medium severity
Do your applications use this vulnerable package?
Test your applications
Overview
Package updates are available for Amazon Linux 2 that fix the following vulnerabilities: CVE-2019-3862: 1687312: CVE-2019-3862 libssh2: Out-of-bounds memory comparison with specially crafted message channel request An out of bounds read flaw was discovered in libssh2 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit status message and no payload are parsed. A remote attacker who compromises a SSH server may be able to cause a denial of service or read data in the client memory.
References
- CVE
- ALAS2-2019-1303
- Snyk ID
- SNYK-AMZN2-LIBSSH2-485273
- Published
- 13 Nov, 2019