Alpaquita LinuxStreamSecurity Advisory
Search Cve

CVE-2019-3856

Published: August 31, 2023Last modified: August 31, 2023

Description

An integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 before 1.8.1 in the way keyboard prompt requests are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.

Severity score breakdown

ParameterValue
Base score8.8
Attack VectorNETWORK
Attack complexityLOW
Privileges requiredNONE
User interactionREQUIRED
ScopeUNCHANGED
ConfidentialityHIGH
Integrity impactHIGH
Availability impactHIGH
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Status

ProductReleasePackageStatus
Alpaquita Linux23 LTSlibssh2Not affected (1.10.0-r4)
Streamlibssh2Not affected (1.11.0-r0)

References

ON THIS PAGE