RHSA-2019:0679

Affecting libssh2 package, versions <0:1.4.3-12.el7_6.2

Report new vulnerabilities
high severity
Do your applications use this vulnerable package? Test your applications

Overview

The libssh2 packages provide a library that implements the SSH2 protocol. Security Fix(es): * libssh2: Integer overflow in transport read resulting in out of bounds write (CVE-2019-3855) * libssh2: Integer overflow in keyboard interactive handling resulting in out of bounds write (CVE-2019-3856) * libssh2: Integer overflow in SSH packet processing channel resulting in out of bounds write (CVE-2019-3857) * libssh2: Integer overflow in user authenticate keyboard interactive allows out-of-bounds writes (CVE-2019-3863) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE
RHSA-2019:0679
Snyk ID
SNYK-CENTOS7-LIBSSH2-341732
Published
29 Mar, 2019