Public Date:
1687306: CVE-2019-3858 libssh2: Zero-byte allocation with a specially crafted SFTP packed leading to an out-of-bounds read
An out of bounds read flaw was discovered in libssh2 when a specially crafted SFTP packet is received from the server. A remote attacker who compromises a SSH server may be able to cause a denial of service or read data in the client memory.

Find out more about CVE-2019-3858 from the MITRE CVE dictionary dictionary and NIST NVD.


This flaw was present in libssh2 packages included in Red Hat Virtualization Hypervisor and Management Appliance, however libssh2 in these hosts is never exposed to malicious clients or servers.

CVSS v3 metrics

NOTE: The following CVSS v3 metrics and score provided are preliminary and subject to review.

CVSS3 Base Score 5
CVSS3 Base Metrics CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
Attack Vector Network
Attack Complexity High
Privileges Required None
User Interaction Required
Scope Unchanged
Confidentiality Low
Integrity Impact Low
Availability Impact Low

Affected Packages State

Platform Package State
Red Hat Virtualization 4 rhvm-appliance Will not fix
Red Hat Virtualization 4 redhat-virtualization-host Will not fix
Red Hat Enterprise Linux 8 virt:rhel/libssh2 Affected
Red Hat Enterprise Linux 7 libssh2 Affected
Red Hat Enterprise Linux 6 libssh2 Will not fix


Red Hat would like to thank the libssh2 project for reporting this issue. Upstream acknowledges Chris Coulson (Canonical Ltd.) as the original reporter.

External References

Last Modified