOPX3LO/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-767"
},
{
"name": "[debian-lts-announce] 20190326 [SECURITY] [DLA 1730-1] libssh2 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190327-0005/"
},
{
"name": "RHSA-2019:0679",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0679"
},
{
"name": "openSUSE-SU-2019:1075",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html"
},
{
"name": "openSUSE-SU-2019:1109",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html"
},
{
"name": "FEDORA-2019-3348cb4934",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/"
},
{
"name": "DSA-4431",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4431"
},
{
"name": "20190415 [SECURITY] [DSA 4431-1] libssh2 security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Apr/25"
},
{
"name": "RHSA-2019:1175",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1175"
},
{
"name": "RHSA-2019:1652",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1652"
},
{
"name": "RHSA-2019:1791",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1791"
},
{
"name": "RHSA-2019:1943",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1943"
},
{
"name": "FEDORA-2019-9d85600fc7",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6LUNHPW64IGCASZ4JQ2J5KDXNZN53DWW/"
},
{
"name": "FEDORA-2019-5885663621",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M7IF3LNHOA75O4WZWIHJLIRMA5LJUED3/"
},
{
"name": "RHSA-2019:2399",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2399"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT210609"
},
{
"name": "20190927 APPLE-SA-2019-9-26-7 Xcode 11.0",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Sep/49"
},
{
"name": "20190927 APPLE-SA-2019-9-26-7 Xcode 11.0",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Sep/42"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-3855",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-17T21:39:23.503426Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-17T21:40:11.249Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "libssh2",
"vendor": "The libssh2 Project",
"versions": [
{
"status": "affected",
"version": "1.8.1"
}
]
}
],
"datePublic": "2019-03-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-16T17:41:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20190318 [SECURITY ADVISORIES] libssh2",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/03/18/3"
},
{
"name": "20190319 [slackware-security] libssh2 (SSA:2019-077-01)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Mar/25"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.libssh2.org/CVE-2019-3855.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3855"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/152136/Slackware-Security-Advisory-libssh2-Updates.html"
},
{
"name": "107485",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/107485"
},
{
"name": "FEDORA-2019-f31c14682f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XCWEA5ZCLKRDUK62QVVYMFWLWKOPX3LO/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-767"
},
{
"name": "[debian-lts-announce] 20190326 [SECURITY] [DLA 1730-1] libssh2 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190327-0005/"
},
{
"name": "RHSA-2019:0679",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0679"
},
{
"name": "openSUSE-SU-2019:1075",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html"
},
{
"name": "openSUSE-SU-2019:1109",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html"
},
{
"name": "FEDORA-2019-3348cb4934",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/"
},
{
"name": "DSA-4431",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4431"
},
{
"name": "20190415 [SECURITY] [DSA 4431-1] libssh2 security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Apr/25"
},
{
"name": "RHSA-2019:1175",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1175"
},
{
"name": "RHSA-2019:1652",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1652"
},
{
"name": "RHSA-2019:1791",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1791"
},
{
"name": "RHSA-2019:1943",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1943"
},
{
"name": "FEDORA-2019-9d85600fc7",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6LUNHPW64IGCASZ4JQ2J5KDXNZN53DWW/"
},
{
"name": "FEDORA-2019-5885663621",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M7IF3LNHOA75O4WZWIHJLIRMA5LJUED3/"
},
{
"name": "RHSA-2019:2399",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2399"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT210609"
},
{
"name": "20190927 APPLE-SA-2019-9-26-7 Xcode 11.0",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Sep/49"
},
{
"name": "20190927 APPLE-SA-2019-9-26-7 Xcode 11.0",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Sep/42"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2019-3855",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "libssh2",
"version": {
"version_data": [
{
"version_value": "1.8.1"
}
]
}
}
]
},
"vendor_name": "The libssh2 Project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "7.5/CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-190"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-787"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20190318 [SECURITY ADVISORIES] libssh2",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/03/18/3"
},
{
"name": "20190319 [slackware-security] libssh2 (SSA:2019-077-01)",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Mar/25"
},
{
"name": "https://www.libssh2.org/CVE-2019-3855.html",
"refsource": "MISC",
"url": "https://www.libssh2.org/CVE-2019-3855.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3855",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3855"
},
{
"name": "http://packetstormsecurity.com/files/152136/Slackware-Security-Advisory-libssh2-Updates.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/152136/Slackware-Security-Advisory-libssh2-Updates.html"
},
{
"name": "107485",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107485"
},
{
"name": "FEDORA-2019-f31c14682f",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XCWEA5ZCLKRDUK62QVVYMFWLWKOPX3LO/"
},
{
"name": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-767",
"refsource": "CONFIRM",
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-767"
},
{
"name": "[debian-lts-announce] 20190326 [SECURITY] [DLA 1730-1] libssh2 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190327-0005/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190327-0005/"
},
{
"name": "RHSA-2019:0679",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0679"
},
{
"name": "openSUSE-SU-2019:1075",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html"
},
{
"name": "openSUSE-SU-2019:1109",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html"
},
{
"name": "FEDORA-2019-3348cb4934",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/"
},
{
"name": "DSA-4431",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4431"
},
{
"name": "20190415 [SECURITY] [DSA 4431-1] libssh2 security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Apr/25"
},
{
"name": "RHSA-2019:1175",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1175"
},
{
"name": "RHSA-2019:1652",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1652"
},
{
"name": "RHSA-2019:1791",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1791"
},
{
"name": "RHSA-2019:1943",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1943"
},
{
"name": "FEDORA-2019-9d85600fc7",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6LUNHPW64IGCASZ4JQ2J5KDXNZN53DWW/"
},
{
"name": "FEDORA-2019-5885663621",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M7IF3LNHOA75O4WZWIHJLIRMA5LJUED3/"
},
{
"name": "RHSA-2019:2399",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2399"
},
{
"name": "https://support.apple.com/kb/HT210609",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT210609"
},
{
"name": "20190927 APPLE-SA-2019-9-26-7 Xcode 11.0",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Sep/49"
},
{
"name": "20190927 APPLE-SA-2019-9-26-7 Xcode 11.0",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/Sep/42"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
"refsource": "MISC",
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2019-3855",
"datePublished": "2019-03-21T20:13:25.000Z",
"dateReserved": "2019-01-03T00:00:00.000Z",
"dateUpdated": "2025-12-17T21:40:11.249Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2019-3862 (GCVE-0-2019-3862)
Vulnerability from nvd – Published: 2019-03-20 21:39 – Updated: 2024-08-04 19:19
VLAI
Summary
An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit status message and no payload are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.
Severity
7.3 (High)
CWE
Assigner
References
18 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| The libssh2 Project | libssh2 |
Affected:
1.8.1
|
Date Public
2019-03-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:19:18.615Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20190318 [SECURITY ADVISORIES] libssh2",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/03/18/3"
},
{
"name": "20190319 [slackware-security] libssh2 (SSA:2019-077-01)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Mar/25"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.libssh2.org/CVE-2019-3862.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3862"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/152136/Slackware-Security-Advisory-libssh2-Updates.html"
},
{
"name": "107485",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/107485"
},
{
"name": "FEDORA-2019-f31c14682f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XCWEA5ZCLKRDUK62QVVYMFWLWKOPX3LO/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-767"
},
{
"name": "[debian-lts-announce] 20190326 [SECURITY] [DLA 1730-1] libssh2 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190327-0005/"
},
{
"name": "openSUSE-SU-2019:1075",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html"
},
{
"name": "openSUSE-SU-2019:1109",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html"
},
{
"name": "FEDORA-2019-3348cb4934",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/"
},
{
"name": "DSA-4431",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4431"
},
{
"name": "20190415 [SECURITY] [DSA 4431-1] libssh2 security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Apr/25"
},
{
"name": "RHSA-2019:1884",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1884"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "libssh2",
"vendor": "The libssh2 Project",
"versions": [
{
"status": "affected",
"version": "1.8.1"
}
]
}
],
"datePublic": "2019-03-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit status message and no payload are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-130",
"description": "CWE-130",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-15T19:15:26.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20190318 [SECURITY ADVISORIES] libssh2",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/03/18/3"
},
{
"name": "20190319 [slackware-security] libssh2 (SSA:2019-077-01)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Mar/25"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.libssh2.org/CVE-2019-3862.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3862"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/152136/Slackware-Security-Advisory-libssh2-Updates.html"
},
{
"name": "107485",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/107485"
},
{
"name": "FEDORA-2019-f31c14682f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XCWEA5ZCLKRDUK62QVVYMFWLWKOPX3LO/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-767"
},
{
"name": "[debian-lts-announce] 20190326 [SECURITY] [DLA 1730-1] libssh2 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190327-0005/"
},
{
"name": "openSUSE-SU-2019:1075",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html"
},
{
"name": "openSUSE-SU-2019:1109",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html"
},
{
"name": "FEDORA-2019-3348cb4934",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/"
},
{
"name": "DSA-4431",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4431"
},
{
"name": "20190415 [SECURITY] [DSA 4431-1] libssh2 security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Apr/25"
},
{
"name": "RHSA-2019:1884",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1884"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2019-3862",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "libssh2",
"version": {
"version_data": [
{
"version_value": "1.8.1"
}
]
}
}
]
},
"vendor_name": "The libssh2 Project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit status message and no payload are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "7.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-130"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20190318 [SECURITY ADVISORIES] libssh2",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/03/18/3"
},
{
"name": "20190319 [slackware-security] libssh2 (SSA:2019-077-01)",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Mar/25"
},
{
"name": "https://www.libssh2.org/CVE-2019-3862.html",
"refsource": "MISC",
"url": "https://www.libssh2.org/CVE-2019-3862.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3862",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3862"
},
{
"name": "http://packetstormsecurity.com/files/152136/Slackware-Security-Advisory-libssh2-Updates.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/152136/Slackware-Security-Advisory-libssh2-Updates.html"
},
{
"name": "107485",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107485"
},
{
"name": "FEDORA-2019-f31c14682f",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XCWEA5ZCLKRDUK62QVVYMFWLWKOPX3LO/"
},
{
"name": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-767",
"refsource": "CONFIRM",
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-767"
},
{
"name": "[debian-lts-announce] 20190326 [SECURITY] [DLA 1730-1] libssh2 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190327-0005/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190327-0005/"
},
{
"name": "openSUSE-SU-2019:1075",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html"
},
{
"name": "openSUSE-SU-2019:1109",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html"
},
{
"name": "FEDORA-2019-3348cb4934",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/"
},
{
"name": "DSA-4431",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4431"
},
{
"name": "20190415 [SECURITY] [DSA 4431-1] libssh2 security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Apr/25"
},
{
"name": "RHSA-2019:1884",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1884"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
"refsource": "MISC",
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2019-3862",
"datePublished": "2019-03-20T21:39:52.000Z",
"dateReserved": "2019-01-03T00:00:00.000Z",
"dateUpdated": "2024-08-04T19:19:18.615Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
VAR-201903-0388
Vulnerability from variot - Updated: 2024-07-23 21:20An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server. libssh2 Contains an integer overflow vulnerability.Information is obtained and service operation is interrupted (DoS) There is a possibility of being put into a state. It can execute remote commands and file transfers, and at the same time provide a secure transmission channel for remote programs. An integer overflow vulnerability exists in libssh2. The vulnerability is caused by the '_libssh2_transport_read()' function not properly checking the packet_length value from the server. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2019-9-26-7 Xcode 11.0
Xcode 11.0 addresses the following:
IDE SCM Available for: macOS Mojave 10.14.4 and later Impact: Multiple issues in libssh2 Description: Multiple issues were addressed by updating to version 2.16. CVE-2019-3855: Chris Coulson
ld64 Available for: macOS Mojave 10.14.4 and later Impact: Compiling code without proper input validation could lead to arbitrary code execution with user privilege Description: Multiple issues in ld64 in the Xcode toolchains were addressed by updating to version ld64-507.4. CVE-2019-8721: Pan ZhenPeng of Qihoo 360 Nirvan Team CVE-2019-8722: Pan ZhenPeng of Qihoo 360 Nirvan Team CVE-2019-8723: Pan ZhenPeng of Qihoo 360 Nirvan Team CVE-2019-8724: Pan ZhenPeng of Qihoo 360 Nirvan Team
otool Available for: macOS Mojave 10.14.4 and later Impact: Processing a maliciously crafted file may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2019-8738: Pan ZhenPeng (@Peterpan0927) of Qihoo 360 Nirvan Team CVE-2019-8739: Pan ZhenPeng (@Peterpan0927) of Qihoo 360 Nirvan Team
Installation note:
Xcode 11.0 may be obtained from:
https://developer.apple.com/xcode/downloads/
To check that the Xcode has been updated:
- Select Xcode in the menu bar
- Select About Xcode
-
The version after applying this update will be "11.0". 6) - i386, x86_64
-
Description:
The libssh2 packages provide a library that implements the SSH2 protocol. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Important: virt:rhel security update Advisory ID: RHSA-2019:1175-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:1175 Issue date: 2019-05-14 CVE Names: CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2018-20815 CVE-2019-3855 CVE-2019-3856 CVE-2019-3857 CVE-2019-3863 CVE-2019-11091 =====================================================================
- Summary:
An update for the virt:rhel module is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64
- Description:
Kernel-based Virtual Machine (KVM) offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtualized systems.
Security Fix(es):
-
A flaw was found in the implementation of the "fill buffer", a mechanism used by modern CPUs when a cache-miss is made on L1 CPU cache. If an attacker can generate a load operation that would create a page fault, the execution will continue speculatively with incorrect data from the fill buffer while the data is fetched from higher level caches. This response time can be measured to infer data in the fill buffer. (CVE-2018-12130)
-
Modern Intel microprocessors implement hardware-level micro-optimizations to improve the performance of writing data back to CPU caches. The write operation is split into STA (STore Address) and STD (STore Data) sub-operations. These sub-operations allow the processor to hand-off address generation logic into these sub-operations for optimized writes. Both of these sub-operations write to a shared distributed processor structure called the 'processor store buffer'. As a result, an unprivileged attacker could use this flaw to read private data resident within the CPU's processor store buffer. (CVE-2018-12126)
-
Microprocessors use a ‘load port’ subcomponent to perform load operations from memory or IO. During a load operation, the load port receives data from the memory or IO subsystem and then provides the data to the CPU registers and operations in the CPU’s pipelines. Stale load operations results are stored in the 'load port' table until overwritten by newer operations. Certain load-port operations triggered by an attacker can be used to reveal data about previous stale requests leaking data back to the attacker via a timing side-channel. (CVE-2018-12127)
-
Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.
