CVE-2019-13115

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 16-07-2019 08:15

Last modified: - 05-04-2022 11:09

Total changes: - 5

Description

In libssh2 before 1.9.0, kex_method_diffie_hellman_group_exchange_sha256_key_exchange in kex.c has an integer overflow that could lead to an out-of-bounds read in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server. This is related to an _libssh2_check_length mistake, and is different from the various issues fixed in 1.8.1, such as CVE-2019-3855.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

Low

Attack complexity

Network

Attack vector

High

Availability

High

Confidentiality

None

Integrity

None

Privileges required

Unchanged

Scope

Required

User interaction

8.1

Base score

2.8

5.2

Exploitability score

Impact score

Verification logic

vendor=libssh2 AND product=libssh2 AND versionEndExcluding=1.9.0

vendor=Debian AND product=debian_linux AND version=8.0

vendor=Debian AND product=debian_linux AND version=9.0

vendor=fedoraproject AND product=fedora AND version=29

vendor=fedoraproject AND product=fedora AND version=30

vendor=netapp AND product=cloud_backup AND version=-

vendor=netapp AND product=e-series_santricity_os_controller AND versionEndIncluding=11.70.1 AND versionStartIncluding=11.0.0

vendor=netapp AND product=ontap_select_deploy_administration_utility AND version=-

vendor=f5 AND product=traffix_systems_signaling_delivery_controller AND versionEndIncluding=5.1.0 AND versionStartIncluding=5.0.0

Reference

https://github.com/libssh2/libssh2/pull/350
https://blog.semmle.com/libssh2-integer-overflow/
https://github.com/libssh2/libssh2/compare/02ecf17...42d37aa
https://libssh2.org/changes.html
[debian-lts-announce] 20190725 [SECURITY] [DLA 1730-3] libssh2 regression update-Mailing List, Third Party Advisory
FEDORA-2019-9d85600fc7-Mailing List, Third Party Advisory
FEDORA-2019-5885663621-Mailing List, Third Party Advisory
https://security.netapp.com/advisory/ntap-20190806-0002/
https://support.f5.com/csp/article/K13322484
https://support.f5.com/csp/article/K13322484?utm_source=f5support&amp;utm_medium=RSS
[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8-Mailing List, Third Party Advisory
[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8-Mailing List, Third Party Advisory
[debian-lts-announce] 20211217 [SECURITY] [DLA 2848-1] libssh2 security update-Mailing List, Third Party Advisory

Keywords

CVE-2019-13115

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2019-13115

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures