CLSA-2026-1776864708
See a problem?- Import Source
- https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2026-1776864708.json
- JSON Data
- https://api.osv.dev/v1/vulns/CLSA-2026-1776864708
- Upstream
- Published
- 2026-04-22T13:31:52Z
- Modified
- 2026-06-04T09:45:44.887279010Z
- Summary
- Fix CVE(s): CVE-2019-13115, CVE-2019-3855, CVE-2019-3856, CVE-2019-3863
- Details
-
- SECURITY UPDATE: integer overflow in transport read allowing
out-of-bounds write via crafted SSH packet
- debian/patches/CVE-2019-3855.patch: add packetlength bounds check against LIBSSH2PACKET_MAXPAYLOAD in transport read
- CVE-2019-3855
- SECURITY UPDATE: integer overflow in keyboard-interactive handling
allowing out-of-bounds write via crafted num-prompts value
- debian/patches/CVE-2019-3856.patch: cap num_prompts at 100 to prevent excessive allocation in keyboard-interactive auth
- CVE-2019-3856
- SECURITY UPDATE: integer overflow in keyboard-interactive response
allowing out-of-bounds write via crafted response lengths
- debian/patches/CVE-2019-3863.patch: add SIZE_MAX overflow check in keyboard-interactive response packet length calculation
- CVE-2019-3863
- SECURITY UPDATE: out-of-bounds memory access in kex exchange when
reading malformed data in diffiehellmansha1/sha256
- debian/patches/CVE-2019-13115.patch: add libssh2copy_string() bounds-checked helper and use it in kex DH group exchange
- CVE-2019-13115
- SECURITY UPDATE: integer overflow in transport read allowing
out-of-bounds write via crafted SSH packet
- References
Affected packages
TuxCare:Ubuntu:16.04 / libssh2-1
Package
- Name
- libssh2-1
- Purl
- pkg:deb/tuxcare/libssh2-1?distro=ubuntu-16.04