ALAS2-2019-1303

Affecting libssh2 package, versions <1.4.3-12.amzn2.2.2

Report new vulnerabilities
medium severity
Do your applications use this vulnerable package? Test your applications

Overview

Package updates are available for Amazon Linux 2 that fix the following vulnerabilities: CVE-2019-3862: 1687312: CVE-2019-3862 libssh2: Out-of-bounds memory comparison with specially crafted message channel request An out of bounds read flaw was discovered in libssh2 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit status message and no payload are parsed. A remote attacker who compromises a SSH server may be able to cause a denial of service or read data in the client memory.

References

CVE
ALAS2-2019-1303
Snyk ID
SNYK-AMZN2-LIBSSH2-485273
Published
13 Nov, 2019