1. CVE-Search
  2. CVE-2019-3855
ID CVE-2019-3855
Summary An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.
References
Vulnerable Configurations
  • cpe:2.3:a:libssh2:libssh2:0.1:*:*:*:*:*:*:*
    cpe:2.3:a:libssh2:libssh2:0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:libssh2:libssh2:0.3:*:*:*:*:*:*:*
    cpe:2.3:a:libssh2:libssh2:0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:libssh2:libssh2:0.5:*:*:*:*:*:*:*
    cpe:2.3:a:libssh2:libssh2:0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:libssh2:libssh2:0.6:*:*:*:*:*:*:*
    cpe:2.3:a:libssh2:libssh2:0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:libssh2:libssh2:0.7:*:*:*:*:*:*:*
    cpe:2.3:a:libssh2:libssh2:0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:libssh2:libssh2:0.8:*:*:*:*:*:*:*
    cpe:2.3:a:libssh2:libssh2:0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:libssh2:libssh2:0.10:*:*:*:*:*:*:*
    cpe:2.3:a:libssh2:libssh2:0.10:*:*:*:*:*:*:*
  • cpe:2.3:a:libssh2:libssh2:0.11:*:*:*:*:*:*:*
    cpe:2.3:a:libssh2:libssh2:0.11:*:*:*:*:*:*:*
  • cpe:2.3:a:libssh2:libssh2:0.12:*:*:*:*:*:*:*
    cpe:2.3:a:libssh2:libssh2:0.12:*:*:*:*:*:*:*
  • cpe:2.3:a:libssh2:libssh2:0.13:*:*:*:*:*:*:*
    cpe:2.3:a:libssh2:libssh2:0.13:*:*:*:*:*:*:*
  • cpe:2.3:a:libssh2:libssh2:0.14:*:*:*:*:*:*:*
    cpe:2.3:a:libssh2:libssh2:0.14:*:*:*:*:*:*:*
  • cpe:2.3:a:libssh2:libssh2:0.15:*:*:*:*:*:*:*
    cpe:2.3:a:libssh2:libssh2:0.15:*:*:*:*:*:*:*
  • cpe:2.3:a:libssh2:libssh2:0.16:*:*:*:*:*:*:*
    cpe:2.3:a:libssh2:libssh2:0.16:*:*:*:*:*:*:*
  • cpe:2.3:a:libssh2:libssh2:0.17:*:*:*:*:*:*:*
    cpe:2.3:a:libssh2:libssh2:0.17:*:*:*:*:*:*:*
  • cpe:2.3:a:libssh2:libssh2:0.18:*:*:*:*:*:*:*
    cpe:2.3:a:libssh2:libssh2:0.18:*:*:*:*:*:*:*
  • cpe:2.3:a:libssh2:libssh2:1.0:*:*:*:*:*:*:*
    cpe:2.3:a:libssh2:libssh2:1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:libssh2:libssh2:1.1:*:*:*:*:*:*:*
    cpe:2.3:a:libssh2:libssh2:1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:libssh2:libssh2:1.2:*:*:*:*:*:*:*
    cpe:2.3:a:libssh2:libssh2:1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:libssh2:libssh2:1.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:libssh2:libssh2:1.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:libssh2:libssh2:1.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:libssh2:libssh2:1.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:libssh2:libssh2:1.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:libssh2:libssh2:1.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:libssh2:libssh2:1.2.4:*:*:*:*:*:*:*
    cpe:2.3:a:libssh2:libssh2:1.2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:libssh2:libssh2:1.2.5:*:*:*:*:*:*:*
    cpe:2.3:a:libssh2:libssh2:1.2.5:*:*:*:*:*:*:*
  • cpe:2.3:a:libssh2:libssh2:1.2.6:*:*:*:*:*:*:*
    cpe:2.3:a:libssh2:libssh2:1.2.6:*:*:*:*:*:*:*
  • cpe:2.3:a:libssh2:libssh2:1.2.7:*:*:*:*:*:*:*
    cpe:2.3:a:libssh2:libssh2:1.2.7:*:*:*:*:*:*:*
  • cpe:2.3:a:libssh2:libssh2:1.2.8:*:*:*:*:*:*:*
    cpe:2.3:a:libssh2:libssh2:1.2.8:*:*:*:*:*:*:*
  • cpe:2.3:a:libssh2:libssh2:1.2.9:*:*:*:*:*:*:*
    cpe:2.3:a:libssh2:libssh2:1.2.9:*:*:*:*:*:*:*
  • cpe:2.3:a:libssh2:libssh2:1.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:libssh2:libssh2:1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:libssh2:libssh2:1.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:libssh2:libssh2:1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:libssh2:libssh2:1.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:libssh2:libssh2:1.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:libssh2:libssh2:1.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:libssh2:libssh2:1.4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:libssh2:libssh2:1.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:libssh2:libssh2:1.4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:libssh2:libssh2:1.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:libssh2:libssh2:1.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:libssh2:libssh2:1.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:libssh2:libssh2:1.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:libssh2:libssh2:1.7.0:*:*:*:*:*:*:*
    cpe:2.3:a:libssh2:libssh2:1.7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:libssh2:libssh2:1.8.0:*:*:*:*:*:*:*
    cpe:2.3:a:libssh2:libssh2:1.8.0:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:advanced_virtualization:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:advanced_virtualization:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*
    cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:xcode:-:*:*:*:*:*:*:*
    cpe:2.3:a:apple:xcode:-:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:xcode:1.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:apple:xcode:1.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:xcode:2.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:apple:xcode:2.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:xcode:2.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:apple:xcode:2.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:xcode:2.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:apple:xcode:2.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:xcode:2.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:apple:xcode:2.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:xcode:2.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:apple:xcode:2.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:xcode:2.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:apple:xcode:2.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:xcode:3.1:*:*:*:*:*:*:*
    cpe:2.3:a:apple:xcode:3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:xcode:3.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:apple:xcode:3.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:xcode:3.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:apple:xcode:3.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:xcode:3.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:apple:xcode:3.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:xcode:3.1.4:*:*:*:*:*:*:*
