UBUNTU-CVE-2019-3863

Source
https://ubuntu.com/security/CVE-2019-3863
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-3863.json
JSON Data
https://api.osv.dev/v1/vulns/UBUNTU-CVE-2019-3863
Related
Published
2019-03-25T18:29:00Z
Modified
2024-10-15T14:07:18Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

A flaw was found in libssh2 before 1.8.1. A server could send a multiple keyboard interactive response messages whose total length are greater than unsigned char max characters. This value is used as an index to copy memory causing in an out of bounds memory write error.

References

Affected packages

Ubuntu:Pro:14.04:LTS / libssh2

Package

Name
libssh2
Purl
pkg:deb/ubuntu/libssh2?arch=src?distro=trusty/esm

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.4.3-2ubuntu0.2+esm2

Affected versions

1.*

1.4.3-1
1.4.3-2
1.4.3-2ubuntu0.1
1.4.3-2ubuntu0.2
1.4.3-2ubuntu0.2+esm1

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "1.4.3-2ubuntu0.2+esm2",
            "binary_name": "libssh2-1"
        },
        {
            "binary_version": "1.4.3-2ubuntu0.2+esm2",
            "binary_name": "libssh2-1-dbg"
        },
        {
            "binary_version": "1.4.3-2ubuntu0.2+esm2",
            "binary_name": "libssh2-1-dbgsym"
        },
        {
            "binary_version": "1.4.3-2ubuntu0.2+esm2",
            "binary_name": "libssh2-1-dev"
        },
        {
            "binary_version": "1.4.3-2ubuntu0.2+esm2",
            "binary_name": "libssh2-1-dev-dbgsym"
        }
    ]
}

Ubuntu:Pro:16.04:LTS / libssh2

Package

Name
libssh2
Purl
pkg:deb/ubuntu/libssh2?arch=src?distro=esm-apps/xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.5.0-2ubuntu0.1+esm1

Affected versions

1.*

1.5.0-2
1.5.0-2ubuntu0.1

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "1.5.0-2ubuntu0.1+esm1",
            "binary_name": "libssh2-1"
        },
        {
            "binary_version": "1.5.0-2ubuntu0.1+esm1",
            "binary_name": "libssh2-1-dbg"
        },
        {
            "binary_version": "1.5.0-2ubuntu0.1+esm1",
            "binary_name": "libssh2-1-dbgsym"
        },
        {
            "binary_version": "1.5.0-2ubuntu0.1+esm1",
            "binary_name": "libssh2-1-dev"
        },
        {
            "binary_version": "1.5.0-2ubuntu0.1+esm1",
            "binary_name": "libssh2-1-dev-dbgsym"
        }
    ]
}

Ubuntu:Pro:18.04:LTS / libssh2

Package

Name
libssh2
Purl
pkg:deb/ubuntu/libssh2?arch=src?distro=esm-apps/bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.8.0-1
1.8.0-1ubuntu0.1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}