-
Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1646781 - CVE-2018-12126 hardware: Microarchitectural Store Buffer Data Sampling (MSBDS) 1646784 - CVE-2018-12130 hardware: Microarchitectural Fill Buffer Data Sampling (MFBDS) 1667782 - CVE-2018-12127 hardware: Micro-architectural Load Port Data Sampling - Information Leak (MLPDS) 1687303 - CVE-2019-3855 libssh2: Integer overflow in transport read resulting in out of bounds write 1687304 - CVE-2019-3856 libssh2: Integer overflow in keyboard interactive handling resulting in out of bounds write 1687305 - CVE-2019-3857 libssh2: Integer overflow in SSH packet processing channel resulting in out of bounds write 1687313 - CVE-2019-3863 libssh2: Integer overflow in user authenticate keyboard interactive allows out-of-bounds writes 1693101 - CVE-2018-20815 QEMU: device_tree: heap buffer overflow while loading device tree blob 1705312 - CVE-2019-11091 hardware: Microarchitectural Data Sampling Uncacheable Memory (MDSUM)
- Package List:
Red Hat Enterprise Linux AppStream (v. 8):
Source: SLOF-20171214-5.gitfa98132.module+el8.0.0+3075+09be6b65.src.rpm hivex-1.3.15-6.module+el8.0.0+3075+09be6b65.src.rpm libguestfs-1.38.4-10.module+el8.0.0+3075+09be6b65.src.rpm libguestfs-winsupport-8.0-2.module+el8.0.0+3075+09be6b65.src.rpm libiscsi-1.18.0-6.module+el8.0.0+3075+09be6b65.src.rpm libssh2-1.8.0-7.module+el8.0.0+3075+09be6b65.1.src.rpm libvirt-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.src.rpm libvirt-dbus-1.2.0-2.module+el8.0.0+3075+09be6b65.src.rpm libvirt-python-4.5.0-1.module+el8.0.0+3075+09be6b65.src.rpm nbdkit-1.4.2-4.module+el8.0.0+3075+09be6b65.src.rpm netcf-0.2.8-10.module+el8.0.0+3075+09be6b65.src.rpm perl-Sys-Virt-4.5.0-4.module+el8.0.0+3075+09be6b65.src.rpm qemu-kvm-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.src.rpm seabios-1.11.1-3.module+el8.0.0+3075+09be6b65.src.rpm sgabios-0.20170427git-2.module+el8.0.0+3075+09be6b65.src.rpm supermin-5.1.19-8.module+el8.0.0+3075+09be6b65.src.rpm
aarch64: hivex-1.3.15-6.module+el8.0.0+3075+09be6b65.aarch64.rpm hivex-debuginfo-1.3.15-6.module+el8.0.0+3075+09be6b65.aarch64.rpm hivex-debugsource-1.3.15-6.module+el8.0.0+3075+09be6b65.aarch64.rpm hivex-devel-1.3.15-6.module+el8.0.0+3075+09be6b65.aarch64.rpm libguestfs-1.38.4-10.module+el8.0.0+3075+09be6b65.aarch64.rpm libguestfs-benchmarking-1.38.4-10.module+el8.0.0+3075+09be6b65.aarch64.rpm libguestfs-benchmarking-debuginfo-1.38.4-10.module+el8.0.0+3075+09be6b65.aarch64.rpm libguestfs-debuginfo-1.38.4-10.module+el8.0.0+3075+09be6b65.aarch64.rpm libguestfs-debugsource-1.38.4-10.module+el8.0.0+3075+09be6b65.aarch64.rpm libguestfs-devel-1.38.4-10.module+el8.0.0+3075+09be6b65.aarch64.rpm libguestfs-gfs2-1.38.4-10.module+el8.0.0+3075+09be6b65.aarch64.rpm libguestfs-gobject-1.38.4-10.module+el8.0.0+3075+09be6b65.aarch64.rpm libguestfs-gobject-debuginfo-1.38.4-10.module+el8.0.0+3075+09be6b65.aarch64.rpm libguestfs-gobject-devel-1.38.4-10.module+el8.0.0+3075+09be6b65.aarch64.rpm libguestfs-java-1.38.4-10.module+el8.0.0+3075+09be6b65.aarch64.rpm libguestfs-java-debuginfo-1.38.4-10.module+el8.0.0+3075+09be6b65.aarch64.rpm libguestfs-java-devel-1.38.4-10.module+el8.0.0+3075+09be6b65.aarch64.rpm libguestfs-rescue-1.38.4-10.module+el8.0.0+3075+09be6b65.aarch64.rpm libguestfs-rsync-1.38.4-10.module+el8.0.0+3075+09be6b65.aarch64.rpm libguestfs-tools-c-1.38.4-10.module+el8.0.0+3075+09be6b65.aarch64.rpm libguestfs-tools-c-debuginfo-1.38.4-10.module+el8.0.0+3075+09be6b65.aarch64.rpm libguestfs-winsupport-8.0-2.module+el8.0.0+3075+09be6b65.aarch64.rpm libguestfs-xfs-1.38.4-10.module+el8.0.0+3075+09be6b65.aarch64.rpm libiscsi-1.18.0-6.module+el8.0.0+3075+09be6b65.aarch64.rpm libiscsi-debuginfo-1.18.0-6.module+el8.0.0+3075+09be6b65.aarch64.rpm libiscsi-debugsource-1.18.0-6.module+el8.0.0+3075+09be6b65.aarch64.rpm libiscsi-devel-1.18.0-6.module+el8.0.0+3075+09be6b65.aarch64.rpm libiscsi-utils-1.18.0-6.module+el8.0.0+3075+09be6b65.aarch64.rpm libiscsi-utils-debuginfo-1.18.0-6.module+el8.0.0+3075+09be6b65.aarch64.rpm libssh2-1.8.0-7.module+el8.0.0+3075+09be6b65.1.aarch64.rpm libssh2-debuginfo-1.8.0-7.module+el8.0.0+3075+09be6b65.1.aarch64.rpm libssh2-debugsource-1.8.0-7.module+el8.0.0+3075+09be6b65.1.aarch64.rpm libvirt-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.aarch64.rpm libvirt-admin-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.aarch64.rpm libvirt-admin-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.aarch64.rpm libvirt-bash-completion-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.aarch64.rpm libvirt-client-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.aarch64.rpm libvirt-client-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.aarch64.rpm libvirt-daemon-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.aarch64.rpm libvirt-daemon-config-network-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.aarch64.rpm libvirt-daemon-config-nwfilter-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.aarch64.rpm libvirt-daemon-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.aarch64.rpm libvirt-daemon-driver-interface-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.aarch64.rpm libvirt-daemon-driver-interface-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.aarch64.rpm libvirt-daemon-driver-network-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.aarch64.rpm libvirt-daemon-driver-network-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.aarch64.rpm libvirt-daemon-driver-nodedev-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.aarch64.rpm libvirt-daemon-driver-nodedev-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.aarch64.rpm libvirt-daemon-driver-nwfilter-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.aarch64.rpm libvirt-daemon-driver-nwfilter-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.aarch64.rpm libvirt-daemon-driver-qemu-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.aarch64.rpm libvirt-daemon-driver-qemu-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.aarch64.rpm libvirt-daemon-driver-secret-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.aarch64.rpm libvirt-daemon-driver-secret-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.aarch64.rpm libvirt-daemon-driver-storage-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.aarch64.rpm libvirt-daemon-driver-storage-core-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.aarch64.rpm libvirt-daemon-driver-storage-core-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.aarch64.rpm libvirt-daemon-driver-storage-disk-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.aarch64.rpm libvirt-daemon-driver-storage-disk-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.aarch64.rpm libvirt-daemon-driver-storage-gluster-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.aarch64.rpm libvirt-daemon-driver-storage-gluster-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.aarch64.rpm libvirt-daemon-driver-storage-iscsi-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.aarch64.rpm libvirt-daemon-driver-storage-iscsi-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.aarch64.rpm libvirt-daemon-driver-storage-logical-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.aarch64.rpm libvirt-daemon-driver-storage-logical-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.aarch64.rpm libvirt-daemon-driver-storage-mpath-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.aarch64.rpm libvirt-daemon-driver-storage-mpath-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.aarch64.rpm libvirt-daemon-driver-storage-rbd-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.aarch64.rpm libvirt-daemon-driver-storage-rbd-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.aarch64.rpm libvirt-daemon-driver-storage-scsi-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.aarch64.rpm libvirt-daemon-driver-storage-scsi-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.aarch64.rpm libvirt-daemon-kvm-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.aarch64.rpm libvirt-dbus-1.2.0-2.module+el8.0.0+3075+09be6b65.aarch64.rpm libvirt-dbus-debuginfo-1.2.0-2.module+el8.0.0+3075+09be6b65.aarch64.rpm libvirt-dbus-debugsource-1.2.0-2.module+el8.0.0+3075+09be6b65.aarch64.rpm libvirt-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.aarch64.rpm libvirt-debugsource-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.aarch64.rpm libvirt-devel-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.aarch64.rpm libvirt-docs-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.aarch64.rpm libvirt-libs-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.aarch64.rpm libvirt-libs-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.aarch64.rpm libvirt-lock-sanlock-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.aarch64.rpm libvirt-lock-sanlock-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.aarch64.rpm libvirt-nss-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.aarch64.rpm libvirt-nss-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.aarch64.rpm lua-guestfs-1.38.4-10.module+el8.0.0+3075+09be6b65.aarch64.rpm lua-guestfs-debuginfo-1.38.4-10.module+el8.0.0+3075+09be6b65.aarch64.rpm nbdkit-1.4.2-4.module+el8.0.0+3075+09be6b65.aarch64.rpm nbdkit-basic-plugins-1.4.2-4.module+el8.0.0+3075+09be6b65.aarch64.rpm nbdkit-basic-plugins-debuginfo-1.4.2-4.module+el8.0.0+3075+09be6b65.aarch64.rpm nbdkit-debuginfo-1.4.2-4.module+el8.0.0+3075+09be6b65.aarch64.rpm nbdkit-debugsource-1.4.2-4.module+el8.0.0+3075+09be6b65.aarch64.rpm nbdkit-devel-1.4.2-4.module+el8.0.0+3075+09be6b65.aarch64.rpm nbdkit-example-plugins-1.4.2-4.module+el8.0.0+3075+09be6b65.aarch64.rpm nbdkit-example-plugins-debuginfo-1.4.2-4.module+el8.0.0+3075+09be6b65.aarch64.rpm nbdkit-plugin-gzip-1.4.2-4.module+el8.0.0+3075+09be6b65.aarch64.rpm nbdkit-plugin-gzip-debuginfo-1.4.2-4.module+el8.0.0+3075+09be6b65.aarch64.rpm nbdkit-plugin-python-common-1.4.2-4.module+el8.0.0+3075+09be6b65.aarch64.rpm nbdkit-plugin-python3-1.4.2-4.module+el8.0.0+3075+09be6b65.aarch64.rpm nbdkit-plugin-python3-debuginfo-1.4.2-4.module+el8.0.0+3075+09be6b65.aarch64.rpm nbdkit-plugin-xz-1.4.2-4.module+el8.0.0+3075+09be6b65.aarch64.rpm nbdkit-plugin-xz-debuginfo-1.4.2-4.module+el8.0.0+3075+09be6b65.aarch64.rpm netcf-0.2.8-10.module+el8.0.0+3075+09be6b65.aarch64.rpm netcf-debuginfo-0.2.8-10.module+el8.0.0+3075+09be6b65.aarch64.rpm netcf-debugsource-0.2.8-10.module+el8.0.0+3075+09be6b65.aarch64.rpm netcf-devel-0.2.8-10.module+el8.0.0+3075+09be6b65.aarch64.rpm netcf-libs-0.2.8-10.module+el8.0.0+3075+09be6b65.aarch64.rpm netcf-libs-debuginfo-0.2.8-10.module+el8.0.0+3075+09be6b65.aarch64.rpm perl-Sys-Guestfs-1.38.4-10.module+el8.0.0+3075+09be6b65.aarch64.rpm perl-Sys-Guestfs-debuginfo-1.38.4-10.module+el8.0.0+3075+09be6b65.aarch64.rpm perl-Sys-Virt-4.5.0-4.module+el8.0.0+3075+09be6b65.aarch64.rpm perl-Sys-Virt-debuginfo-4.5.0-4.module+el8.0.0+3075+09be6b65.aarch64.rpm perl-Sys-Virt-debugsource-4.5.0-4.module+el8.0.0+3075+09be6b65.aarch64.rpm perl-hivex-1.3.15-6.module+el8.0.0+3075+09be6b65.aarch64.rpm perl-hivex-debuginfo-1.3.15-6.module+el8.0.0+3075+09be6b65.aarch64.rpm python3-hivex-1.3.15-6.module+el8.0.0+3075+09be6b65.aarch64.rpm python3-hivex-debuginfo-1.3.15-6.module+el8.0.0+3075+09be6b65.aarch64.rpm python3-libguestfs-1.38.4-10.module+el8.0.0+3075+09be6b65.aarch64.rpm python3-libguestfs-debuginfo-1.38.4-10.module+el8.0.0+3075+09be6b65.aarch64.rpm python3-libvirt-4.5.0-1.module+el8.0.0+3075+09be6b65.aarch64.rpm python3-libvirt-debuginfo-4.5.0-1.module+el8.0.0+3075+09be6b65.aarch64.rpm qemu-guest-agent-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.aarch64.rpm qemu-guest-agent-debuginfo-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.aarch64.rpm qemu-img-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.aarch64.rpm qemu-img-debuginfo-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.aarch64.rpm qemu-kvm-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.aarch64.rpm qemu-kvm-block-curl-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.aarch64.rpm qemu-kvm-block-curl-debuginfo-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.aarch64.rpm qemu-kvm-block-iscsi-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.aarch64.rpm qemu-kvm-block-iscsi-debuginfo-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.aarch64.rpm qemu-kvm-block-rbd-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.aarch64.rpm qemu-kvm-block-rbd-debuginfo-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.aarch64.rpm qemu-kvm-block-ssh-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.aarch64.rpm qemu-kvm-block-ssh-debuginfo-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.aarch64.rpm qemu-kvm-common-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.aarch64.rpm qemu-kvm-common-debuginfo-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.aarch64.rpm qemu-kvm-core-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.aarch64.rpm qemu-kvm-core-debuginfo-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.aarch64.rpm qemu-kvm-debuginfo-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.aarch64.rpm qemu-kvm-debugsource-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.aarch64.rpm ruby-hivex-1.3.15-6.module+el8.0.0+3075+09be6b65.aarch64.rpm ruby-hivex-debuginfo-1.3.15-6.module+el8.0.0+3075+09be6b65.aarch64.rpm ruby-libguestfs-1.38.4-10.module+el8.0.0+3075+09be6b65.aarch64.rpm ruby-libguestfs-debuginfo-1.38.4-10.module+el8.0.0+3075+09be6b65.aarch64.rpm supermin-5.1.19-8.module+el8.0.0+3075+09be6b65.aarch64.rpm supermin-debuginfo-5.1.19-8.module+el8.0.0+3075+09be6b65.aarch64.rpm supermin-debugsource-5.1.19-8.module+el8.0.0+3075+09be6b65.aarch64.rpm supermin-devel-5.1.19-8.module+el8.0.0+3075+09be6b65.aarch64.rpm virt-dib-1.38.4-10.module+el8.0.0+3075+09be6b65.aarch64.rpm virt-dib-debuginfo-1.38.4-10.module+el8.0.0+3075+09be6b65.aarch64.rpm
noarch: SLOF-20171214-5.gitfa98132.module+el8.0.0+3075+09be6b65.noarch.rpm libguestfs-bash-completion-1.38.4-10.module+el8.0.0+3075+09be6b65.noarch.rpm libguestfs-inspect-icons-1.38.4-10.module+el8.0.0+3075+09be6b65.noarch.rpm libguestfs-javadoc-1.38.4-10.module+el8.0.0+3075+09be6b65.noarch.rpm libguestfs-man-pages-ja-1.38.4-10.module+el8.0.0+3075+09be6b65.noarch.rpm libguestfs-man-pages-uk-1.38.4-10.module+el8.0.0+3075+09be6b65.noarch.rpm libguestfs-tools-1.38.4-10.module+el8.0.0+3075+09be6b65.noarch.rpm nbdkit-bash-completion-1.4.2-4.module+el8.0.0+3075+09be6b65.noarch.rpm seabios-bin-1.11.1-3.module+el8.0.0+3075+09be6b65.noarch.rpm seavgabios-bin-1.11.1-3.module+el8.0.0+3075+09be6b65.noarch.rpm sgabios-bin-0.20170427git-2.module+el8.0.0+3075+09be6b65.noarch.rpm
ppc64le: hivex-1.3.15-6.module+el8.0.0+3075+09be6b65.ppc64le.rpm hivex-debuginfo-1.3.15-6.module+el8.0.0+3075+09be6b65.ppc64le.rpm hivex-debugsource-1.3.15-6.module+el8.0.0+3075+09be6b65.ppc64le.rpm hivex-devel-1.3.15-6.module+el8.0.0+3075+09be6b65.ppc64le.rpm libguestfs-1.38.4-10.module+el8.0.0+3075+09be6b65.ppc64le.rpm libguestfs-debuginfo-1.38.4-10.module+el8.0.0+3075+09be6b65.ppc64le.rpm libguestfs-debugsource-1.38.4-10.module+el8.0.0+3075+09be6b65.ppc64le.rpm libguestfs-devel-1.38.4-10.module+el8.0.0+3075+09be6b65.ppc64le.rpm libguestfs-gfs2-1.38.4-10.module+el8.0.0+3075+09be6b65.ppc64le.rpm libguestfs-gobject-1.38.4-10.module+el8.0.0+3075+09be6b65.ppc64le.rpm libguestfs-gobject-debuginfo-1.38.4-10.module+el8.0.0+3075+09be6b65.ppc64le.rpm libguestfs-gobject-devel-1.38.4-10.module+el8.0.0+3075+09be6b65.ppc64le.rpm libguestfs-java-1.38.4-10.module+el8.0.0+3075+09be6b65.ppc64le.rpm libguestfs-java-debuginfo-1.38.4-10.module+el8.0.0+3075+09be6b65.ppc64le.rpm libguestfs-java-devel-1.38.4-10.module+el8.0.0+3075+09be6b65.ppc64le.rpm libguestfs-rescue-1.38.4-10.module+el8.0.0+3075+09be6b65.ppc64le.rpm libguestfs-rsync-1.38.4-10.module+el8.0.0+3075+09be6b65.ppc64le.rpm libguestfs-tools-c-1.38.4-10.module+el8.0.0+3075+09be6b65.ppc64le.rpm libguestfs-tools-c-debuginfo-1.38.4-10.module+el8.0.0+3075+09be6b65.ppc64le.rpm libguestfs-winsupport-8.0-2.module+el8.0.0+3075+09be6b65.ppc64le.rpm libguestfs-xfs-1.38.4-10.module+el8.0.0+3075+09be6b65.ppc64le.rpm libiscsi-1.18.0-6.module+el8.0.0+3075+09be6b65.ppc64le.rpm libiscsi-debuginfo-1.18.0-6.module+el8.0.0+3075+09be6b65.ppc64le.rpm libiscsi-debugsource-1.18.0-6.module+el8.0.0+3075+09be6b65.ppc64le.rpm libiscsi-devel-1.18.0-6.module+el8.0.0+3075+09be6b65.ppc64le.rpm libiscsi-utils-1.18.0-6.module+el8.0.0+3075+09be6b65.ppc64le.rpm libiscsi-utils-debuginfo-1.18.0-6.module+el8.0.0+3075+09be6b65.ppc64le.rpm libssh2-1.8.0-7.module+el8.0.0+3075+09be6b65.1.ppc64le.rpm libssh2-debuginfo-1.8.0-7.module+el8.0.0+3075+09be6b65.1.ppc64le.rpm libssh2-debugsource-1.8.0-7.module+el8.0.0+3075+09be6b65.1.ppc64le.rpm libvirt-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.ppc64le.rpm libvirt-admin-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.ppc64le.rpm libvirt-admin-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.ppc64le.rpm libvirt-bash-completion-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.ppc64le.rpm libvirt-client-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.ppc64le.rpm libvirt-client-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.ppc64le.rpm libvirt-daemon-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.ppc64le.rpm libvirt-daemon-config-network-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.ppc64le.rpm