Vulnetix
Try Vulnetix Request Demo
ALPINE-CVE-2019-3855 PUBLISHED CVSS 8.800000190734863 HIGH

An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.

Risk Scores

CVSS v3.1
8.800000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Products

VendorProductVersions
Alpine:v3.20libssh20, 1.2.8-r0, 1.2.9-r0
Alpine:v3.10libssh21.5.0-r0, 0, 1.2.8-r0
Alpine:v3.23libssh20, 1.8.0-r4, 1.8.0-r3
Alpine:v3.11libssh21.6.0-r0, 0, 1.2.8-r0
Alpine:v3.9libssh21.2.8-r0, 1.2.9-r0, 1.3.0-r0
Alpine:v3.15libssh20, 1.2.8-r0, 1.2.9-r0
Alpine:v3.16libssh20, 1.2.8-r0, 1.2.9-r0
Alpine:v3.12libssh21.8.0-r4, 0, 1.2.8-r0
Alpine:v3.21libssh21.8.0-r4, 1.8.0-r3, 1.8.0-r2
Alpine:v3.14libssh21.2.8-r0, 1.2.9-r0, 1.3.0-r0
Alpine:v3.18libssh20, 1.2.8-r0, 1.2.9-r0
Alpine:v3.19libssh20, 1.2.8-r0, 1.2.9-r0
Alpine:v3.17libssh20, 1.2.8-r0, 1.2.9-r0
Alpine:v3.22libssh20, 1.8.0-r4, 1.8.0-r3
Alpine:v3.13libssh21.8.0-r4, 1.8.0-r3, 1.8.0-r2

Timeline

References

Open in Interactive Console →