CVE - CVE-2019-13115

CVE-ID
CVE-2019-13115	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
In libssh2 before 1.9.0, kex_method_diffie_hellman_group_exchange_sha256_key_exchange in kex.c has an integer overflow that could lead to an out-of-bounds read in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server. This is related to an _libssh2_check_length mistake, and is different from the various issues fixed in 1.8.1, such as CVE-2019-3855.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
CONFIRM:https://security.netapp.com/advisory/ntap-20190806-0002/ CONFIRM:https://support.f5.com/csp/article/K13322484 CONFIRM:https://support.f5.com/csp/article/K13322484?utm_source=f5support&utm_medium=RSS FEDORA:FEDORA-2019-5885663621 URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M7IF3LNHOA75O4WZWIHJLIRMA5LJUED3/ FEDORA:FEDORA-2019-9d85600fc7 URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6LUNHPW64IGCASZ4JQ2J5KDXNZN53DWW/ MISC:https://blog.semmle.com/libssh2-integer-overflow/ MISC:https://github.com/libssh2/libssh2/compare/02ecf17...42d37aa MISC:https://github.com/libssh2/libssh2/pull/350 MISC:https://libssh2.org/changes.html MLIST:[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8 URL:https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E MLIST:[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8 URL:https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E MLIST:[debian-lts-announce] 20190725 [SECURITY] [DLA 1730-3] libssh2 regression update URL:https://lists.debian.org/debian-lts-announce/2019/07/msg00024.html MLIST:[debian-lts-announce] 20211217 [SECURITY] [DLA 2848-1] libssh2 security update URL:https://lists.debian.org/debian-lts-announce/2021/12/msg00013.html
Assigning CNA
MITRE Corporation
Date Record Created
20190630	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20190630)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is a record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)