libvirt-daemon-config-nwfilter-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.ppc64le.rpm libvirt-daemon-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.ppc64le.rpm libvirt-daemon-driver-interface-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.ppc64le.rpm libvirt-daemon-driver-interface-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.ppc64le.rpm libvirt-daemon-driver-network-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.ppc64le.rpm libvirt-daemon-driver-network-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.ppc64le.rpm libvirt-daemon-driver-nodedev-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.ppc64le.rpm libvirt-daemon-driver-nodedev-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.ppc64le.rpm libvirt-daemon-driver-nwfilter-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.ppc64le.rpm libvirt-daemon-driver-nwfilter-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.ppc64le.rpm libvirt-daemon-driver-qemu-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.ppc64le.rpm libvirt-daemon-driver-qemu-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.ppc64le.rpm libvirt-daemon-driver-secret-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.ppc64le.rpm libvirt-daemon-driver-secret-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.ppc64le.rpm libvirt-daemon-driver-storage-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.ppc64le.rpm libvirt-daemon-driver-storage-core-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.ppc64le.rpm libvirt-daemon-driver-storage-core-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.ppc64le.rpm libvirt-daemon-driver-storage-disk-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.ppc64le.rpm libvirt-daemon-driver-storage-disk-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.ppc64le.rpm libvirt-daemon-driver-storage-gluster-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.ppc64le.rpm libvirt-daemon-driver-storage-gluster-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.ppc64le.rpm libvirt-daemon-driver-storage-iscsi-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.ppc64le.rpm libvirt-daemon-driver-storage-iscsi-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.ppc64le.rpm libvirt-daemon-driver-storage-logical-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.ppc64le.rpm libvirt-daemon-driver-storage-logical-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.ppc64le.rpm libvirt-daemon-driver-storage-mpath-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.ppc64le.rpm libvirt-daemon-driver-storage-mpath-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.ppc64le.rpm libvirt-daemon-driver-storage-rbd-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.ppc64le.rpm libvirt-daemon-driver-storage-rbd-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.ppc64le.rpm libvirt-daemon-driver-storage-scsi-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.ppc64le.rpm libvirt-daemon-driver-storage-scsi-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.ppc64le.rpm libvirt-daemon-kvm-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.ppc64le.rpm libvirt-dbus-1.2.0-2.module+el8.0.0+3075+09be6b65.ppc64le.rpm libvirt-dbus-debuginfo-1.2.0-2.module+el8.0.0+3075+09be6b65.ppc64le.rpm libvirt-dbus-debugsource-1.2.0-2.module+el8.0.0+3075+09be6b65.ppc64le.rpm libvirt-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.ppc64le.rpm libvirt-debugsource-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.ppc64le.rpm libvirt-devel-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.ppc64le.rpm libvirt-docs-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.ppc64le.rpm libvirt-libs-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.ppc64le.rpm libvirt-libs-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.ppc64le.rpm libvirt-lock-sanlock-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.ppc64le.rpm libvirt-lock-sanlock-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.ppc64le.rpm libvirt-nss-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.ppc64le.rpm libvirt-nss-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.ppc64le.rpm lua-guestfs-1.38.4-10.module+el8.0.0+3075+09be6b65.ppc64le.rpm lua-guestfs-debuginfo-1.38.4-10.module+el8.0.0+3075+09be6b65.ppc64le.rpm nbdkit-1.4.2-4.module+el8.0.0+3075+09be6b65.ppc64le.rpm nbdkit-basic-plugins-1.4.2-4.module+el8.0.0+3075+09be6b65.ppc64le.rpm nbdkit-basic-plugins-debuginfo-1.4.2-4.module+el8.0.0+3075+09be6b65.ppc64le.rpm nbdkit-debuginfo-1.4.2-4.module+el8.0.0+3075+09be6b65.ppc64le.rpm nbdkit-debugsource-1.4.2-4.module+el8.0.0+3075+09be6b65.ppc64le.rpm nbdkit-devel-1.4.2-4.module+el8.0.0+3075+09be6b65.ppc64le.rpm nbdkit-example-plugins-1.4.2-4.module+el8.0.0+3075+09be6b65.ppc64le.rpm nbdkit-example-plugins-debuginfo-1.4.2-4.module+el8.0.0+3075+09be6b65.ppc64le.rpm nbdkit-plugin-gzip-1.4.2-4.module+el8.0.0+3075+09be6b65.ppc64le.rpm nbdkit-plugin-gzip-debuginfo-1.4.2-4.module+el8.0.0+3075+09be6b65.ppc64le.rpm nbdkit-plugin-python-common-1.4.2-4.module+el8.0.0+3075+09be6b65.ppc64le.rpm nbdkit-plugin-python3-1.4.2-4.module+el8.0.0+3075+09be6b65.ppc64le.rpm nbdkit-plugin-python3-debuginfo-1.4.2-4.module+el8.0.0+3075+09be6b65.ppc64le.rpm nbdkit-plugin-xz-1.4.2-4.module+el8.0.0+3075+09be6b65.ppc64le.rpm nbdkit-plugin-xz-debuginfo-1.4.2-4.module+el8.0.0+3075+09be6b65.ppc64le.rpm netcf-0.2.8-10.module+el8.0.0+3075+09be6b65.ppc64le.rpm netcf-debuginfo-0.2.8-10.module+el8.0.0+3075+09be6b65.ppc64le.rpm netcf-debugsource-0.2.8-10.module+el8.0.0+3075+09be6b65.ppc64le.rpm netcf-devel-0.2.8-10.module+el8.0.0+3075+09be6b65.ppc64le.rpm netcf-libs-0.2.8-10.module+el8.0.0+3075+09be6b65.ppc64le.rpm netcf-libs-debuginfo-0.2.8-10.module+el8.0.0+3075+09be6b65.ppc64le.rpm perl-Sys-Guestfs-1.38.4-10.module+el8.0.0+3075+09be6b65.ppc64le.rpm perl-Sys-Guestfs-debuginfo-1.38.4-10.module+el8.0.0+3075+09be6b65.ppc64le.rpm perl-Sys-Virt-4.5.0-4.module+el8.0.0+3075+09be6b65.ppc64le.rpm perl-Sys-Virt-debuginfo-4.5.0-4.module+el8.0.0+3075+09be6b65.ppc64le.rpm perl-Sys-Virt-debugsource-4.5.0-4.module+el8.0.0+3075+09be6b65.ppc64le.rpm perl-hivex-1.3.15-6.module+el8.0.0+3075+09be6b65.ppc64le.rpm perl-hivex-debuginfo-1.3.15-6.module+el8.0.0+3075+09be6b65.ppc64le.rpm python3-hivex-1.3.15-6.module+el8.0.0+3075+09be6b65.ppc64le.rpm python3-hivex-debuginfo-1.3.15-6.module+el8.0.0+3075+09be6b65.ppc64le.rpm python3-libguestfs-1.38.4-10.module+el8.0.0+3075+09be6b65.ppc64le.rpm python3-libguestfs-debuginfo-1.38.4-10.module+el8.0.0+3075+09be6b65.ppc64le.rpm python3-libvirt-4.5.0-1.module+el8.0.0+3075+09be6b65.ppc64le.rpm python3-libvirt-debuginfo-4.5.0-1.module+el8.0.0+3075+09be6b65.ppc64le.rpm qemu-guest-agent-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.ppc64le.rpm qemu-guest-agent-debuginfo-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.ppc64le.rpm qemu-img-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.ppc64le.rpm qemu-img-debuginfo-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.ppc64le.rpm qemu-kvm-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.ppc64le.rpm qemu-kvm-block-curl-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.ppc64le.rpm qemu-kvm-block-curl-debuginfo-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.ppc64le.rpm qemu-kvm-block-iscsi-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.ppc64le.rpm qemu-kvm-block-iscsi-debuginfo-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.ppc64le.rpm qemu-kvm-block-rbd-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.ppc64le.rpm qemu-kvm-block-rbd-debuginfo-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.ppc64le.rpm qemu-kvm-block-ssh-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.ppc64le.rpm qemu-kvm-block-ssh-debuginfo-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.ppc64le.rpm qemu-kvm-common-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.ppc64le.rpm qemu-kvm-common-debuginfo-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.ppc64le.rpm qemu-kvm-core-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.ppc64le.rpm qemu-kvm-core-debuginfo-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.ppc64le.rpm qemu-kvm-debuginfo-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.ppc64le.rpm qemu-kvm-debugsource-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.ppc64le.rpm ruby-hivex-1.3.15-6.module+el8.0.0+3075+09be6b65.ppc64le.rpm ruby-hivex-debuginfo-1.3.15-6.module+el8.0.0+3075+09be6b65.ppc64le.rpm ruby-libguestfs-1.38.4-10.module+el8.0.0+3075+09be6b65.ppc64le.rpm ruby-libguestfs-debuginfo-1.38.4-10.module+el8.0.0+3075+09be6b65.ppc64le.rpm supermin-5.1.19-8.module+el8.0.0+3075+09be6b65.ppc64le.rpm supermin-debuginfo-5.1.19-8.module+el8.0.0+3075+09be6b65.ppc64le.rpm supermin-debugsource-5.1.19-8.module+el8.0.0+3075+09be6b65.ppc64le.rpm supermin-devel-5.1.19-8.module+el8.0.0+3075+09be6b65.ppc64le.rpm virt-dib-1.38.4-10.module+el8.0.0+3075+09be6b65.ppc64le.rpm virt-dib-debuginfo-1.38.4-10.module+el8.0.0+3075+09be6b65.ppc64le.rpm
s390x: hivex-1.3.15-6.module+el8.0.0+3075+09be6b65.s390x.rpm hivex-debuginfo-1.3.15-6.module+el8.0.0+3075+09be6b65.s390x.rpm hivex-debugsource-1.3.15-6.module+el8.0.0+3075+09be6b65.s390x.rpm hivex-devel-1.3.15-6.module+el8.0.0+3075+09be6b65.s390x.rpm libguestfs-1.38.4-10.module+el8.0.0+3075+09be6b65.s390x.rpm libguestfs-debuginfo-1.38.4-10.module+el8.0.0+3075+09be6b65.s390x.rpm libguestfs-debugsource-1.38.4-10.module+el8.0.0+3075+09be6b65.s390x.rpm libguestfs-devel-1.38.4-10.module+el8.0.0+3075+09be6b65.s390x.rpm libguestfs-gfs2-1.38.4-10.module+el8.0.0+3075+09be6b65.s390x.rpm libguestfs-gobject-1.38.4-10.module+el8.0.0+3075+09be6b65.s390x.rpm libguestfs-gobject-debuginfo-1.38.4-10.module+el8.0.0+3075+09be6b65.s390x.rpm libguestfs-gobject-devel-1.38.4-10.module+el8.0.0+3075+09be6b65.s390x.rpm libguestfs-java-1.38.4-10.module+el8.0.0+3075+09be6b65.s390x.rpm libguestfs-java-debuginfo-1.38.4-10.module+el8.0.0+3075+09be6b65.s390x.rpm libguestfs-java-devel-1.38.4-10.module+el8.0.0+3075+09be6b65.s390x.rpm libguestfs-rescue-1.38.4-10.module+el8.0.0+3075+09be6b65.s390x.rpm libguestfs-rsync-1.38.4-10.module+el8.0.0+3075+09be6b65.s390x.rpm libguestfs-tools-c-1.38.4-10.module+el8.0.0+3075+09be6b65.s390x.rpm libguestfs-tools-c-debuginfo-1.38.4-10.module+el8.0.0+3075+09be6b65.s390x.rpm libguestfs-winsupport-8.0-2.module+el8.0.0+3075+09be6b65.s390x.rpm libguestfs-xfs-1.38.4-10.module+el8.0.0+3075+09be6b65.s390x.rpm libiscsi-1.18.0-6.module+el8.0.0+3075+09be6b65.s390x.rpm libiscsi-debuginfo-1.18.0-6.module+el8.0.0+3075+09be6b65.s390x.rpm libiscsi-debugsource-1.18.0-6.module+el8.0.0+3075+09be6b65.s390x.rpm libiscsi-devel-1.18.0-6.module+el8.0.0+3075+09be6b65.s390x.rpm libiscsi-utils-1.18.0-6.module+el8.0.0+3075+09be6b65.s390x.rpm libiscsi-utils-debuginfo-1.18.0-6.module+el8.0.0+3075+09be6b65.s390x.rpm libssh2-1.8.0-7.module+el8.0.0+3075+09be6b65.1.s390x.rpm libssh2-debuginfo-1.8.0-7.module+el8.0.0+3075+09be6b65.1.s390x.rpm libssh2-debugsource-1.8.0-7.module+el8.0.0+3075+09be6b65.1.s390x.rpm libvirt-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.s390x.rpm libvirt-admin-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.s390x.rpm libvirt-admin-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.s390x.rpm libvirt-bash-completion-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.s390x.rpm libvirt-client-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.s390x.rpm libvirt-client-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.s390x.rpm libvirt-daemon-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.s390x.rpm libvirt-daemon-config-network-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.s390x.rpm libvirt-daemon-config-nwfilter-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.s390x.rpm libvirt-daemon-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.s390x.rpm libvirt-daemon-driver-interface-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.s390x.rpm libvirt-daemon-driver-interface-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.s390x.rpm libvirt-daemon-driver-network-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.s390x.rpm libvirt-daemon-driver-network-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.s390x.rpm libvirt-daemon-driver-nodedev-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.s390x.rpm libvirt-daemon-driver-nodedev-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.s390x.rpm libvirt-daemon-driver-nwfilter-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.s390x.rpm libvirt-daemon-driver-nwfilter-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.s390x.rpm libvirt-daemon-driver-qemu-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.s390x.rpm libvirt-daemon-driver-qemu-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.s390x.rpm libvirt-daemon-driver-secret-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.s390x.rpm libvirt-daemon-driver-secret-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.s390x.rpm libvirt-daemon-driver-storage-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.s390x.rpm libvirt-daemon-driver-storage-core-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.s390x.rpm libvirt-daemon-driver-storage-core-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.s390x.rpm libvirt-daemon-driver-storage-disk-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.s390x.rpm libvirt-daemon-driver-storage-disk-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.s390x.rpm libvirt-daemon-driver-storage-gluster-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.s390x.rpm libvirt-daemon-driver-storage-gluster-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.s390x.rpm libvirt-daemon-driver-storage-iscsi-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.s390x.rpm libvirt-daemon-driver-storage-iscsi-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.s390x.rpm libvirt-daemon-driver-storage-logical-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.s390x.rpm libvirt-daemon-driver-storage-logical-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.s390x.rpm libvirt-daemon-driver-storage-mpath-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.s390x.rpm libvirt-daemon-driver-storage-mpath-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.s390x.rpm libvirt-daemon-driver-storage-rbd-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.s390x.rpm libvirt-daemon-driver-storage-rbd-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.s390x.rpm libvirt-daemon-driver-storage-scsi-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.s390x.rpm libvirt-daemon-driver-storage-scsi-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.s390x.rpm libvirt-daemon-kvm-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.s390x.rpm libvirt-dbus-1.2.0-2.module+el8.0.0+3075+09be6b65.s390x.rpm libvirt-dbus-debuginfo-1.2.0-2.module+el8.0.0+3075+09be6b65.s390x.rpm libvirt-dbus-debugsource-1.2.0-2.module+el8.0.0+3075+09be6b65.s390x.rpm libvirt-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.s390x.rpm libvirt-debugsource-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.s390x.rpm libvirt-devel-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.s390x.rpm libvirt-docs-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.s390x.rpm libvirt-libs-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.s390x.rpm libvirt-libs-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.s390x.rpm libvirt-lock-sanlock-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.s390x.rpm libvirt-lock-sanlock-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.s390x.rpm libvirt-nss-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.s390x.rpm libvirt-nss-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.s390x.rpm lua-guestfs-1.38.4-10.module+el8.0.0+3075+09be6b65.s390x.rpm lua-guestfs-debuginfo-1.38.4-10.module+el8.0.0+3075+09be6b65.s390x.rpm nbdkit-1.4.2-4.module+el8.0.0+3075+09be6b65.s390x.rpm nbdkit-basic-plugins-1.4.2-4.module+el8.0.0+3075+09be6b65.s390x.rpm nbdkit-basic-plugins-debuginfo-1.4.2-4.module+el8.0.0+3075+09be6b65.s390x.rpm nbdkit-debuginfo-1.4.2-4.module+el8.0.0+3075+09be6b65.s390x.rpm nbdkit-debugsource-1.4.2-4.module+el8.0.0+3075+09be6b65.s390x.rpm nbdkit-devel-1.4.2-4.module+el8.0.0+3075+09be6b65.s390x.rpm nbdkit-example-plugins-1.4.2-4.module+el8.0.0+3075+09be6b65.s390x.rpm nbdkit-example-plugins-debuginfo-1.4.2-4.module+el8.0.0+3075+09be6b65.s390x.rpm nbdkit-plugin-gzip-1.4.2-4.module+el8.0.0+3075+09be6b65.s390x.rpm nbdkit-plugin-gzip-debuginfo-1.4.2-4.module+el8.0.0+3075+09be6b65.s390x.rpm nbdkit-plugin-python-common-1.4.2-4.module+el8.0.0+3075+09be6b65.s390x.rpm nbdkit-plugin-python3-1.4.2-4.module+el8.0.0+3075+09be6b65.s390x.rpm nbdkit-plugin-python3-debuginfo-1.4.2-4.module+el8.0.0+3075+09be6b65.s390x.rpm nbdkit-plugin-xz-1.4.2-4.module+el8.0.0+3075+09be6b65.s390x.rpm nbdkit-plugin-xz-debuginfo-1.4.2-4.module+el8.0.0+3075+09be6b65.s390x.rpm netcf-0.2.8-10.module+el8.0.0+3075+09be6b65.s390x.rpm netcf-debuginfo-0.2.8-10.module+el8.0.0+3075+09be6b65.s390x.rpm netcf-debugsource-0.2.8-10.module+el8.0.0+3075+09be6b65.s390x.rpm netcf-devel-0.2.8-10.module+el8.0.0+3075+09be6b65.s390x.rpm netcf-libs-0.2.8-10.module+el8.0.0+3075+09be6b65.s390x.rpm netcf-libs-debuginfo-0.2.8-10.module+el8.0.0+3075+09be6b65.s390x.rpm perl-Sys-Guestfs-1.38.4-10.module+el8.0.0+3075+09be6b65.s390x.rpm perl-Sys-Guestfs-debuginfo-1.38.4-10.module+el8.0.0+3075+09be6b65.s390x.rpm