VDB

ALPINE-CVE-2019-3855

ALPINE-CVE-2019-3855 PUBLISHED CVSS 8.800000190734863 HIGH

An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.

Risk Scores

CVSS 3.1
8.800000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Products

VendorProductVersions
Alpine:v3.20libssh21.7.0-r1, 1.2.8-r0, 1.2.9-r0
Alpine:v3.10libssh20, 1.8.0-r4, 1.8.0-r3
libssh2libssh2
Alpine:v3.23libssh20, 1.8.0-r4, 1.8.0-r3
Alpine:v3.11libssh21.8.0-r4, 1.8.0-r3, 1.8.0-r2
Alpine:v3.9libssh21.4.2-r0, 1.2.8-r0, 1.2.9-r0
Alpine:v3.15libssh20, 1.8.0-r4, 1.8.0-r3
Alpine:v3.16libssh21.7.0-r1, 0, 1.2.8-r0
Alpine:v3.12libssh21.4.0-r0, 0, 1.2.9-r0
Alpine:v3.21libssh21.8.0-r2, 0, 1.2.9-r0
Alpine:v3.14libssh20, 0, 1.8.0-r4
Alpine:v3.18libssh20, 1.8.0-r4, 1.8.0-r3
Alpine:v3.19libssh20, 1.8.0-r4, 1.8.0-r3
Alpine:v3.17libssh20, 1.2.8-r0, 1.2.9-r0
Alpine:v3.24libssh20
Alpine:v3.22libssh21.4.1-r0, 0, 1.8.0-r4
Alpine:v3.13libssh21.3.0-r0, 1.4.0-r0, 1.4.2-r0

Timeline

  • Mar 21, 2019 CVE Published
  • Apr 30, 2026 Distribution Patch
  • Jun 9, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›