Public Date:
1687305: CVE-2019-3857 libssh2: Integer overflow in SSH packet processing channel resulting in out of bounds write
An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit signal are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.

Find out more about CVE-2019-3857 from the MITRE CVE dictionary dictionary and NIST NVD.


This flaw was present in libssh2 packages included in Red Hat Virtualization Hypervisor and Management Appliance, however libssh2 in these hosts is never exposed to malicious clients or servers.

CVSS v3 metrics

CVSS3 Base Score 7.5
CVSS3 Base Metrics CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector Network
Attack Complexity High
Privileges Required None
User Interaction Required
Scope Unchanged
Confidentiality High
Integrity Impact High
Availability Impact High

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 6 (libssh2) RHSA-2019:1652 2019-07-02
Red Hat Enterprise Linux 8 (virt:rhel) RHSA-2019:1175 2019-05-14
Red Hat Enterprise Linux Extended Update Support 7.5 (libssh2) RHSA-2019:1791 2019-07-16
Red Hat Enterprise Linux 7 (libssh2) RHSA-2019:0679 2019-03-28
Unless explicitly stated as not affected, all previous versions of packages in any minor update stream of a product listed here should be assumed vulnerable, although may not have been subject to full analysis.


Red Hat would like to thank the libssh2 project for reporting this issue. Upstream acknowledges Chris Coulson (Canonical Ltd.) as the original reporter.

External References

Last Modified