perl-Sys-Virt-4.5.0-4.module+el8.0.0+3075+09be6b65.s390x.rpm perl-Sys-Virt-debuginfo-4.5.0-4.module+el8.0.0+3075+09be6b65.s390x.rpm perl-Sys-Virt-debugsource-4.5.0-4.module+el8.0.0+3075+09be6b65.s390x.rpm perl-hivex-1.3.15-6.module+el8.0.0+3075+09be6b65.s390x.rpm perl-hivex-debuginfo-1.3.15-6.module+el8.0.0+3075+09be6b65.s390x.rpm python3-hivex-1.3.15-6.module+el8.0.0+3075+09be6b65.s390x.rpm python3-hivex-debuginfo-1.3.15-6.module+el8.0.0+3075+09be6b65.s390x.rpm python3-libguestfs-1.38.4-10.module+el8.0.0+3075+09be6b65.s390x.rpm python3-libguestfs-debuginfo-1.38.4-10.module+el8.0.0+3075+09be6b65.s390x.rpm python3-libvirt-4.5.0-1.module+el8.0.0+3075+09be6b65.s390x.rpm python3-libvirt-debuginfo-4.5.0-1.module+el8.0.0+3075+09be6b65.s390x.rpm qemu-guest-agent-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.s390x.rpm qemu-guest-agent-debuginfo-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.s390x.rpm qemu-img-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.s390x.rpm qemu-img-debuginfo-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.s390x.rpm qemu-kvm-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.s390x.rpm qemu-kvm-block-curl-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.s390x.rpm qemu-kvm-block-curl-debuginfo-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.s390x.rpm qemu-kvm-block-iscsi-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.s390x.rpm qemu-kvm-block-iscsi-debuginfo-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.s390x.rpm qemu-kvm-block-rbd-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.s390x.rpm qemu-kvm-block-rbd-debuginfo-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.s390x.rpm qemu-kvm-block-ssh-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.s390x.rpm qemu-kvm-block-ssh-debuginfo-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.s390x.rpm qemu-kvm-common-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.s390x.rpm qemu-kvm-common-debuginfo-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.s390x.rpm qemu-kvm-core-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.s390x.rpm qemu-kvm-core-debuginfo-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.s390x.rpm qemu-kvm-debuginfo-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.s390x.rpm qemu-kvm-debugsource-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.s390x.rpm ruby-hivex-1.3.15-6.module+el8.0.0+3075+09be6b65.s390x.rpm ruby-hivex-debuginfo-1.3.15-6.module+el8.0.0+3075+09be6b65.s390x.rpm ruby-libguestfs-1.38.4-10.module+el8.0.0+3075+09be6b65.s390x.rpm ruby-libguestfs-debuginfo-1.38.4-10.module+el8.0.0+3075+09be6b65.s390x.rpm supermin-5.1.19-8.module+el8.0.0+3075+09be6b65.s390x.rpm supermin-debuginfo-5.1.19-8.module+el8.0.0+3075+09be6b65.s390x.rpm supermin-debugsource-5.1.19-8.module+el8.0.0+3075+09be6b65.s390x.rpm supermin-devel-5.1.19-8.module+el8.0.0+3075+09be6b65.s390x.rpm virt-dib-1.38.4-10.module+el8.0.0+3075+09be6b65.s390x.rpm virt-dib-debuginfo-1.38.4-10.module+el8.0.0+3075+09be6b65.s390x.rpm
x86_64: hivex-1.3.15-6.module+el8.0.0+3075+09be6b65.x86_64.rpm hivex-debuginfo-1.3.15-6.module+el8.0.0+3075+09be6b65.x86_64.rpm hivex-debugsource-1.3.15-6.module+el8.0.0+3075+09be6b65.x86_64.rpm hivex-devel-1.3.15-6.module+el8.0.0+3075+09be6b65.x86_64.rpm libguestfs-1.38.4-10.module+el8.0.0+3075+09be6b65.x86_64.rpm libguestfs-benchmarking-1.38.4-10.module+el8.0.0+3075+09be6b65.x86_64.rpm libguestfs-benchmarking-debuginfo-1.38.4-10.module+el8.0.0+3075+09be6b65.x86_64.rpm libguestfs-debuginfo-1.38.4-10.module+el8.0.0+3075+09be6b65.x86_64.rpm libguestfs-debugsource-1.38.4-10.module+el8.0.0+3075+09be6b65.x86_64.rpm libguestfs-devel-1.38.4-10.module+el8.0.0+3075+09be6b65.x86_64.rpm libguestfs-gfs2-1.38.4-10.module+el8.0.0+3075+09be6b65.x86_64.rpm libguestfs-gobject-1.38.4-10.module+el8.0.0+3075+09be6b65.x86_64.rpm libguestfs-gobject-debuginfo-1.38.4-10.module+el8.0.0+3075+09be6b65.x86_64.rpm libguestfs-gobject-devel-1.38.4-10.module+el8.0.0+3075+09be6b65.x86_64.rpm libguestfs-java-1.38.4-10.module+el8.0.0+3075+09be6b65.x86_64.rpm libguestfs-java-debuginfo-1.38.4-10.module+el8.0.0+3075+09be6b65.x86_64.rpm libguestfs-java-devel-1.38.4-10.module+el8.0.0+3075+09be6b65.x86_64.rpm libguestfs-rescue-1.38.4-10.module+el8.0.0+3075+09be6b65.x86_64.rpm libguestfs-rsync-1.38.4-10.module+el8.0.0+3075+09be6b65.x86_64.rpm libguestfs-tools-c-1.38.4-10.module+el8.0.0+3075+09be6b65.x86_64.rpm libguestfs-tools-c-debuginfo-1.38.4-10.module+el8.0.0+3075+09be6b65.x86_64.rpm libguestfs-winsupport-8.0-2.module+el8.0.0+3075+09be6b65.x86_64.rpm libguestfs-xfs-1.38.4-10.module+el8.0.0+3075+09be6b65.x86_64.rpm libiscsi-1.18.0-6.module+el8.0.0+3075+09be6b65.x86_64.rpm libiscsi-debuginfo-1.18.0-6.module+el8.0.0+3075+09be6b65.x86_64.rpm libiscsi-debugsource-1.18.0-6.module+el8.0.0+3075+09be6b65.x86_64.rpm libiscsi-devel-1.18.0-6.module+el8.0.0+3075+09be6b65.x86_64.rpm libiscsi-utils-1.18.0-6.module+el8.0.0+3075+09be6b65.x86_64.rpm libiscsi-utils-debuginfo-1.18.0-6.module+el8.0.0+3075+09be6b65.x86_64.rpm libssh2-1.8.0-7.module+el8.0.0+3075+09be6b65.1.x86_64.rpm libssh2-debuginfo-1.8.0-7.module+el8.0.0+3075+09be6b65.1.x86_64.rpm libssh2-debugsource-1.8.0-7.module+el8.0.0+3075+09be6b65.1.x86_64.rpm libvirt-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.x86_64.rpm libvirt-admin-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.x86_64.rpm libvirt-admin-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.x86_64.rpm libvirt-bash-completion-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.x86_64.rpm libvirt-client-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.x86_64.rpm libvirt-client-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.x86_64.rpm libvirt-daemon-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.x86_64.rpm libvirt-daemon-config-network-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.x86_64.rpm libvirt-daemon-config-nwfilter-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.x86_64.rpm libvirt-daemon-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.x86_64.rpm libvirt-daemon-driver-interface-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.x86_64.rpm libvirt-daemon-driver-interface-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.x86_64.rpm libvirt-daemon-driver-network-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.x86_64.rpm libvirt-daemon-driver-network-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.x86_64.rpm libvirt-daemon-driver-nodedev-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.x86_64.rpm libvirt-daemon-driver-nodedev-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.x86_64.rpm libvirt-daemon-driver-nwfilter-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.x86_64.rpm libvirt-daemon-driver-nwfilter-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.x86_64.rpm libvirt-daemon-driver-qemu-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.x86_64.rpm libvirt-daemon-driver-qemu-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.x86_64.rpm libvirt-daemon-driver-secret-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.x86_64.rpm libvirt-daemon-driver-secret-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.x86_64.rpm libvirt-daemon-driver-storage-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.x86_64.rpm libvirt-daemon-driver-storage-core-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.x86_64.rpm libvirt-daemon-driver-storage-core-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.x86_64.rpm libvirt-daemon-driver-storage-disk-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.x86_64.rpm libvirt-daemon-driver-storage-disk-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.x86_64.rpm libvirt-daemon-driver-storage-gluster-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.x86_64.rpm libvirt-daemon-driver-storage-gluster-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.x86_64.rpm libvirt-daemon-driver-storage-iscsi-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.x86_64.rpm libvirt-daemon-driver-storage-iscsi-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.x86_64.rpm libvirt-daemon-driver-storage-logical-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.x86_64.rpm libvirt-daemon-driver-storage-logical-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.x86_64.rpm libvirt-daemon-driver-storage-mpath-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.x86_64.rpm libvirt-daemon-driver-storage-mpath-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.x86_64.rpm libvirt-daemon-driver-storage-rbd-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.x86_64.rpm libvirt-daemon-driver-storage-rbd-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.x86_64.rpm libvirt-daemon-driver-storage-scsi-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.x86_64.rpm libvirt-daemon-driver-storage-scsi-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.x86_64.rpm libvirt-daemon-kvm-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.x86_64.rpm libvirt-dbus-1.2.0-2.module+el8.0.0+3075+09be6b65.x86_64.rpm libvirt-dbus-debuginfo-1.2.0-2.module+el8.0.0+3075+09be6b65.x86_64.rpm libvirt-dbus-debugsource-1.2.0-2.module+el8.0.0+3075+09be6b65.x86_64.rpm libvirt-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.x86_64.rpm libvirt-debugsource-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.x86_64.rpm libvirt-devel-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.x86_64.rpm libvirt-docs-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.x86_64.rpm libvirt-libs-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.x86_64.rpm libvirt-libs-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.x86_64.rpm libvirt-lock-sanlock-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.x86_64.rpm libvirt-lock-sanlock-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.x86_64.rpm libvirt-nss-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.x86_64.rpm libvirt-nss-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.x86_64.rpm lua-guestfs-1.38.4-10.module+el8.0.0+3075+09be6b65.x86_64.rpm lua-guestfs-debuginfo-1.38.4-10.module+el8.0.0+3075+09be6b65.x86_64.rpm nbdkit-1.4.2-4.module+el8.0.0+3075+09be6b65.x86_64.rpm nbdkit-basic-plugins-1.4.2-4.module+el8.0.0+3075+09be6b65.x86_64.rpm nbdkit-basic-plugins-debuginfo-1.4.2-4.module+el8.0.0+3075+09be6b65.x86_64.rpm nbdkit-debuginfo-1.4.2-4.module+el8.0.0+3075+09be6b65.x86_64.rpm nbdkit-debugsource-1.4.2-4.module+el8.0.0+3075+09be6b65.x86_64.rpm nbdkit-devel-1.4.2-4.module+el8.0.0+3075+09be6b65.x86_64.rpm nbdkit-example-plugins-1.4.2-4.module+el8.0.0+3075+09be6b65.x86_64.rpm nbdkit-example-plugins-debuginfo-1.4.2-4.module+el8.0.0+3075+09be6b65.x86_64.rpm nbdkit-plugin-gzip-1.4.2-4.module+el8.0.0+3075+09be6b65.x86_64.rpm nbdkit-plugin-gzip-debuginfo-1.4.2-4.module+el8.0.0+3075+09be6b65.x86_64.rpm nbdkit-plugin-python-common-1.4.2-4.module+el8.0.0+3075+09be6b65.x86_64.rpm nbdkit-plugin-python3-1.4.2-4.module+el8.0.0+3075+09be6b65.x86_64.rpm nbdkit-plugin-python3-debuginfo-1.4.2-4.module+el8.0.0+3075+09be6b65.x86_64.rpm nbdkit-plugin-vddk-1.4.2-4.module+el8.0.0+3075+09be6b65.x86_64.rpm nbdkit-plugin-vddk-debuginfo-1.4.2-4.module+el8.0.0+3075+09be6b65.x86_64.rpm nbdkit-plugin-xz-1.4.2-4.module+el8.0.0+3075+09be6b65.x86_64.rpm nbdkit-plugin-xz-debuginfo-1.4.2-4.module+el8.0.0+3075+09be6b65.x86_64.rpm netcf-0.2.8-10.module+el8.0.0+3075+09be6b65.x86_64.rpm netcf-debuginfo-0.2.8-10.module+el8.0.0+3075+09be6b65.x86_64.rpm netcf-debugsource-0.2.8-10.module+el8.0.0+3075+09be6b65.x86_64.rpm netcf-devel-0.2.8-10.module+el8.0.0+3075+09be6b65.x86_64.rpm netcf-libs-0.2.8-10.module+el8.0.0+3075+09be6b65.x86_64.rpm netcf-libs-debuginfo-0.2.8-10.module+el8.0.0+3075+09be6b65.x86_64.rpm perl-Sys-Guestfs-1.38.4-10.module+el8.0.0+3075+09be6b65.x86_64.rpm perl-Sys-Guestfs-debuginfo-1.38.4-10.module+el8.0.0+3075+09be6b65.x86_64.rpm perl-Sys-Virt-4.5.0-4.module+el8.0.0+3075+09be6b65.x86_64.rpm perl-Sys-Virt-debuginfo-4.5.0-4.module+el8.0.0+3075+09be6b65.x86_64.rpm perl-Sys-Virt-debugsource-4.5.0-4.module+el8.0.0+3075+09be6b65.x86_64.rpm perl-hivex-1.3.15-6.module+el8.0.0+3075+09be6b65.x86_64.rpm perl-hivex-debuginfo-1.3.15-6.module+el8.0.0+3075+09be6b65.x86_64.rpm python3-hivex-1.3.15-6.module+el8.0.0+3075+09be6b65.x86_64.rpm python3-hivex-debuginfo-1.3.15-6.module+el8.0.0+3075+09be6b65.x86_64.rpm python3-libguestfs-1.38.4-10.module+el8.0.0+3075+09be6b65.x86_64.rpm python3-libguestfs-debuginfo-1.38.4-10.module+el8.0.0+3075+09be6b65.x86_64.rpm python3-libvirt-4.5.0-1.module+el8.0.0+3075+09be6b65.x86_64.rpm python3-libvirt-debuginfo-4.5.0-1.module+el8.0.0+3075+09be6b65.x86_64.rpm qemu-guest-agent-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.x86_64.rpm qemu-guest-agent-debuginfo-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.x86_64.rpm qemu-img-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.x86_64.rpm qemu-img-debuginfo-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.x86_64.rpm qemu-kvm-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.x86_64.rpm qemu-kvm-block-curl-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.x86_64.rpm qemu-kvm-block-curl-debuginfo-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.x86_64.rpm qemu-kvm-block-gluster-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.x86_64.rpm qemu-kvm-block-gluster-debuginfo-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.x86_64.rpm qemu-kvm-block-iscsi-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.x86_64.rpm qemu-kvm-block-iscsi-debuginfo-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.x86_64.rpm qemu-kvm-block-rbd-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.x86_64.rpm qemu-kvm-block-rbd-debuginfo-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.x86_64.rpm qemu-kvm-block-ssh-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.x86_64.rpm qemu-kvm-block-ssh-debuginfo-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.x86_64.rpm qemu-kvm-common-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.x86_64.rpm qemu-kvm-common-debuginfo-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.x86_64.rpm qemu-kvm-core-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.x86_64.rpm qemu-kvm-core-debuginfo-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.x86_64.rpm qemu-kvm-debuginfo-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.x86_64.rpm qemu-kvm-debugsource-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.x86_64.rpm ruby-hivex-1.3.15-6.module+el8.0.0+3075+09be6b65.x86_64.rpm ruby-hivex-debuginfo-1.3.15-6.module+el8.0.0+3075+09be6b65.x86_64.rpm ruby-libguestfs-1.38.4-10.module+el8.0.0+3075+09be6b65.x86_64.rpm ruby-libguestfs-debuginfo-1.38.4-10.module+el8.0.0+3075+09be6b65.x86_64.rpm seabios-1.11.1-3.module+el8.0.0+3075+09be6b65.x86_64.rpm sgabios-0.20170427git-2.module+el8.0.0+3075+09be6b65.x86_64.rpm supermin-5.1.19-8.module+el8.0.0+3075+09be6b65.x86_64.rpm supermin-debuginfo-5.1.19-8.module+el8.0.0+3075+09be6b65.x86_64.rpm supermin-debugsource-5.1.19-8.module+el8.0.0+3075+09be6b65.x86_64.rpm supermin-devel-5.1.19-8.module+el8.0.0+3075+09be6b65.x86_64.rpm virt-dib-1.38.4-10.module+el8.0.0+3075+09be6b65.x86_64.rpm virt-dib-debuginfo-1.38.4-10.module+el8.0.0+3075+09be6b65.x86_64.rpm virt-p2v-maker-1.38.4-10.module+el8.0.0+3075+09be6b65.x86_64.rpm virt-v2v-1.38.4-10.module+el8.0.0+3075+09be6b65.x86_64.rpm virt-v2v-debuginfo-1.38.4-10.module+el8.0.0+3075+09be6b65.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2018-12126 https://access.redhat.com/security/cve/CVE-2018-12127 https://access.redhat.com/security/cve/CVE-2018-12130 https://access.redhat.com/security/cve/CVE-2018-20815 https://access.redhat.com/security/cve/CVE-2019-3855 https://access.redhat.com/security/cve/CVE-2019-3856 https://access.redhat.com/security/cve/CVE-2019-3857 https://access.redhat.com/security/cve/CVE-2019-3863 https://access.redhat.com/security/cve/CVE-2019-11091 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBXNsFdNzjgjWX9erEAQjf/g/+IPQ7NKuK24reC2hW29G51Nno6oF2bwsO yNTBaVjP5U1cRHhDrvv3V+Pao8Pj4sB3BRJHYgO8KHMj1uJmP72AdAzaPPkJxoDh 42FOaNLkfQkguzreRN+ty+jHaVUumvuqf9HViVrJyvR+cfvV2tF8poGmKoWrEK5s rSOkvp3haP0HzwVN9wSnrlFGU/DrsLyg80+BuJb878ecSPRHiy/6ZuLd/nkO8fnO VKvDlTKEHAOwZWPmBTduGwOPe4J3fB+9chgK6ZcZpnh+lPSonkIfTXA1svbD8Un/ FsC3wxDdHA9wRkwZZquRgaAeDWwYtKe7nMWSiR6USTWAkh8gruf53eW6//A6999Q oI4wHzKQjJbYH9Pvc3AlQj+5nemvnfyBF/V0UijTHbRBxtJvnIsdro2bpgYsF3Mu JD6kMP7l5D51eQ3tNxDdeB49YNctPF0HuGbw7x0CojBhlQW7k10Ul3/LtqEu2Av4 TqAJP3ENBC1C7VT1zGUSfc8neNNQxJzV9Co08w61bNtd4fo29uv0fOvDy+1J+7CT fOzF2slJTOJ/cqwcaR8j/SjKSFUIrHBKEPYWfVybmKLJhfQCmUzWE7sHZJ+9jKkb LDT+GUF9+TE7CNkD95vBlgs8kG3R76ZG5NSxjI1GDOLNNuhqH3/RZh3KNE17ut/r M5otU3RxBZs= =634V -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . 7.3) - x86_64
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Debian Security Advisory DSA-4431-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso April 13, 2019 https://www.debian.org/security/faq
Package : libssh2 CVE ID : CVE-2019-3855 CVE-2019-3856 CVE-2019-3857 CVE-2019-3858 CVE-2019-3859 CVE-2019-3860 CVE-2019-3861 CVE-2019-3862 CVE-2019-3863 Debian Bug : 924965
Chris Coulson discovered several vulnerabilities in libssh2, a SSH2 client-side library, which could result in denial of service, information leaks or the execution of arbitrary code.
For the stable distribution (stretch), these problems have been fixed in version 1.7.0-1+deb9u1.
