VDB
ALPINE-CVE-2019-3856
ALPINE-CVE-2019-3856
PUBLISHED
CVSS 8.800000190734863 HIGH
An integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 before 1.8.1 in the way keyboard prompt requests are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.
Risk Scores
CVSS 3.1
8.800000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Alpine:v3.19 | libssh2 | 1.2.8-r0, 1.4.1-r0, 1.4.2-r0 |
| Alpine:v3.20 | libssh2 | 1.8.0-r2, 0, 1.2.8-r0 |
| Alpine:v3.13 | libssh2 | 0, 1.2.8-r0, 1.2.9-r0 |
| Alpine:v3.11 | libssh2 | 1.7.0-r2, 0, 0 |
| Alpine:v3.12 | libssh2 | 0, 0, 0 |
| Alpine:v3.24 | libssh2 | 0, 0 |
| Alpine:v3.9 | libssh2 | 0, 1.8.0-r1, 0 |
| Alpine:v3.18 | libssh2 | 1.2.8-r0, 0, 0 |
| Alpine:v3.10 | libssh2 | 0, 0, 1.2.8-r0 |
| Alpine:v3.21 | libssh2 | 1.7.0-r0, 1.4.0-r0, 1.4.1-r0 |
| Alpine:v3.23 | libssh2 | 1.3.0-r0, 0, 1.2.9-r0 |
| Alpine:v3.14 | libssh2 | 1.2.8-r0, 0, 0 |
| Alpine:v3.22 | libssh2 | 0, 0, 1.2.8-r0 |
| Alpine:v3.17 | libssh2 | 1.6.0-r0, 0, 0 |
| Alpine:v3.15 | libssh2 | 0, 1.2.8-r0, 1.3.0-r0 |
| Alpine:v3.16 | libssh2 | 0, 0, 0 |
Timeline
- Mar 25, 2019 CVE Published
- Apr 30, 2026 Distribution Patch
- Jun 9, 2026 CVE Updated