CVE-2019-3863

Impact:
Important
Public Date:
2019-03-13
Bugzilla:
1687313: CVE-2019-3863 libssh2: Integer overflow in user authenticate keyboard interactive allows out-of-bounds writes

The MITRE CVE dictionary describes this issue as:

A flaw was found in libssh2 before 1.8.1. A server could send a multiple keyboard interactive response messages whose total length are greater than unsigned char max characters. This value is used as an index to copy memory causing in an out of bounds memory write error.

Find out more about CVE-2019-3863 from the MITRE CVE dictionary dictionary and NIST NVD.

Statement

This flaw was present in libssh2 packages included in Red Hat Virtualization Hypervisor and Management Appliance, however libssh2 in these hosts is never exposed to malicious clients or servers.

CVSS v3 metrics

CVSS3 Base Score 7.5
CVSS3 Base Metrics CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector Network
Attack Complexity High
Privileges Required None
User Interaction Required
Scope Unchanged
Confidentiality High
Integrity Impact High
Availability Impact High

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 8 (virt:rhel) RHSA-2019:1175 2019-05-14
Red Hat Enterprise Linux 7 (libssh2) RHSA-2019:0679 2019-03-28

Affected Packages State

Platform Package State
Red Hat Virtualization 4 rhvm-appliance Will not fix
Red Hat Virtualization 4 redhat-virtualization-host Will not fix
Red Hat Enterprise Linux 6 libssh2 Affected

Acknowledgements

Red Hat would like to thank the libssh2 project for reporting this issue. Upstream acknowledges Chris Coulson (Canonical Ltd.) as the original reporter.

External References

Last Modified

CVE description copyright © 2017, The MITRE Corporation