We recommend that you upgrade your libssh2 packages
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201903-0388",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "libssh2",
"scope": "lt",
"trust": 1.8,
"vendor": "libssh2",
"version": "1.8.1"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "29"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.57"
},
{
"model": "ontap select deploy administration utility",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.6"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.56"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.6"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "8.0"
},
{
"model": "leap",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "42.3"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "28"
},
{
"model": "xcode",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "11.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "30"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "enterprise linux server eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.6"
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "fedora",
"scope": "eq",
"trust": 0.8,
"vendor": "fedora",
"version": "29"
},
{
"model": "ontap select deploy administration utility",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "enterprise linux desktop",
"scope": null,
"trust": 0.8,
"vendor": "red hat",
"version": null
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "none"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "aus"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "eus"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "tus"
},
{
"model": "enterprise linux workstation",
"scope": null,
"trust": 0.8,
"vendor": "red hat",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-002832"
},
{
"db": "NVD",
"id": "CVE-2019-3855"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:libssh2:libssh2:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.8.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:advanced_virtualization:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "11.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-3855"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Chris Coulson of Canonical Ltd.,Slackware Security Team",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201903-634"
}
],
"trust": 0.6
},
"cve": "CVE-2019-3855",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.3,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2019-3855",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "VHN-155290",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "secalert@redhat.com",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.6,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-3855",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-3855",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "secalert@redhat.com",
"id": "CVE-2019-3855",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201903-634",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-155290",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2019-3855",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-155290"
},
{
"db": "VULMON",
"id": "CVE-2019-3855"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002832"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-634"
},
{
"db": "NVD",
"id": "CVE-2019-3855"
},
{
"db": "NVD",
"id": "CVE-2019-3855"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server. libssh2 Contains an integer overflow vulnerability.Information is obtained and service operation is interrupted (DoS) There is a possibility of being put into a state. It can execute remote commands and file transfers, and at the same time provide a secure transmission channel for remote programs. An integer overflow vulnerability exists in libssh2. The vulnerability is caused by the \u0027_libssh2_transport_read()\u0027 function not properly checking the packet_length value from the server. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2019-9-26-7 Xcode 11.0\n\nXcode 11.0 addresses the following:\n\nIDE SCM\nAvailable for: macOS Mojave 10.14.4 and later\nImpact: Multiple issues in libssh2\nDescription: Multiple issues were addressed by updating to version\n2.16. \nCVE-2019-3855: Chris Coulson\n\nld64\nAvailable for: macOS Mojave 10.14.4 and later\nImpact: Compiling code without proper input validation could lead to\narbitrary code execution with user privilege\nDescription: Multiple issues in ld64 in the Xcode toolchains were\naddressed by updating to version ld64-507.4. \nCVE-2019-8721: Pan ZhenPeng of Qihoo 360 Nirvan Team\nCVE-2019-8722: Pan ZhenPeng of Qihoo 360 Nirvan Team\nCVE-2019-8723: Pan ZhenPeng of Qihoo 360 Nirvan Team\nCVE-2019-8724: Pan ZhenPeng of Qihoo 360 Nirvan Team\n\notool\nAvailable for: macOS Mojave 10.14.4 and later\nImpact: Processing a maliciously crafted file may lead to arbitrary\ncode execution\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2019-8738: Pan ZhenPeng (@Peterpan0927) of Qihoo 360 Nirvan Team\nCVE-2019-8739: Pan ZhenPeng (@Peterpan0927) of Qihoo 360 Nirvan Team\n\nInstallation note:\n\nXcode 11.0 may be obtained from:\n\nhttps://developer.apple.com/xcode/downloads/\n\nTo check that the Xcode has been updated:\n\n* Select Xcode in the menu bar\n* Select About Xcode\n* The version after applying this update will be \"11.0\". 6) - i386, x86_64\n\n3. Description:\n\nThe libssh2 packages provide a library that implements the SSH2 protocol. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: virt:rhel security update\nAdvisory ID: RHSA-2019:1175-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2019:1175\nIssue date: 2019-05-14\nCVE Names: CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 \n CVE-2018-20815 CVE-2019-3855 CVE-2019-3856 \n CVE-2019-3857 CVE-2019-3863 CVE-2019-11091 \n=====================================================================\n\n1. Summary:\n\nAn update for the virt:rhel module is now available for Red Hat Enterprise\nLinux 8. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64\n\n3. Description:\n\nKernel-based Virtual Machine (KVM) offers a full virtualization solution\nfor Linux on numerous hardware platforms. The virt:rhel module contains\npackages which provide user-space components used to run virtual machines\nusing KVM. The packages also provide APIs for managing and interacting with\nthe virtualized systems. \n\nSecurity Fix(es):\n\n* A flaw was found in the implementation of the \"fill buffer\", a mechanism\nused by modern CPUs when a cache-miss is made on L1 CPU cache. If an\nattacker can generate a load operation that would create a page fault, the\nexecution will continue speculatively with incorrect data from the fill\nbuffer while the data is fetched from higher level caches. This response\ntime can be measured to infer data in the fill buffer. (CVE-2018-12130)\n\n* Modern Intel microprocessors implement hardware-level micro-optimizations\nto improve the performance of writing data back to CPU caches. The write\noperation is split into STA (STore Address) and STD (STore Data)\nsub-operations. These sub-operations allow the processor to hand-off\naddress generation logic into these sub-operations for optimized writes. \nBoth of these sub-operations write to a shared distributed processor\nstructure called the \u0027processor store buffer\u0027. As a result, an\nunprivileged attacker could use this flaw to read private data resident\nwithin the CPU\u0027s processor store buffer. (CVE-2018-12126)\n\n* Microprocessors use a \u2018load port\u2019 subcomponent to perform load operations\nfrom memory or IO. During a load operation, the load port receives data\nfrom the memory or IO subsystem and then provides the data to the CPU\nregisters and operations in the CPU\u2019s pipelines. Stale load operations\nresults are stored in the \u0027load port\u0027 table until overwritten by newer\noperations. Certain load-port operations triggered by an attacker can be\nused to reveal data about previous stale requests leaking data back to the\nattacker via a timing side-channel. (CVE-2018-12127)\n\n* Uncacheable memory on some microprocessors utilizing speculative\nexecution may allow an authenticated user to potentially enable information\ndisclosure via a side channel with local access. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1646781 - CVE-2018-12126 hardware: Microarchitectural Store Buffer Data Sampling (MSBDS)\n1646784 - CVE-2018-12130 hardware: Microarchitectural Fill Buffer Data Sampling (MFBDS)\n1667782 - CVE-2018-12127 hardware: Micro-architectural Load Port Data Sampling - Information Leak (MLPDS)\n1687303 - CVE-2019-3855 libssh2: Integer overflow in transport read resulting in out of bounds write\n1687304 - CVE-2019-3856 libssh2: Integer overflow in keyboard interactive handling resulting in out of bounds write\n1687305 - CVE-2019-3857 libssh2: Integer overflow in SSH packet processing channel resulting in out of bounds write\n1687313 - CVE-2019-3863 libssh2: Integer overflow in user authenticate keyboard interactive allows out-of-bounds writes\n1693101 - CVE-2018-20815 QEMU: device_tree: heap buffer overflow while loading device tree blob\n1705312 - CVE-2019-11091 hardware: Microarchitectural Data Sampling Uncacheable Memory (MDSUM)\n\n6. Package List:\n\nRed Hat Enterprise Linux AppStream (v. 8):\n\nSource:\nSLOF-20171214-5.gitfa98132.module+el8.0.0+3075+09be6b65.src.rpm\nhivex-1.3.15-6.module+el8.0.0+3075+09be6b65.src.rpm\nlibguestfs-1.38.4-10.module+el8.0.0+3075+09be6b65.src.rpm\nlibguestfs-winsupport-8.0-2.module+el8.0.0+3075+09be6b65.src.rpm\nlibiscsi-1.18.0-6.module+el8.0.0+3075+09be6b65.src.rpm\nlibssh2-1.8.0-7.module+el8.0.0+3075+09be6b65.1.src.rpm\nlibvirt-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.src.rpm\nlibvirt-dbus-1.2.0-2.module+el8.0.0+3075+09be6b65.src.rpm\nlibvirt-python-4.5.0-1.module+el8.0.0+3075+09be6b65.src.rpm\nnbdkit-1.4.2-4.module+el8.0.0+3075+09be6b65.src.rpm\nnetcf-0.2.8-10.module+el8.0.0+3075+09be6b65.src.rpm\nperl-Sys-Virt-4.5.0-4.module+el8.0.0+3075+09be6b65.src.rpm\nqemu-kvm-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.src.rpm\nseabios-1.11.1-3.module+el8.0.0+3075+09be6b65.src.rpm\nsgabios-0.20170427git-2.module+el8.0.0+3075+09be6b65.src.rpm\nsupermin-5.1.19-8.module+el8.0.0+3075+09be6b65.src.rpm\n\naarch64:\nhivex-1.3.15-6.module+el8.0.0+3075+09be6b65.aarch64.rpm\nhivex-debuginfo-1.3.15-6.module+el8.0.0+3075+09be6b65.aarch64.rpm\nhivex-debugsource-1.3.15-6.module+el8.0.0+3075+09be6b65.aarch64.rpm\nhivex-devel-1.3.15-6.module+el8.0.0+3075+09be6b65.aarch64.rpm\nlibguestfs-1.38.4-10.module+el8.0.0+3075+09be6b65.aarch64.rpm\nlibguestfs-benchmarking-1.38.4-10.module+el8.0.0+3075+09be6b65.aarch64.rpm\nlibguestfs-benchmarking-debuginfo-1.38.4-10.module+el8.0.0+3075+09be6b65.aarch64.rpm\nlibguestfs-debuginfo-1.38.4-10.module+el8.0.0+3075+09be6b65.aarch64.rpm\nlibguestfs-debugsource-1.38.4-10.module+el8.0.0+3075+09be6b65.aarch64.rpm\nlibguestfs-devel-1.38.4-10.module+el8.0.0+3075+09be6b65.aarch64.rpm\nlibguestfs-gfs2-1.38.4-10.module+el8.0.0+3075+09be6b65.aarch64.rpm\nlibguestfs-gobject-1.38.4-10.module+el8.0.0+3075+09be6b65.aarch64.rpm\nlibguestfs-gobject-debuginfo-1.38.4-10.module+el8.0.0+3075+09be6b65.aarch64.rpm\nlibguestfs-gobject-devel-1.38.4-10.module+el8.0.0+3075+09be6b65.aarch64.rpm\nlibguestfs-java-1.38.4-10.module+el8.0.0+3075+09be6b65.aarch64.rpm\nlibguestfs-java-debuginfo-1.38.4-10.module+el8.0.0+3075+09be6b65.aarch64.rpm\nlibguestfs-java-devel-1.38.4-10.module+el8.0.0+3075+09be6b65.aarch64.rpm\nlibguestfs-rescue-1.38.4-10.module+el8.0.0+3075+09be6b65.aarch64.rpm\nlibguestfs-rsync-1.38.4-10.module+el8.0.0+3075+09be6b65.aarch64.rpm\nlibguestfs-tools-c-1.38.4-10.module+el8.0.0+3075+09be6b65.aarch64.rpm\nlibguestfs-tools-c-debuginfo-1.38.4-10.module+el8.0.0+3075+09be6b65.aarch64.rpm\nlibguestfs-winsupport-8.0-2.module+el8.0.0+3075+09be6b65.aarch64.rpm\nlibguestfs-xfs-1.38.4-10.module+el8.0.0+3075+09be6b65.aarch64.rpm\nlibiscsi-1.18.0-6.module+el8.0.0+3075+09be6b65.aarch64.rpm\nlibiscsi-debuginfo-1.18.0-6.module+el8.0.0+3075+09be6b65.aarch64.rpm\nlibiscsi-debugsource-1.18.0-6.module+el8.0.0+3075+09be6b65.aarch64.rpm\nlibiscsi-devel-1.18.0-6.module+el8.0.0+3075+09be6b65.aarch64.rpm\nlibiscsi-utils-1.18.0-6.module+el8.0.0+3075+09be6b65.aarch64.rpm\nlibiscsi-utils-debuginfo-1.18.0-6.module+el8.0.0+3075+09be6b65.aarch64.rpm\nlibssh2-1.8.0-7.module+el8.0.0+3075+09be6b65.1.aarch64.rpm\nlibssh2-debuginfo-1.8.0-7.module+el8.0.0+3075+09be6b65.1.aarch64.rpm\nlibssh2-debugsource-1.8.0-7.module+el8.0.0+3075+09be6b65.1.aarch64.rpm\nlibvirt-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.aarch64.rpm\nlibvirt-admin-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.aarch64.rpm\nlibvirt-admin-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.aarch64.rpm\nlibvirt-bash-completion-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.aarch64.rpm\nlibvirt-client-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.aarch64.rpm\nlibvirt-client-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.aarch64.rpm\nlibvirt-daemon-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.aarch64.rpm\nlibvirt-daemon-config-network-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.aarch64.rpm\nlibvirt-daemon-config-nwfilter-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.aarch64.rpm\nlibvirt-daemon-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.aarch64.rpm\nlibvirt-daemon-driver-interface-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.aarch64.rpm\nlibvirt-daemon-driver-interface-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.aarch64.rpm\nlibvirt-daemon-driver-network-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.aarch64.rpm\nlibvirt-daemon-driver-network-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.aarch64.rpm\nlibvirt-daemon-driver-nodedev-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.aarch64.rpm\nlibvirt-daemon-driver-nodedev-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.aarch64.rpm\nlibvirt-daemon-driver-nwfilter-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.aarch64.rpm\nlibvirt-daemon-driver-nwfilter-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.aarch64.rpm\nlibvirt-daemon-driver-qemu-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.aarch64.rpm\nlibvirt-daemon-driver-qemu-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.aarch64.rpm\nlibvirt-daemon-driver-secret-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.aarch64.rpm\nlibvirt-daemon-driver-secret-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.aarch64.rpm\nlibvirt-daemon-driver-storage-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.aarch64.rpm\nlibvirt-daemon-driver-storage-core-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.aarch64.rpm\nlibvirt-daemon-driver-storage-core-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.aarch64.rpm\nlibvirt-daemon-driver-storage-disk-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.aarch64.rpm\nlibvirt-daemon-driver-storage-disk-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.aarch64.rpm\nlibvirt-daemon-driver-storage-gluster-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.aarch64.rpm\nlibvirt-daemon-driver-storage-gluster-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.aarch64.rpm\nlibvirt-daemon-driver-storage-iscsi-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.aarch64.rpm\nlibvirt-daemon-driver-storage-iscsi-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.aarch64.rpm\nlibvirt-daemon-driver-storage-logical-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.aarch64.rpm\nlibvirt-daemon-driver-storage-logical-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.aarch64.rpm\nlibvirt-daemon-driver-storage-mpath-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.aarch64.rpm\nlibvirt-daemon-driver-storage-mpath-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.aarch64.rpm\nlibvirt-daemon-driver-storage-rbd-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.aarch64.rpm\nlibvirt-daemon-driver-storage-rbd-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.aarch64.rpm\nlibvirt-daemon-driver-storage-scsi-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.aarch64.rpm\nlibvirt-daemon-driver-storage-scsi-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.aarch64.rpm\nlibvirt-daemon-kvm-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.aarch64.rpm\nlibvirt-dbus-1.2.0-2.module+el8.0.0+3075+09be6b65.aarch64.rpm\nlibvirt-dbus-debuginfo-1.2.0-2.module+el8.0.0+3075+09be6b65.aarch64.rpm\nlibvirt-dbus-debugsource-1.2.0-2.module+el8.0.0+3075+09be6b65.aarch64.rpm\nlibvirt-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.aarch64.rpm\nlibvirt-debugsource-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.aarch64.rpm\nlibvirt-devel-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.aarch64.rpm\nlibvirt-docs-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.aarch64.rpm\nlibvirt-libs-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.aarch64.rpm\nlibvirt-libs-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.aarch64.rpm\nlibvirt-lock-sanlock-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.aarch64.rpm\nlibvirt-lock-sanlock-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.aarch64.rpm\nlibvirt-nss-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.aarch64.rpm\nlibvirt-nss-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.aarch64.rpm\nlua-guestfs-1.38.4-10.module+el8.0.0+3075+09be6b65.aarch64.rpm\nlua-guestfs-debuginfo-1.38.4-10.module+el8.0.0+3075+09be6b65.aarch64.rpm\nnbdkit-1.4.2-4.module+el8.0.0+3075+09be6b65.aarch64.rpm\nnbdkit-basic-plugins-1.4.2-4.module+el8.0.0+3075+09be6b65.aarch64.rpm\nnbdkit-basic-plugins-debuginfo-1.4.2-4.module+el8.0.0+3075+09be6b65.aarch64.rpm\nnbdkit-debuginfo-1.4.2-4.module+el8.0.0+3075+09be6b65.aarch64.rpm\nnbdkit-debugsource-1.4.2-4.module+el8.0.0+3075+09be6b65.aarch64.rpm\nnbdkit-devel-1.4.2-4.module+el8.0.0+3075+09be6b65.aarch64.rpm\nnbdkit-example-plugins-1.4.2-4.module+el8.0.0+3075+09be6b65.aarch64.rpm\nnbdkit-example-plugins-debuginfo-1.4.2-4.module+el8.0.0+3075+09be6b65.aarch64.rpm\nnbdkit-plugin-gzip-1.4.2-4.module+el8.0.0+3075+09be6b65.aarch64.rpm\nnbdkit-plugin-gzip-debuginfo-1.4.2-4.module+el8.0.0+3075+09be6b65.aarch64.rpm\nnbdkit-plugin-python-common-1.4.2-4.module+el8.0.0+3075+09be6b65.aarch64.rpm\nnbdkit-plugin-python3-1.4.2-4.module+el8.0.0+3075+09be6b65.aarch64.rpm\nnbdkit-plugin-python3-debuginfo-1.4.2-4.module+el8.0.0+3075+09be6b65.aarch64.rpm\nnbdkit-plugin-xz-1.4.2-4.module+el8.0.0+3075+09be6b65.aarch64.rpm\nnbdkit-plugin-xz-debuginfo-1.4.2-4.module+el8.0.0+3075+09be6b65.aarch64.rpm\nnetcf-0.2.8-10.module+el8.0.0+3075+09be6b65.aarch64.rpm\nnetcf-debuginfo-0.2.8-10.module+el8.0.0+3075+09be6b65.aarch64.rpm\nnetcf-debugsource-0.2.8-10.module+el8.0.0+3075+09be6b65.aarch64.rpm\nnetcf-devel-0.2.8-10.module+el8.0.0+3075+09be6b65.aarch64.rpm\nnetcf-libs-0.2.8-10.module+el8.0.0+3075+09be6b65.aarch64.rpm\nnetcf-libs-debuginfo-0.2.8-10.module+el8.0.0+3075+09be6b65.aarch64.rpm\nperl-Sys-Guestfs-1.38.4-10.module+el8.0.0+3075+09be6b65.aarch64.rpm\nperl-Sys-Guestfs-debuginfo-1.38.4-10.module+el8.0.0+3075+09be6b65.aarch64.rpm\nperl-Sys-Virt-4.5.0-4.module+el8.0.0+3075+09be6b65.aarch64.rpm\nperl-Sys-Virt-debuginfo-4.5.0-4.module+el8.0.0+3075+09be6b65.aarch64.rpm\nperl-Sys-Virt-debugsource-4.5.0-4.module+el8.0.0+3075+09be6b65.aarch64.rpm\nperl-hivex-1.3.15-6.module+el8.0.0+3075+09be6b65.aarch64.rpm\nperl-hivex-debuginfo-1.3.15-6.module+el8.0.0+3075+09be6b65.aarch64.rpm\npython3-hivex-1.3.15-6.module+el8.0.0+3075+09be6b65.aarch64.rpm\npython3-hivex-debuginfo-1.3.15-6.module+el8.0.0+3075+09be6b65.aarch64.rpm\npython3-libguestfs-1.38.4-10.module+el8.0.0+3075+09be6b65.aarch64.rpm\npython3-libguestfs-debuginfo-1.38.4-10.module+el8.0.0+3075+09be6b65.aarch64.rpm\npython3-libvirt-4.5.0-1.module+el8.0.0+3075+09be6b65.aarch64.rpm\npython3-libvirt-debuginfo-4.5.0-1.module+el8.0.0+3075+09be6b65.aarch64.rpm\nqemu-guest-agent-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.aarch64.rpm\nqemu-guest-agent-debuginfo-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.aarch64.rpm\nqemu-img-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.aarch64.rpm\nqemu-img-debuginfo-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.aarch64.rpm\nqemu-kvm-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.aarch64.rpm\nqemu-kvm-block-curl-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.aarch64.rpm\nqemu-kvm-block-curl-debuginfo-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.aarch64.rpm\nqemu-kvm-block-iscsi-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.aarch64.rpm\nqemu-kvm-block-iscsi-debuginfo-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.aarch64.rpm\nqemu-kvm-block-rbd-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.aarch64.rpm\nqemu-kvm-block-rbd-debuginfo-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.aarch64.rpm\nqemu-kvm-block-ssh-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.aarch64.rpm\nqemu-kvm-block-ssh-debuginfo-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.aarch64.rpm\nqemu-kvm-common-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.aarch64.rpm\nqemu-kvm-common-debuginfo-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.aarch64.rpm\nqemu-kvm-core-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.aarch64.rpm\nqemu-kvm-core-debuginfo-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.aarch64.rpm\nqemu-kvm-debuginfo-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.aarch64.rpm\nqemu-kvm-debugsource-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.aarch64.rpm\nruby-hivex-1.3.15-6.module+el8.0.0+3075+09be6b65.aarch64.rpm\nruby-hivex-debuginfo-1.3.15-6.module+el8.0.0+3075+09be6b65.aarch64.rpm\nruby-libguestfs-1.38.4-10.module+el8.0.0+3075+09be6b65.aarch64.rpm\nruby-libguestfs-debuginfo-1.38.4-10.module+el8.0.0+3075+09be6b65.aarch64.rpm\nsupermin-5.1.19-8.module+el8.0.0+3075+09be6b65.aarch64.rpm\nsupermin-debuginfo-5.1.19-8.module+el8.0.0+3075+09be6b65.aarch64.rpm\nsupermin-debugsource-5.1.19-8.module+el8.0.0+3075+09be6b65.aarch64.rpm\nsupermin-devel-5.1.19-8.module+el8.0.0+3075+09be6b65.aarch64.rpm\nvirt-dib-1.38.4-10.module+el8.0.0+3075+09be6b65.aarch64.rpm\nvirt-dib-debuginfo-1.38.4-10.module+el8.0.0+3075+09be6b65.aarch64.rpm\n\nnoarch:\nSLOF-20171214-5.gitfa98132.module+el8.0.0+3075+09be6b65.noarch.rpm\nlibguestfs-bash-completion-1.38.4-10.module+el8.0.0+3075+09be6b65.noarch.rpm\nlibguestfs-inspect-icons-1.38.4-10.module+el8.0.0+3075+09be6b65.noarch.rpm\nlibguestfs-javadoc-1.38.4-10.module+el8.0.0+3075+09be6b65.noarch.rpm\nlibguestfs-man-pages-ja-1.38.4-10.module+el8.0.0+3075+09be6b65.noarch.rpm\nlibguestfs-man-pages-uk-1.38.4-10.module+el8.0.0+3075+09be6b65.noarch.rpm\nlibguestfs-tools-1.38.4-10.module+el8.0.0+3075+09be6b65.noarch.rpm\nnbdkit-bash-completion-1.4.2-4.module+el8.0.0+3075+09be6b65.noarch.rpm\nseabios-bin-1.11.1-3.module+el8.0.0+3075+09be6b65.noarch.rpm\nseavgabios-bin-1.11.1-3.module+el8.0.0+3075+09be6b65.noarch.rpm\nsgabios-bin-0.20170427git-2.module+el8.0.0+3075+09be6b65.noarch.rpm\n\nppc64le:\nhivex-1.3.15-6.module+el8.0.0+3075+09be6b65.ppc64le.rpm\nhivex-debuginfo-1.3.15-6.module+el8.0.0+3075+09be6b65.ppc64le.rpm\nhivex-debugsource-1.3.15-6.module+el8.0.0+3075+09be6b65.ppc64le.rpm\nhivex-devel-1.3.15-6.module+el8.0.0+3075+09be6b65.ppc64le.rpm\nlibguestfs-1.38.4-10.module+el8.0.0+3075+09be6b65.ppc64le.rpm\nlibguestfs-debuginfo-1.38.4-10.module+el8.0.0+3075+09be6b65.ppc64le.rpm\nlibguestfs-debugsource-1.38.4-10.module+el8.0.0+3075+09be6b65.ppc64le.rpm\nlibguestfs-devel-1.38.4-10.module+el8.0.0+3075+09be6b65.ppc64le.rpm\nlibguestfs-gfs2-1.38.4-10.module+el8.0.0+3075+09be6b65.ppc64le.rpm\nlibguestfs-gobject-1.38.4-10.module+el8.0.0+3075+09be6b65.ppc64le.rpm\nlibguestfs-gobject-debuginfo-1.38.4-10.module+el8.0.0+3075+09be6b65.ppc64le.rpm\nlibguestfs-gobject-devel-1.38.4-10.module+el8.0.0+3075+09be6b65.ppc64le.rpm\nlibguestfs-java-1.38.4-10.module+el8.0.0+3075+09be6b65.ppc64le.rpm\nlibguestfs-java-debuginfo-1.38.4-10.module+el8.0.0+3075+09be6b65.ppc64le.rpm\nlibguestfs-java-devel-1.38.4-10.module+el8.0.0+3075+09be6b65.ppc64le.rpm\nlibguestfs-rescue-1.38.4-10.module+el8.0.0+3075+09be6b65.ppc64le.rpm\nlibguestfs-rsync-1.38.4-10.module+el8.0.0+3075+09be6b65.ppc64le.rpm\nlibguestfs-tools-c-1.38.4-10.module+el8.0.0+3075+09be6b65.ppc64le.rpm\nlibguestfs-tools-c-debuginfo-1.38.4-10.module+el8.0.0+3075+09be6b65.ppc64le.rpm\nlibguestfs-winsupport-8.0-2.module+el8.0.0+3075+09be6b65.ppc64le.rpm\nlibguestfs-xfs-1.38.4-10.module+el8.0.0+3075+09be6b65.ppc64le.rpm\nlibiscsi-1.18.0-6.module+el8.0.0+3075+09be6b65.ppc64le.rpm\nlibiscsi-debuginfo-1.18.0-6.module+el8.0.0+3075+09be6b65.ppc64le.rpm\nlibiscsi-debugsource-1.18.0-6.module+el8.0.0+3075+09be6b65.ppc64le.rpm\nlibiscsi-devel-1.18.0-6.module+el8.0.0+3075+09be6b65.ppc64le.rpm\nlibiscsi-utils-1.18.0-6.module+el8.0.0+3075+09be6b65.ppc64le.rpm\nlibiscsi-utils-debuginfo-1.18.0-6.module+el8.0.0+3075+09be6b65.ppc64le.rpm\nlibssh2-1.8.0-7.module+el8.0.0+3075+09be6b65.1.ppc64le.rpm\nlibssh2-debuginfo-1.8.0-7.module+el8.0.0+3075+09be6b65.1.ppc64le.rpm\nlibssh2-debugsource-1.8.0-7.module+el8.0.0+3075+09be6b65.1.ppc64le.rpm\nlibvirt-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.ppc64le.rpm\nlibvirt-admin-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.ppc64le.rpm\nlibvirt-admin-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.ppc64le.rpm\nlibvirt-bash-completion-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.ppc64le.rpm\nlibvirt-client-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.ppc64le.rpm\nlibvirt-client-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.ppc64le.rpm\nlibvirt-daemon-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.ppc64le.rpm\nlibvirt-daemon-config-network-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.ppc64le.rpm\nlibvirt-daemon-config-nwfilter-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.ppc64le.rpm\nlibvirt-daemon-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.ppc64le.rpm\nlibvirt-daemon-driver-interface-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.ppc64le.rpm\nlibvirt-daemon-driver-interface-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.ppc64le.rpm\nlibvirt-daemon-driver-network-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.ppc64le.rpm\nlibvirt-daemon-driver-network-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.ppc64le.rpm\nlibvirt-daemon-driver-nodedev-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.ppc64le.rpm\nlibvirt-daemon-driver-nodedev-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.ppc64le.rpm\nlibvirt-daemon-driver-nwfilter-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.ppc64le.rpm\nlibvirt-daemon-driver-nwfilter-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.ppc64le.rpm\nlibvirt-daemon-driver-qemu-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.ppc64le.rpm\nlibvirt-daemon-driver-qemu-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.ppc64le.rpm\nlibvirt-daemon-driver-secret-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.ppc64le.rpm\nlibvirt-daemon-driver-secret-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.ppc64le.rpm\nlibvirt-daemon-driver-storage-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.ppc64le.rpm\nlibvirt-daemon-driver-storage-core-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.ppc64le.rpm\nlibvirt-daemon-driver-storage-core-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.ppc64le.rpm\nlibvirt-daemon-driver-storage-disk-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.ppc64le.rpm\nlibvirt-daemon-driver-storage-disk-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.ppc64le.rpm\nlibvirt-daemon-driver-storage-gluster-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.ppc64le.rpm\nlibvirt-daemon-driver-storage-gluster-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.ppc64le.rpm\nlibvirt-daemon-driver-storage-iscsi-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.ppc64le.rpm\nlibvirt-daemon-driver-storage-iscsi-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.ppc64le.rpm\nlibvirt-daemon-driver-storage-logical-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.ppc64le.rpm\nlibvirt-daemon-driver-storage-logical-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.ppc64le.rpm\nlibvirt-daemon-driver-storage-mpath-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.ppc64le.rpm\nlibvirt-daemon-driver-storage-mpath-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.ppc64le.rpm\nlibvirt-daemon-driver-storage-rbd-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.ppc64le.rpm\nlibvirt-daemon-driver-storage-rbd-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.ppc64le.rpm\nlibvirt-daemon-driver-storage-scsi-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.ppc64le.rpm\nlibvirt-daemon-driver-storage-scsi-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.ppc64le.rpm\nlibvirt-daemon-kvm-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.ppc64le.rpm\nlibvirt-dbus-1.2.0-2.module+el8.0.0+3075+09be6b65.ppc64le.rpm\nlibvirt-dbus-debuginfo-1.2.0-2.module+el8.0.0+3075+09be6b65.ppc64le.rpm\nlibvirt-dbus-debugsource-1.2.0-2.module+el8.0.0+3075+09be6b65.ppc64le.rpm\nlibvirt-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.ppc64le.rpm\nlibvirt-debugsource-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.ppc64le.rpm\nlibvirt-devel-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.ppc64le.rpm\nlibvirt-docs-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.ppc64le.rpm\nlibvirt-libs-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.ppc64le.rpm\nlibvirt-libs-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.ppc64le.rpm\nlibvirt-lock-sanlock-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.ppc64le.rpm\nlibvirt-lock-sanlock-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.ppc64le.rpm\nlibvirt-nss-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.ppc64le.rpm\nlibvirt-nss-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.ppc64le.rpm\nlua-guestfs-1.38.4-10.module+el8.0.0+3075+09be6b65.ppc64le.rpm\nlua-guestfs-debuginfo-1.38.4-10.module+el8.0.0+3075+09be6b65.ppc64le.rpm\nnbdkit-1.4.2-4.module+el8.0.0+3075+09be6b65.ppc64le.rpm\nnbdkit-basic-plugins-1.4.2-4.module+el8.0.0+3075+09be6b65.ppc64le.rpm\nnbdkit-basic-plugins-debuginfo-1.4.2-4.module+el8.0.0+3075+09be6b65.ppc64le.rpm\nnbdkit-debuginfo-1.4.2-4.module+el8.0.0+3075+09be6b65.ppc64le.rpm\nnbdkit-debugsource-1.4.2-4.module+el8.0.0+3075+09be6b65.ppc64le.rpm\nnbdkit-devel-1.4.2-4.module+el8.0.0+3075+09be6b65.ppc64le.rpm\nnbdkit-example-plugins-1.4.2-4.module+el8.0.0+3075+09be6b65.ppc64le.rpm\nnbdkit-example-plugins-debuginfo-1.4.2-4.module+el8.0.0+3075+09be6b65.ppc64le.rpm\nnbdkit-plugin-gzip-1.4.2-4.module+el8.0.0+3075+09be6b65.ppc64le.rpm\nnbdkit-plugin-gzip-debuginfo-1.4.2-4.module+el8.0.0+3075+09be6b65.ppc64le.rpm\nnbdkit-plugin-python-common-1.4.2-4.module+el8.0.0+3075+09be6b65.ppc64le.rpm\nnbdkit-plugin-python3-1.4.2-4.module+el8.0.0+3075+09be6b65.ppc64le.rpm\nnbdkit-plugin-python3-debuginfo-1.4.2-4.module+el8.0.0+3075+09be6b65.ppc64le.rpm\nnbdkit-plugin-xz-1.4.2-4.module+el8.0.0+3075+09be6b65.ppc64le.rpm\nnbdkit-plugin-xz-debuginfo-1.4.2-4.module+el8.0.0+3075+09be6b65.ppc64le.rpm\nnetcf-0.2.8-10.module+el8.0.0+3075+09be6b65.ppc64le.rpm\nnetcf-debuginfo-0.2.8-10.module+el8.0.0+3075+09be6b65.ppc64le.rpm\nnetcf-debugsource-0.2.8-10.module+el8.0.0+3075+09be6b65.ppc64le.rpm\nnetcf-devel-0.2.8-10.module+el8.0.0+3075+09be6b65.ppc64le.rpm\nnetcf-libs-0.2.8-10.module+el8.0.0+3075+09be6b65.ppc64le.rpm\nnetcf-libs-debuginfo-0.2.8-10.module+el8.0.0+3075+09be6b65.ppc64le.rpm\nperl-Sys-Guestfs-1.38.4-10.module+el8.0.0+3075+09be6b65.ppc64le.rpm\nperl-Sys-Guestfs-debuginfo-1.38.4-10.module+el8.0.0+3075+09be6b65.ppc64le.rpm\nperl-Sys-Virt-4.5.0-4.module+el8.0.0+3075+09be6b65.ppc64le.rpm\nperl-Sys-Virt-debuginfo-4.5.0-4.module+el8.0.0+3075+09be6b65.ppc64le.rpm\nperl-Sys-Virt-debugsource-4.5.0-4.module+el8.0.0+3075+09be6b65.ppc64le.rpm\nperl-hivex-1.3.15-6.module+el8.0.0+3075+09be6b65.ppc64le.rpm\nperl-hivex-debuginfo-1.3.15-6.module+el8.0.0+3075+09be6b65.ppc64le.rpm\npython3-hivex-1.3.15-6.module+el8.0.0+3075+09be6b65.ppc64le.rpm\npython3-hivex-debuginfo-1.3.15-6.module+el8.0.0+3075+09be6b65.ppc64le.rpm\npython3-libguestfs-1.38.4-10.module+el8.0.0+3075+09be6b65.ppc64le.rpm\npython3-libguestfs-debuginfo-1.38.4-10.module+el8.0.0+3075+09be6b65.ppc64le.rpm\npython3-libvirt-4.5.0-1.module+el8.0.0+3075+09be6b65.ppc64le.rpm\npython3-libvirt-debuginfo-4.5.0-1.module+el8.0.0+3075+09be6b65.ppc64le.rpm\nqemu-guest-agent-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.ppc64le.rpm\nqemu-guest-agent-debuginfo-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.ppc64le.rpm\nqemu-img-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.ppc64le.rpm\nqemu-img-debuginfo-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.ppc64le.rpm\nqemu-kvm-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.ppc64le.rpm\nqemu-kvm-block-curl-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.ppc64le.rpm\nqemu-kvm-block-curl-debuginfo-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.ppc64le.rpm\nqemu-kvm-block-iscsi-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.ppc64le.rpm\nqemu-kvm-block-iscsi-debuginfo-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.ppc64le.rpm\nqemu-kvm-block-rbd-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.ppc64le.rpm\nqemu-kvm-block-rbd-debuginfo-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.ppc64le.rpm\nqemu-kvm-block-ssh-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.ppc64le.rpm\nqemu-kvm-block-ssh-debuginfo-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.ppc64le.rpm\nqemu-kvm-common-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.ppc64le.rpm\nqemu-kvm-common-debuginfo-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.ppc64le.rpm\nqemu-kvm-core-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.ppc64le.rpm\nqemu-kvm-core-debuginfo-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.ppc64le.rpm\nqemu-kvm-debuginfo-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.ppc64le.rpm\nqemu-kvm-debugsource-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.ppc64le.rpm\nruby-hivex-1.3.15-6.module+el8.0.0+3075+09be6b65.ppc64le.rpm\nruby-hivex-debuginfo-1.3.15-6.module+el8.0.0+3075+09be6b65.ppc64le.rpm\nruby-libguestfs-1.38.4-10.module+el8.0.0+3075+09be6b65.ppc64le.rpm\nruby-libguestfs-debuginfo-1.38.4-10.module+el8.0.0+3075+09be6b65.ppc64le.rpm\nsupermin-5.1.19-8.module+el8.0.0+3075+09be6b65.ppc64le.rpm\nsupermin-debuginfo-5.1.19-8.module+el8.0.0+3075+09be6b65.ppc64le.rpm\nsupermin-debugsource-5.1.19-8.module+el8.0.0+3075+09be6b65.ppc64le.rpm\nsupermin-devel-5.1.19-8.module+el8.0.0+3075+09be6b65.ppc64le.rpm\nvirt-dib-1.38.4-10.module+el8.0.0+3075+09be6b65.ppc64le.rpm\nvirt-dib-debuginfo-1.38.4-10.module+el8.0.0+3075+09be6b65.ppc64le.rpm\n\ns390x:\nhivex-1.3.15-6.module+el8.0.0+3075+09be6b65.s390x.rpm\nhivex-debuginfo-1.3.15-6.module+el8.0.0+3075+09be6b65.s390x.rpm\nhivex-debugsource-1.3.15-6.module+el8.0.0+3075+09be6b65.s390x.rpm\nhivex-devel-1.3.15-6.module+el8.0.0+3075+09be6b65.s390x.rpm\nlibguestfs-1.38.4-10.module+el8.0.0+3075+09be6b65.s390x.rpm\nlibguestfs-debuginfo-1.38.4-10.module+el8.0.0+3075+09be6b65.s390x.rpm\nlibguestfs-debugsource-1.38.4-10.module+el8.0.0+3075+09be6b65.s390x.rpm\nlibguestfs-devel-1.38.4-10.module+el8.0.0+3075+09be6b65.s390x.rpm\nlibguestfs-gfs2-1.38.4-10.module+el8.0.0+3075+09be6b65.s390x.rpm\nlibguestfs-gobject-1.38.4-10.module+el8.0.0+3075+09be6b65.s390x.rpm\nlibguestfs-gobject-debuginfo-1.38.4-10.module+el8.0.0+3075+09be6b65.s390x.rpm\nlibguestfs-gobject-devel-1.38.4-10.module+el8.0.0+3075+09be6b65.s390x.rpm\nlibguestfs-java-1.38.4-10.module+el8.0.0+3075+09be6b65.s390x.rpm\nlibguestfs-java-debuginfo-1.38.4-10.module+el8.0.0+3075+09be6b65.s390x.rpm\nlibguestfs-java-devel-1.38.4-10.module+el8.0.0+3075+09be6b65.s390x.rpm\nlibguestfs-rescue-1.38.4-10.module+el8.0.0+3075+09be6b65.s390x.rpm\nlibguestfs-rsync-1.38.4-10.module+el8.0.0+3075+09be6b65.s390x.rpm\nlibguestfs-tools-c-1.38.4-10.module+el8.0.0+3075+09be6b65.s390x.rpm\nlibguestfs-tools-c-debuginfo-1.38.4-10.module+el8.0.0+3075+09be6b65.s390x.rpm\nlibguestfs-winsupport-8.0-2.module+el8.0.0+3075+09be6b65.s390x.rpm\nlibguestfs-xfs-1.38.4-10.module+el8.0.0+3075+09be6b65.s390x.rpm\nlibiscsi-1.18.0-6.module+el8.0.0+3075+09be6b65.s390x.rpm\nlibiscsi-debuginfo-1.18.0-6.module+el8.0.0+3075+09be6b65.s390x.rpm\nlibiscsi-debugsource-1.18.0-6.module+el8.0.0+3075+09be6b65.s390x.rpm\nlibiscsi-devel-1.18.0-6.module+el8.0.0+3075+09be6b65.s390x.rpm\nlibiscsi-utils-1.18.0-6.module+el8.0.0+3075+09be6b65.s390x.rpm\nlibiscsi-utils-debuginfo-1.18.0-6.module+el8.0.0+3075+09be6b65.s390x.rpm\nlibssh2-1.8.0-7.module+el8.0.0+3075+09be6b65.1.s390x.rpm\nlibssh2-debuginfo-1.8.0-7.module+el8.0.0+3075+09be6b65.1.s390x.rpm\nlibssh2-debugsource-1.8.0-7.module+el8.0.0+3075+09be6b65.1.s390x.rpm\nlibvirt-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.s390x.rpm\nlibvirt-admin-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.s390x.rpm\nlibvirt-admin-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.s390x.rpm\nlibvirt-bash-completion-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.s390x.rpm\nlibvirt-client-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.s390x.rpm\nlibvirt-client-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.s390x.rpm\nlibvirt-daemon-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.s390x.rpm\nlibvirt-daemon-config-network-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.s390x.rpm\nlibvirt-daemon-config-nwfilter-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.s390x.rpm\nlibvirt-daemon-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.s390x.rpm\nlibvirt-daemon-driver-interface-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.s390x.rpm\nlibvirt-daemon-driver-interface-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.s390x.rpm\nlibvirt-daemon-driver-network-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.s390x.rpm\nlibvirt-daemon-driver-network-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.s390x.rpm\nlibvirt-daemon-driver-nodedev-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.s390x.rpm\nlibvirt-daemon-driver-nodedev-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.s390x.rpm\nlibvirt-daemon-driver-nwfilter-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.s390x.rpm\nlibvirt-daemon-driver-nwfilter-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.s390x.rpm\nlibvirt-daemon-driver-qemu-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.s390x.rpm\nlibvirt-daemon-driver-qemu-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.s390x.rpm\nlibvirt-daemon-driver-secret-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.s390x.rpm\nlibvirt-daemon-driver-secret-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.s390x.rpm\nlibvirt-daemon-driver-storage-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.s390x.rpm\nlibvirt-daemon-driver-storage-core-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.s390x.rpm\nlibvirt-daemon-driver-storage-core-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.s390x.rpm\nlibvirt-daemon-driver-storage-disk-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.s390x.rpm\nlibvirt-daemon-driver-storage-disk-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.s390x.rpm\nlibvirt-daemon-driver-storage-gluster-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.s390x.rpm\nlibvirt-daemon-driver-storage-gluster-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.s390x.rpm\nlibvirt-daemon-driver-storage-iscsi-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.s390x.rpm\nlibvirt-daemon-driver-storage-iscsi-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.s390x.rpm\nlibvirt-daemon-driver-storage-logical-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.s390x.rpm\nlibvirt-daemon-driver-storage-logical-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.s390x.rpm\nlibvirt-daemon-driver-storage-mpath-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.s390x.rpm\nlibvirt-daemon-driver-storage-mpath-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.s390x.rpm\nlibvirt-daemon-driver-storage-rbd-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.s390x.rpm\nlibvirt-daemon-driver-storage-rbd-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.s390x.rpm\nlibvirt-daemon-driver-storage-scsi-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.s390x.rpm\nlibvirt-daemon-driver-storage-scsi-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.s390x.rpm\nlibvirt-daemon-kvm-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.s390x.rpm\nlibvirt-dbus-1.2.0-2.module+el8.0.0+3075+09be6b65.s390x.rpm\nlibvirt-dbus-debuginfo-1.2.0-2.module+el8.0.0+3075+09be6b65.s390x.rpm\nlibvirt-dbus-debugsource-1.2.0-2.module+el8.0.0+3075+09be6b65.s390x.rpm\nlibvirt-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.s390x.rpm\nlibvirt-debugsource-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.s390x.rpm\nlibvirt-devel-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.s390x.rpm\nlibvirt-docs-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.s390x.rpm\nlibvirt-libs-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.s390x.rpm\nlibvirt-libs-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.s390x.rpm\nlibvirt-lock-sanlock-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.s390x.rpm\nlibvirt-lock-sanlock-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.s390x.rpm\nlibvirt-nss-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.s390x.rpm\nlibvirt-nss-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.s390x.rpm\nlua-guestfs-1.38.4-10.module+el8.0.0+3075+09be6b65.s390x.rpm\nlua-guestfs-debuginfo-1.38.4-10.module+el8.0.0+3075+09be6b65.s390x.rpm\nnbdkit-1.4.2-4.module+el8.0.0+3075+09be6b65.s390x.rpm\nnbdkit-basic-plugins-1.4.2-4.module+el8.0.0+3075+09be6b65.s390x.rpm\nnbdkit-basic-plugins-debuginfo-1.4.2-4.module+el8.0.0+3075+09be6b65.s390x.rpm\nnbdkit-debuginfo-1.4.2-4.module+el8.0.0+3075+09be6b65.s390x.rpm\nnbdkit-debugsource-1.4.2-4.module+el8.0.0+3075+09be6b65.s390x.rpm\nnbdkit-devel-1.4.2-4.module+el8.0.0+3075+09be6b65.s390x.rpm\nnbdkit-example-plugins-1.4.2-4.module+el8.0.0+3075+09be6b65.s390x.rpm\nnbdkit-example-plugins-debuginfo-1.4.2-4.module+el8.0.0+3075+09be6b65.s390x.rpm\nnbdkit-plugin-gzip-1.4.2-4.module+el8.0.0+3075+09be6b65.s390x.rpm\nnbdkit-plugin-gzip-debuginfo-1.4.2-4.module+el8.0.0+3075+09be6b65.s390x.rpm\nnbdkit-plugin-python-common-1.4.2-4.module+el8.0.0+3075+09be6b65.s390x.rpm\nnbdkit-plugin-python3-1.4.2-4.module+el8.0.0+3075+09be6b65.s390x.rpm\nnbdkit-plugin-python3-debuginfo-1.4.2-4.module+el8.0.0+3075+09be6b65.s390x.rpm\nnbdkit-plugin-xz-1.4.2-4.module+el8.0.0+3075+09be6b65.s390x.rpm\nnbdkit-plugin-xz-debuginfo-1.4.2-4.module+el8.0.0+3075+09be6b65.s390x.rpm\nnetcf-0.2.8-10.module+el8.0.0+3075+09be6b65.s390x.rpm\nnetcf-debuginfo-0.2.8-10.module+el8.0.0+3075+09be6b65.s390x.rpm\nnetcf-debugsource-0.2.8-10.module+el8.0.0+3075+09be6b65.s390x.rpm\nnetcf-devel-0.2.8-10.module+el8.0.0+3075+09be6b65.s390x.rpm\nnetcf-libs-0.2.8-10.module+el8.0.0+3075+09be6b65.s390x.rpm\nnetcf-libs-debuginfo-0.2.8-10.module+el8.0.0+3075+09be6b65.s390x.rpm\nperl-Sys-Guestfs-1.38.4-10.module+el8.0.0+3075+09be6b65.s390x.rpm\nperl-Sys-Guestfs-debuginfo-1.38.4-10.module+el8.0.0+3075+09be6b65.s390x.rpm\nperl-Sys-Virt-4.5.0-4.module+el8.0.0+3075+09be6b65.s390x.rpm\nperl-Sys-Virt-debuginfo-4.5.0-4.module+el8.0.0+3075+09be6b65.s390x.rpm\nperl-Sys-Virt-debugsource-4.5.0-4.module+el8.0.0+3075+09be6b65.s390x.rpm\nperl-hivex-1.3.15-6.module+el8.0.0+3075+09be6b65.s390x.rpm\nperl-hivex-debuginfo-1.3.15-6.module+el8.0.0+3075+09be6b65.s390x.rpm\npython3-hivex-1.3.15-6.module+el8.0.0+3075+09be6b65.s390x.rpm\npython3-hivex-debuginfo-1.3.15-6.module+el8.0.0+3075+09be6b65.s390x.rpm\npython3-libguestfs-1.38.4-10.module+el8.0.0+3075+09be6b65.s390x.rpm\npython3-libguestfs-debuginfo-1.38.4-10.module+el8.0.0+3075+09be6b65.s390x.rpm\npython3-libvirt-4.5.0-1.module+el8.0.0+3075+09be6b65.s390x.rpm\npython3-libvirt-debuginfo-4.5.0-1.module+el8.0.0+3075+09be6b65.s390x.rpm\nqemu-guest-agent-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.s390x.rpm\nqemu-guest-agent-debuginfo-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.s390x.rpm\nqemu-img-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.s390x.rpm\nqemu-img-debuginfo-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.s390x.rpm\nqemu-kvm-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.s390x.rpm\nqemu-kvm-block-curl-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.s390x.rpm\nqemu-kvm-block-curl-debuginfo-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.s390x.rpm\nqemu-kvm-block-iscsi-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.s390x.rpm\nqemu-kvm-block-iscsi-debuginfo-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.s390x.rpm\nqemu-kvm-block-rbd-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.s390x.rpm\nqemu-kvm-block-rbd-debuginfo-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.s390x.rpm\nqemu-kvm-block-ssh-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.s390x.rpm\nqemu-kvm-block-ssh-debuginfo-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.s390x.rpm\nqemu-kvm-common-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.s390x.rpm\nqemu-kvm-common-debuginfo-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.s390x.rpm\nqemu-kvm-core-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.s390x.rpm\nqemu-kvm-core-debuginfo-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.s390x.rpm\nqemu-kvm-debuginfo-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.s390x.rpm\nqemu-kvm-debugsource-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.s390x.rpm\nruby-hivex-1.3.15-6.module+el8.0.0+3075+09be6b65.s390x.rpm\nruby-hivex-debuginfo-1.3.15-6.module+el8.0.0+3075+09be6b65.s390x.rpm\nruby-libguestfs-1.38.4-10.module+el8.0.0+3075+09be6b65.s390x.rpm\nruby-libguestfs-debuginfo-1.38.4-10.module+el8.0.0+3075+09be6b65.s390x.rpm\nsupermin-5.1.19-8.module+el8.0.0+3075+09be6b65.s390x.rpm\nsupermin-debuginfo-5.1.19-8.module+el8.0.0+3075+09be6b65.s390x.rpm\nsupermin-debugsource-5.1.19-8.module+el8.0.0+3075+09be6b65.s390x.rpm\nsupermin-devel-5.1.19-8.module+el8.0.0+3075+09be6b65.s390x.rpm\nvirt-dib-1.38.4-10.module+el8.0.0+3075+09be6b65.s390x.rpm\nvirt-dib-debuginfo-1.38.4-10.module+el8.0.0+3075+09be6b65.s390x.rpm\n\nx86_64:\nhivex-1.3.15-6.module+el8.0.0+3075+09be6b65.x86_64.rpm\nhivex-debuginfo-1.3.15-6.module+el8.0.0+3075+09be6b65.x86_64.rpm\nhivex-debugsource-1.3.15-6.module+el8.0.0+3075+09be6b65.x86_64.rpm\nhivex-devel-1.3.15-6.module+el8.0.0+3075+09be6b65.x86_64.rpm\nlibguestfs-1.38.4-10.module+el8.0.0+3075+09be6b65.x86_64.rpm\nlibguestfs-benchmarking-1.38.4-10.module+el8.0.0+3075+09be6b65.x86_64.rpm\nlibguestfs-benchmarking-debuginfo-1.38.4-10.module+el8.0.0+3075+09be6b65.x86_64.rpm\nlibguestfs-debuginfo-1.38.4-10.module+el8.0.0+3075+09be6b65.x86_64.rpm\nlibguestfs-debugsource-1.38.4-10.module+el8.0.0+3075+09be6b65.x86_64.rpm\nlibguestfs-devel-1.38.4-10.module+el8.0.0+3075+09be6b65.x86_64.rpm\nlibguestfs-gfs2-1.38.4-10.module+el8.0.0+3075+09be6b65.x86_64.rpm\nlibguestfs-gobject-1.38.4-10.module+el8.0.0+3075+09be6b65.x86_64.rpm\nlibguestfs-gobject-debuginfo-1.38.4-10.module+el8.0.0+3075+09be6b65.x86_64.rpm\nlibguestfs-gobject-devel-1.38.4-10.module+el8.0.0+3075+09be6b65.x86_64.rpm\nlibguestfs-java-1.38.4-10.module+el8.0.0+3075+09be6b65.x86_64.rpm\nlibguestfs-java-debuginfo-1.38.4-10.module+el8.0.0+3075+09be6b65.x86_64.rpm\nlibguestfs-java-devel-1.38.4-10.module+el8.0.0+3075+09be6b65.x86_64.rpm\nlibguestfs-rescue-1.38.4-10.module+el8.0.0+3075+09be6b65.x86_64.rpm\nlibguestfs-rsync-1.38.4-10.module+el8.0.0+3075+09be6b65.x86_64.rpm\nlibguestfs-tools-c-1.38.4-10.module+el8.0.0+3075+09be6b65.x86_64.rpm\nlibguestfs-tools-c-debuginfo-1.38.4-10.module+el8.0.0+3075+09be6b65.x86_64.rpm\nlibguestfs-winsupport-8.0-2.module+el8.0.0+3075+09be6b65.x86_64.rpm\nlibguestfs-xfs-1.38.4-10.module+el8.0.0+3075+09be6b65.x86_64.rpm\nlibiscsi-1.18.0-6.module+el8.0.0+3075+09be6b65.x86_64.rpm\nlibiscsi-debuginfo-1.18.0-6.module+el8.0.0+3075+09be6b65.x86_64.rpm\nlibiscsi-debugsource-1.18.0-6.module+el8.0.0+3075+09be6b65.x86_64.rpm\nlibiscsi-devel-1.18.0-6.module+el8.0.0+3075+09be6b65.x86_64.rpm\nlibiscsi-utils-1.18.0-6.module+el8.0.0+3075+09be6b65.x86_64.rpm\nlibiscsi-utils-debuginfo-1.18.0-6.module+el8.0.0+3075+09be6b65.x86_64.rpm\nlibssh2-1.8.0-7.module+el8.0.0+3075+09be6b65.1.x86_64.rpm\nlibssh2-debuginfo-1.8.0-7.module+el8.0.0+3075+09be6b65.1.x86_64.rpm\nlibssh2-debugsource-1.8.0-7.module+el8.0.0+3075+09be6b65.1.x86_64.rpm\nlibvirt-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.x86_64.rpm\nlibvirt-admin-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.x86_64.rpm\nlibvirt-admin-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.x86_64.rpm\nlibvirt-bash-completion-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.x86_64.rpm\nlibvirt-client-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.x86_64.rpm\nlibvirt-client-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.x86_64.rpm\nlibvirt-daemon-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.x86_64.rpm\nlibvirt-daemon-config-network-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.x86_64.rpm\nlibvirt-daemon-config-nwfilter-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.x86_64.rpm\nlibvirt-daemon-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.x86_64.rpm\nlibvirt-daemon-driver-interface-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.x86_64.rpm\nlibvirt-daemon-driver-interface-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.x86_64.rpm\nlibvirt-daemon-driver-network-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.x86_64.rpm\nlibvirt-daemon-driver-network-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.x86_64.rpm\nlibvirt-daemon-driver-nodedev-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.x86_64.rpm\nlibvirt-daemon-driver-nodedev-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.x86_64.rpm\nlibvirt-daemon-driver-nwfilter-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.x86_64.rpm\nlibvirt-daemon-driver-nwfilter-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.x86_64.rpm\nlibvirt-daemon-driver-qemu-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.x86_64.rpm\nlibvirt-daemon-driver-qemu-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.x86_64.rpm\nlibvirt-daemon-driver-secret-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.x86_64.rpm\nlibvirt-daemon-driver-secret-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.x86_64.rpm\nlibvirt-daemon-driver-storage-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.x86_64.rpm\nlibvirt-daemon-driver-storage-core-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.x86_64.rpm\nlibvirt-daemon-driver-storage-core-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.x86_64.rpm\nlibvirt-daemon-driver-storage-disk-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.x86_64.rpm\nlibvirt-daemon-driver-storage-disk-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.x86_64.rpm\nlibvirt-daemon-driver-storage-gluster-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.x86_64.rpm\nlibvirt-daemon-driver-storage-gluster-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.x86_64.rpm\nlibvirt-daemon-driver-storage-iscsi-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.x86_64.rpm\nlibvirt-daemon-driver-storage-iscsi-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.x86_64.rpm\nlibvirt-daemon-driver-storage-logical-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.x86_64.rpm\nlibvirt-daemon-driver-storage-logical-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.x86_64.rpm\nlibvirt-daemon-driver-storage-mpath-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.x86_64.rpm\nlibvirt-daemon-driver-storage-mpath-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.x86_64.rpm\nlibvirt-daemon-driver-storage-rbd-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.x86_64.rpm\nlibvirt-daemon-driver-storage-rbd-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.x86_64.rpm\nlibvirt-daemon-driver-storage-scsi-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.x86_64.rpm\nlibvirt-daemon-driver-storage-scsi-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.x86_64.rpm\nlibvirt-daemon-kvm-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.x86_64.rpm\nlibvirt-dbus-1.2.0-2.module+el8.0.0+3075+09be6b65.x86_64.rpm\nlibvirt-dbus-debuginfo-1.2.0-2.module+el8.0.0+3075+09be6b65.x86_64.rpm\nlibvirt-dbus-debugsource-1.2.0-2.module+el8.0.0+3075+09be6b65.x86_64.rpm\nlibvirt-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.x86_64.rpm\nlibvirt-debugsource-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.x86_64.rpm\nlibvirt-devel-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.x86_64.rpm\nlibvirt-docs-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.x86_64.rpm\nlibvirt-libs-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.x86_64.rpm\nlibvirt-libs-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.x86_64.rpm\nlibvirt-lock-sanlock-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.x86_64.rpm\nlibvirt-lock-sanlock-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.x86_64.rpm\nlibvirt-nss-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.x86_64.rpm\nlibvirt-nss-debuginfo-4.5.0-23.1.module+el8.0.0+3151+3ba813f9.x86_64.rpm\nlua-guestfs-1.38.4-10.module+el8.0.0+3075+09be6b65.x86_64.rpm\nlua-guestfs-debuginfo-1.38.4-10.module+el8.0.0+3075+09be6b65.x86_64.rpm\nnbdkit-1.4.2-4.module+el8.0.0+3075+09be6b65.x86_64.rpm\nnbdkit-basic-plugins-1.4.2-4.module+el8.0.0+3075+09be6b65.x86_64.rpm\nnbdkit-basic-plugins-debuginfo-1.4.2-4.module+el8.0.0+3075+09be6b65.x86_64.rpm\nnbdkit-debuginfo-1.4.2-4.module+el8.0.0+3075+09be6b65.x86_64.rpm\nnbdkit-debugsource-1.4.2-4.module+el8.0.0+3075+09be6b65.x86_64.rpm\nnbdkit-devel-1.4.2-4.module+el8.0.0+3075+09be6b65.x86_64.rpm\nnbdkit-example-plugins-1.4.2-4.module+el8.0.0+3075+09be6b65.x86_64.rpm\nnbdkit-example-plugins-debuginfo-1.4.2-4.module+el8.0.0+3075+09be6b65.x86_64.rpm\nnbdkit-plugin-gzip-1.4.2-4.module+el8.0.0+3075+09be6b65.x86_64.rpm\nnbdkit-plugin-gzip-debuginfo-1.4.2-4.module+el8.0.0+3075+09be6b65.x86_64.rpm\nnbdkit-plugin-python-common-1.4.2-4.module+el8.0.0+3075+09be6b65.x86_64.rpm\nnbdkit-plugin-python3-1.4.2-4.module+el8.0.0+3075+09be6b65.x86_64.rpm\nnbdkit-plugin-python3-debuginfo-1.4.2-4.module+el8.0.0+3075+09be6b65.x86_64.rpm\nnbdkit-plugin-vddk-1.4.2-4.module+el8.0.0+3075+09be6b65.x86_64.rpm\nnbdkit-plugin-vddk-debuginfo-1.4.2-4.module+el8.0.0+3075+09be6b65.x86_64.rpm\nnbdkit-plugin-xz-1.4.2-4.module+el8.0.0+3075+09be6b65.x86_64.rpm\nnbdkit-plugin-xz-debuginfo-1.4.2-4.module+el8.0.0+3075+09be6b65.x86_64.rpm\nnetcf-0.2.8-10.module+el8.0.0+3075+09be6b65.x86_64.rpm\nnetcf-debuginfo-0.2.8-10.module+el8.0.0+3075+09be6b65.x86_64.rpm\nnetcf-debugsource-0.2.8-10.module+el8.0.0+3075+09be6b65.x86_64.rpm\nnetcf-devel-0.2.8-10.module+el8.0.0+3075+09be6b65.x86_64.rpm\nnetcf-libs-0.2.8-10.module+el8.0.0+3075+09be6b65.x86_64.rpm\nnetcf-libs-debuginfo-0.2.8-10.module+el8.0.0+3075+09be6b65.x86_64.rpm\nperl-Sys-Guestfs-1.38.4-10.module+el8.0.0+3075+09be6b65.x86_64.rpm\nperl-Sys-Guestfs-debuginfo-1.38.4-10.module+el8.0.0+3075+09be6b65.x86_64.rpm\nperl-Sys-Virt-4.5.0-4.module+el8.0.0+3075+09be6b65.x86_64.rpm\nperl-Sys-Virt-debuginfo-4.5.0-4.module+el8.0.0+3075+09be6b65.x86_64.rpm\nperl-Sys-Virt-debugsource-4.5.0-4.module+el8.0.0+3075+09be6b65.x86_64.rpm\nperl-hivex-1.3.15-6.module+el8.0.0+3075+09be6b65.x86_64.rpm\nperl-hivex-debuginfo-1.3.15-6.module+el8.0.0+3075+09be6b65.x86_64.rpm\npython3-hivex-1.3.15-6.module+el8.0.0+3075+09be6b65.x86_64.rpm\npython3-hivex-debuginfo-1.3.15-6.module+el8.0.0+3075+09be6b65.x86_64.rpm\npython3-libguestfs-1.38.4-10.module+el8.0.0+3075+09be6b65.x86_64.rpm\npython3-libguestfs-debuginfo-1.38.4-10.module+el8.0.0+3075+09be6b65.x86_64.rpm\npython3-libvirt-4.5.0-1.module+el8.0.0+3075+09be6b65.x86_64.rpm\npython3-libvirt-debuginfo-4.5.0-1.module+el8.0.0+3075+09be6b65.x86_64.rpm\nqemu-guest-agent-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.x86_64.rpm\nqemu-guest-agent-debuginfo-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.x86_64.rpm\nqemu-img-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.x86_64.rpm\nqemu-img-debuginfo-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.x86_64.rpm\nqemu-kvm-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.x86_64.rpm\nqemu-kvm-block-curl-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.x86_64.rpm\nqemu-kvm-block-curl-debuginfo-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.x86_64.rpm\nqemu-kvm-block-gluster-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.x86_64.rpm\nqemu-kvm-block-gluster-debuginfo-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.x86_64.rpm\nqemu-kvm-block-iscsi-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.x86_64.rpm\nqemu-kvm-block-iscsi-debuginfo-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.x86_64.rpm\nqemu-kvm-block-rbd-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.x86_64.rpm\nqemu-kvm-block-rbd-debuginfo-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.x86_64.rpm\nqemu-kvm-block-ssh-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.x86_64.rpm\nqemu-kvm-block-ssh-debuginfo-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.x86_64.rpm\nqemu-kvm-common-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.x86_64.rpm\nqemu-kvm-common-debuginfo-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.x86_64.rpm\nqemu-kvm-core-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.x86_64.rpm\nqemu-kvm-core-debuginfo-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.x86_64.rpm\nqemu-kvm-debuginfo-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.x86_64.rpm\nqemu-kvm-debugsource-2.12.0-64.module+el8.0.0+3180+d6a3561d.2.x86_64.rpm\nruby-hivex-1.3.15-6.module+el8.0.0+3075+09be6b65.x86_64.rpm\nruby-hivex-debuginfo-1.3.15-6.module+el8.0.0+3075+09be6b65.x86_64.rpm\nruby-libguestfs-1.38.4-10.module+el8.0.0+3075+09be6b65.x86_64.rpm\nruby-libguestfs-debuginfo-1.38.4-10.module+el8.0.0+3075+09be6b65.x86_64.rpm\nseabios-1.11.1-3.module+el8.0.0+3075+09be6b65.x86_64.rpm\nsgabios-0.20170427git-2.module+el8.0.0+3075+09be6b65.x86_64.rpm\nsupermin-5.1.19-8.module+el8.0.0+3075+09be6b65.x86_64.rpm\nsupermin-debuginfo-5.1.19-8.module+el8.0.0+3075+09be6b65.x86_64.rpm\nsupermin-debugsource-5.1.19-8.module+el8.0.0+3075+09be6b65.x86_64.rpm\nsupermin-devel-5.1.19-8.module+el8.0.0+3075+09be6b65.x86_64.rpm\nvirt-dib-1.38.4-10.module+el8.0.0+3075+09be6b65.x86_64.rpm\nvirt-dib-debuginfo-1.38.4-10.module+el8.0.0+3075+09be6b65.x86_64.rpm\nvirt-p2v-maker-1.38.4-10.module+el8.0.0+3075+09be6b65.x86_64.rpm\nvirt-v2v-1.38.4-10.module+el8.0.0+3075+09be6b65.x86_64.rpm\nvirt-v2v-debuginfo-1.38.4-10.module+el8.0.0+3075+09be6b65.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-12126\nhttps://access.redhat.com/security/cve/CVE-2018-12127\nhttps://access.redhat.com/security/cve/CVE-2018-12130\nhttps://access.redhat.com/security/cve/CVE-2018-20815\nhttps://access.redhat.com/security/cve/CVE-2019-3855\nhttps://access.redhat.com/security/cve/CVE-2019-3856\nhttps://access.redhat.com/security/cve/CVE-2019-3857\nhttps://access.redhat.com/security/cve/CVE-2019-3863\nhttps://access.redhat.com/security/cve/CVE-2019-11091\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2019 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXNsFdNzjgjWX9erEAQjf/g/+IPQ7NKuK24reC2hW29G51Nno6oF2bwsO\nyNTBaVjP5U1cRHhDrvv3V+Pao8Pj4sB3BRJHYgO8KHMj1uJmP72AdAzaPPkJxoDh\n42FOaNLkfQkguzreRN+ty+jHaVUumvuqf9HViVrJyvR+cfvV2tF8poGmKoWrEK5s\nrSOkvp3haP0HzwVN9wSnrlFGU/DrsLyg80+BuJb878ecSPRHiy/6ZuLd/nkO8fnO\nVKvDlTKEHAOwZWPmBTduGwOPe4J3fB+9chgK6ZcZpnh+lPSonkIfTXA1svbD8Un/\nFsC3wxDdHA9wRkwZZquRgaAeDWwYtKe7nMWSiR6USTWAkh8gruf53eW6//A6999Q\noI4wHzKQjJbYH9Pvc3AlQj+5nemvnfyBF/V0UijTHbRBxtJvnIsdro2bpgYsF3Mu\nJD6kMP7l5D51eQ3tNxDdeB49YNctPF0HuGbw7x0CojBhlQW7k10Ul3/LtqEu2Av4\nTqAJP3ENBC1C7VT1zGUSfc8neNNQxJzV9Co08w61bNtd4fo29uv0fOvDy+1J+7CT\nfOzF2slJTOJ/cqwcaR8j/SjKSFUIrHBKEPYWfVybmKLJhfQCmUzWE7sHZJ+9jKkb\nLDT+GUF9+TE7CNkD95vBlgs8kG3R76ZG5NSxjI1GDOLNNuhqH3/RZh3KNE17ut/r\nM5otU3RxBZs=\n=634V\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. 7.3) - x86_64\n\n3. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4431-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nApril 13, 2019 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : libssh2\nCVE ID : CVE-2019-3855 CVE-2019-3856 CVE-2019-3857 CVE-2019-3858\n CVE-2019-3859 CVE-2019-3860 CVE-2019-3861 CVE-2019-3862\n CVE-2019-3863\nDebian Bug : 924965\n\nChris Coulson discovered several vulnerabilities in libssh2, a SSH2\nclient-side library, which could result in denial of service,\ninformation leaks or the execution of arbitrary code. \n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 1.7.0-1+deb9u1. \n\nWe recommend that you upgrade your libssh2 packages",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-3855"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002832"
},
{
"db": "VULHUB",
"id": "VHN-155290"
},
{
"db": "VULMON",
"id": "CVE-2019-3855"
},
{
"db": "PACKETSTORM",
"id": "154655"
},
{
"db": "PACKETSTORM",
"id": "153510"
},
{
"db": "PACKETSTORM",
"id": "152874"
},
{
"db": "PACKETSTORM",
"id": "153969"
},
{
"db": "PACKETSTORM",
"id": "153654"
},
{
"db": "PACKETSTORM",
"id": "153811"
},
{
"db": "PACKETSTORM",
"id": "152509"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-3855",
"trust": 3.3
},
{
"db": "PACKETSTORM",
"id": "152136",
"trust": 1.8
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2019/03/18/3",
"trust": 1.8
},
{
"db": "BID",
"id": "107485",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002832",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201903-634",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2019.4341",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2340",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.4083",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.1274",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4479.2",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.0911",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.4226",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.0996",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.0894",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "152509",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "153654",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "154655",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "153510",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "153969",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "153811",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "152282",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-155290",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2019-3855",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "152874",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-155290"
},
{
"db": "VULMON",
"id": "CVE-2019-3855"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002832"
},
{
"db": "PACKETSTORM",
"id": "154655"
},
{
"db": "PACKETSTORM",
"id": "153510"
},
{
"db": "PACKETSTORM",
"id": "152874"
},
{
"db": "PACKETSTORM",
"id": "153969"
},
{
"db": "PACKETSTORM",
"id": "153654"
},
{
"db": "PACKETSTORM",
"id": "153811"
},
{
"db": "PACKETSTORM",
"id": "152509"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-634"
},
{
"db": "NVD",
"id": "CVE-2019-3855"
}
]
},
"id": "VAR-201903-0388",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-155290"
}
],
"trust": 0.01
},
"last_update_date": "2024-07-23T21:20:42.429000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "[SECURITY] [DLA 1730-1] libssh2 security update",
"trust": 0.8,
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html"
},
{
"title": "DSA-4431",
"trust": 0.8,
"url": "https://www.debian.org/security/2019/dsa-4431"
},
{
"title": "FEDORA-2019-f31c14682f",
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/xcwea5zclkrduk62qvvymfwlwkopx3lo/"
},
{
"title": "Possible integer overflow in transport read allows out-of-bounds write",
"trust": 0.8,
"url": "https://www.libssh2.org/cve-2019-3855.html"
},
{
"title": "NTAP-20190327-0005",
"trust": 0.8,
"url": "https://security.netapp.com/advisory/ntap-20190327-0005/"
},
{
"title": "Bug 1687303",
"trust": 0.8,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=cve-2019-3855"
},
{
"title": "RHSA-2019:0679",
"trust": 0.8,
"url": "https://access.redhat.com/errata/rhsa-2019:0679"
},
{
"title": "libssh2 Fixes for digital error vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=90196"
},
{
"title": "Red Hat: Important: libssh2 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20191652 - security advisory"
},
{
"title": "Red Hat: Important: libssh2 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20191791 - security advisory"
},
{
"title": "Red Hat: Important: libssh2 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20192399 - security advisory"
},
{
"title": "Red Hat: Important: libssh2 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20190679 - security advisory"
},
{
"title": "Red Hat: Important: libssh2 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20191943 - security advisory"
},
{
"title": "Debian CVElist Bug Report Logs: libssh2: CVE-2019-13115",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=fae8ca9a607a0d36a41864075e4d1739"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=cve-2019-3855"
},
{
"title": "Red Hat: Important: virt:rhel security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20191175 - security advisory"
},
{
"title": "Amazon Linux AMI: ALAS-2019-1254",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2019-1254"
},
{
"title": "Amazon Linux 2: ALAS2-2019-1199",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=alas2-2019-1199"
},
{
"title": "IBM: IBM Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to multiple security vulnerabilities (CVE-2019-3855, CVE-2019-3856, CVE-2019-3857, CVE-2019-3863)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=90ea192442f00a544f31c35e3585a0e6"
},
{
"title": "Debian CVElist Bug Report Logs: libssh2: CVE-2019-3855 CVE-2019-3856 CVE-2019-3857 CVE-2019-3858 CVE-2019-3859 CVE-2019-3860 CVE-2019-3861 CVE-2019-3862 CVE-2019-3863",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=00191547a456d0cf5c7b101c1774a050"
},
{
"title": "Debian Security Advisories: DSA-4431-1 libssh2 -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=32e9048e9588619b2dfacda6369a23ee"
},
{
"title": "IBM: IBM Security Bulletin: IBM QRadar Network Security is affected by multiple libssh2 vulnerabilities (CVE-2019-3863, CVE-2019-3857, CVE-2019-3856, CVE-2019-3855)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=55b92934c6d6315aa40e8be4ce2a8bf4"
},
{
"title": "IBM: IBM Security Bulletin: Vulnerabiliies in libssh2 affect PowerKVM",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=6e0e5e527a9204c06a52ef667608c6e8"
},
{
"title": "Arch Linux Advisories: [ASA-201903-13] libssh2: multiple issues",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201903-13"
},
{
"title": "Oracle VM Server for x86 Bulletins: Oracle VM Server for x86 Bulletin - July 2019",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_vm_server_for_x86_bulletins\u0026qid=b76ca4c2e9a0948d77d969fddc7b121b"
},
{
"title": "Oracle Linux Bulletins: Oracle Linux Bulletin - April 2019",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=0cf12ffad0c479958deb0741d0970b4e"
},
{
"title": "Oracle Linux Bulletins: Oracle Linux Bulletin - July 2019",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=767e8ff3a913d6c9b177c63c24420933"
},
{
"title": "IBM: IBM Security Bulletin: Vyatta 5600 vRouter Software Patches \u2013 Release 1801-z",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=4ef3e54cc5cdc194f0526779f9480f89"
},
{
"title": "Fortinet Security Advisories: libssh2 integer overflow and out of bounds read/write vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=fortinet_security_advisories\u0026qid=fg-ir-19-099"
},
{
"title": "IBM: IBM Security Bulletin: Multiple Security vulnerabilities have been fixed in the IBM Security Access Manager Appliance",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=1519a5f830589c3bab8a20f4163374ae"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=ec6577109e640dac19a6ddb978afe82d"
},
{
"title": "TrivyWeb",
"trust": 0.1,
"url": "https://github.com/korayagaya/trivyweb "
},
{
"title": "github_aquasecurity_trivy",
"trust": 0.1,
"url": "https://github.com/back8/github_aquasecurity_trivy "
},
{
"title": "trivy",
"trust": 0.1,
"url": "https://github.com/simiyo/trivy "
},
{
"title": "security",
"trust": 0.1,
"url": "https://github.com/umahari/security "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/mohzeela/external-secret "
},
{
"title": "Vulnerability-Scanner-for-Containers",
"trust": 0.1,
"url": "https://github.com/t31m0/vulnerability-scanner-for-containers "
},
{
"title": "trivy",
"trust": 0.1,
"url": "https://github.com/siddharthraopotukuchi/trivy "
},
{
"title": "trivy",
"trust": 0.1,
"url": "https://github.com/aquasecurity/trivy "
},
{
"title": "trivy",
"trust": 0.1,
"url": "https://github.com/knqyf263/trivy "
},
{
"title": "PoC-in-GitHub",
"trust": 0.1,
"url": "https://github.com/developer3000s/poc-in-github "
},
{
"title": "CVE-POC",
"trust": 0.1,
"url": "https://github.com/0xt11/cve-poc "
},
{
"title": "PoC-in-GitHub",
"trust": 0.1,
"url": "https://github.com/nomi-sec/poc-in-github "
},
{
"title": "PoC-in-GitHub",
"trust": 0.1,
"url": "https://github.com/hectorgie/poc-in-github "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-3855"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002832"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-634"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-190",
"trust": 1.9
},
{
"problemtype": "CWE-787",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-155290"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002832"
},
{
"db": "NVD",
"id": "CVE-2019-3855"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "http://packetstormsecurity.com/files/152136/slackware-security-advisory-libssh2-updates.html"
},
{
"trust": 2.4,
"url": "http://www.securityfocus.com/bid/107485"
},
{
"trust": 2.4,
"url": "https://www.debian.org/security/2019/dsa-4431"
},
{
"trust": 2.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3855"
},
{
"trust": 1.9,
"url": "https://access.redhat.com/errata/rhsa-2019:1175"
},
{
"trust": 1.9,
"url": "https://access.redhat.com/errata/rhsa-2019:1652"
},
{
"trust": 1.9,
"url": "https://access.redhat.com/errata/rhsa-2019:1791"
},
{
"trust": 1.9,
"url": "https://access.redhat.com/errata/rhsa-2019:1943"
},
{
"trust": 1.9,
"url": "https://access.redhat.com/errata/rhsa-2019:2399"
},
{
"trust": 1.8,
"url": "https://seclists.org/bugtraq/2019/mar/25"
},
{
"trust": 1.8,
"url": "https://seclists.org/bugtraq/2019/apr/25"
},
{
"trust": 1.8,
"url": "https://seclists.org/bugtraq/2019/sep/49"
},
{
"trust": 1.8,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=cve-2019-3855"
},
{
"trust": 1.8,
"url": "https://security.netapp.com/advisory/ntap-20190327-0005/"
},
{
"trust": 1.8,
"url": "https://support.apple.com/kb/ht210609"
},
{
"trust": 1.8,
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-767"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2019/sep/42"
},
{
"trust": 1.8,
"url": "https://www.libssh2.org/cve-2019-3855.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"trust": 1.8,
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html"
},
{
"trust": 1.8,
"url": "http://www.openwall.com/lists/oss-security/2019/03/18/3"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2019:0679"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/xcwea5zclkrduk62qvvymfwlwkopx3lo/"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5dk6vo2ceutajfyikwnzkekymyr3no2o/"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6lunhpw64igcasz4jq2j5kdxnzn53dww/"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/m7if3lnhoa75o4wzwihjlirma5ljued3/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3855\\"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5dk6vo2ceutajfyikwnzkekymyr3no2o/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/m7if3lnhoa75o4wzwihjlirma5ljued3/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6lunhpw64igcasz4jq2j5kdxnzn53dww/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/xcwea5zclkrduk62qvvymfwlwkopx3lo/"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3856"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3857"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3863"
},
{
"trust": 0.6,
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20190655-1.html"
},
{
"trust": 0.6,
"url": "https://fortiguard.com/psirt/fg-ir-19-099"
},
{
"trust": 0.6,
"url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00028.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1115655"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1115643"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1115649"
},
{
"trust": 0.6,
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-201913982-1.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6520674"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/libssh2-multiple-vulnerabilities-28768"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/77838"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1120209"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht210609"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1116357"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2340/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.4226/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1170634"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/79010"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4341/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/77478"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/77406"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4479.2/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-integrated-management-module-ii-imm2-is-affected-by-multiple-vulnerabilities-in-libssh2/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.4083"
},
{
"trust": 0.5,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2019-3863"
},
{
"trust": 0.5,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2019-3857"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2019-3856"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2019-3855"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/787.html"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/190.html"
},
{
"trust": 0.1,
"url": "https://tools.cisco.com/security/center/viewalert.x?alertid=59797"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/korayagaya/trivyweb"
},
{
"trust": 0.1,
"url": "https://support.apple.com/kb/ht201222"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8724"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8723"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8738"
},
{
"trust": 0.1,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.1,
"url": "https://developer.apple.com/xcode/downloads/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8722"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8721"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8739"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11091"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20815"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-12126"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-12127"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-12126"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-11091"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-12130"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-20815"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-12127"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-12130"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/libssh2"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3859"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3860"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3861"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3862"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3858"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-155290"
},
{
"db": "VULMON",
"id": "CVE-2019-3855"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002832"
},
{
"db": "PACKETSTORM",
"id": "154655"
},
{
"db": "PACKETSTORM",
"id": "153510"
},
{
"db": "PACKETSTORM",
"id": "152874"
},
{
"db": "PACKETSTORM",
"id": "153969"
},
{
"db": "PACKETSTORM",
"id": "153654"
},
{
"db": "PACKETSTORM",
"id": "153811"
},
{
"db": "PACKETSTORM",
"id": "152509"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-634"
},
{
"db": "NVD",
"id": "CVE-2019-3855"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-155290"
},
{
"db": "VULMON",
"id": "CVE-2019-3855"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002832"
},
{
"db": "PACKETSTORM",
"id": "154655"
},
{
"db": "PACKETSTORM",
"id": "153510"
},
{
"db": "PACKETSTORM",
"id": "152874"
},
{
"db": "PACKETSTORM",
"id": "153969"
},
{
"db": "PACKETSTORM",
"id": "153654"
},
{
"db": "PACKETSTORM",
"id": "153811"
},
{
"db": "PACKETSTORM",
"id": "152509"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-634"
},
{
"db": "NVD",
"id": "CVE-2019-3855"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-03-21T00:00:00",
"db": "VULHUB",
"id": "VHN-155290"
},
{
"date": "2019-03-21T00:00:00",
"db": "VULMON",
"id": "CVE-2019-3855"
},
{
"date": "2019-04-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-002832"
},
{
"date": "2019-09-29T10:11:11",
"db": "PACKETSTORM",
"id": "154655"
},
{
"date": "2019-07-02T14:08:10",
"db": "PACKETSTORM",
"id": "153510"
},
{
"date": "2019-05-15T14:55:50",
"db": "PACKETSTORM",
"id": "152874"
},
{
"date": "2019-08-07T20:10:33",
"db": "PACKETSTORM",
"id": "153969"
},
{
"date": "2019-07-16T20:10:44",
"db": "PACKETSTORM",
"id": "153654"
},
{
"date": "2019-07-30T18:13:57",
"db": "PACKETSTORM",
"id": "153811"
},
{
"date": "2019-04-15T16:33:02",
"db": "PACKETSTORM",
"id": "152509"
},
{
"date": "2019-03-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201903-634"
},
{
"date": "2019-03-21T21:29:00.433000",
"db": "NVD",
"id": "CVE-2019-3855"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-10-15T00:00:00",
"db": "VULHUB",
"id": "VHN-155290"
},
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2019-3855"
},
{
"date": "2019-04-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-002832"
},
{
"date": "2021-12-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201903-634"
},
{
"date": "2023-11-07T03:10:14.793000",
"db": "NVD",
"id": "CVE-2019-3855"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201903-634"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "libssh2 Integer overflow vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-002832"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201903-634"
}
],
"trust": 0.6
}
}