    cpe:2.3:a:apple:xcode:3.1.4:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:xcode:3.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:apple:xcode:3.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:xcode:3.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:apple:xcode:3.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:xcode:3.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:apple:xcode:3.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:xcode:3.2.4:*:*:*:*:*:*:*
    cpe:2.3:a:apple:xcode:3.2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:xcode:3.2.5:*:*:*:*:*:*:*
    cpe:2.3:a:apple:xcode:3.2.5:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:xcode:4.0:*:*:*:*:*:*:*
    cpe:2.3:a:apple:xcode:4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:xcode:4.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:apple:xcode:4.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:xcode:4.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:apple:xcode:4.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:xcode:4.1:*:*:*:*:*:*:*
    cpe:2.3:a:apple:xcode:4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:xcode:4.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:apple:xcode:4.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:xcode:4.2:*:*:*:*:*:*:*
    cpe:2.3:a:apple:xcode:4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:xcode:4.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:apple:xcode:4.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:xcode:4.3:*:*:*:*:*:*:*
    cpe:2.3:a:apple:xcode:4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:xcode:4.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:apple:xcode:4.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:xcode:4.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:apple:xcode:4.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:xcode:4.3.3:*:*:*:*:*:*:*
    cpe:2.3:a:apple:xcode:4.3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:xcode:4.4:*:*:*:*:*:*:*
    cpe:2.3:a:apple:xcode:4.4:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:xcode:4.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:apple:xcode:4.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:xcode:4.5:*:*:*:*:*:*:*
    cpe:2.3:a:apple:xcode:4.5:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:xcode:4.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:apple:xcode:4.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:xcode:4.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:apple:xcode:4.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:xcode:4.6:*:*:*:*:*:*:*
    cpe:2.3:a:apple:xcode:4.6:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:xcode:4.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:apple:xcode:4.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:xcode:4.6.2:*:*:*:*:*:*:*
    cpe:2.3:a:apple:xcode:4.6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:xcode:4.6.3:*:*:*:*:*:*:*
    cpe:2.3:a:apple:xcode:4.6.3:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:xcode:5.0:*:*:*:*:*:*:*
    cpe:2.3:a:apple:xcode:5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:xcode:5.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:apple:xcode:5.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:xcode:5.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:apple:xcode:5.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:xcode:5.1:*:*:*:*:*:*:*
    cpe:2.3:a:apple:xcode:5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:xcode:5.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:apple:xcode:5.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:xcode:6.0:*:*:*:*:*:*:*
    cpe:2.3:a:apple:xcode:6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:xcode:6.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:apple:xcode:6.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:xcode:6.1:*:*:*:*:*:*:*
    cpe:2.3:a:apple:xcode:6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:xcode:6.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:apple:xcode:6.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:xcode:6.2:*:*:*:*:*:*:*
    cpe:2.3:a:apple:xcode:6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:xcode:6.2:beta_2:*:*:*:*:*:*
    cpe:2.3:a:apple:xcode:6.2:beta_2:*:*:*:*:*:*
  • cpe:2.3:a:apple:xcode:6.3:*:*:*:*:*:*:*
    cpe:2.3:a:apple:xcode:6.3:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:xcode:6.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:apple:xcode:6.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:xcode:6.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:apple:xcode:6.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:xcode:6.4:*:*:*:*:*:*:*
    cpe:2.3:a:apple:xcode:6.4:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:xcode:7.0:*:*:*:*:*:*:*
    cpe:2.3:a:apple:xcode:7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:xcode:7.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:apple:xcode:7.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:xcode:7.1:*:*:*:*:*:*:*
    cpe:2.3:a:apple:xcode:7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:xcode:7.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:apple:xcode:7.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:xcode:7.2:*:*:*:*:*:*:*
    cpe:2.3:a:apple:xcode:7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:xcode:7.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:apple:xcode:7.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:xcode:7.3:*:*:*:*:*:*:*
    cpe:2.3:a:apple:xcode:7.3:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:xcode:7.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:apple:xcode:7.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:xcode:8.0:*:*:*:*:*:*:*
    cpe:2.3:a:apple:xcode:8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:xcode:8.1:*:*:*:*:*:*:*
    cpe:2.3:a:apple:xcode:8.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:xcode:8.2:*:*:*:*:*:*:*
    cpe:2.3:a:apple:xcode:8.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:xcode:8.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:apple:xcode:8.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:xcode:8.3:*:*:*:*:*:*:*
    cpe:2.3:a:apple:xcode:8.3:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:xcode:8.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:apple:xcode:8.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:xcode:8.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:apple:xcode:8.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:xcode:8.3.3:*:*:*:*:*:*:*
    cpe:2.3:a:apple:xcode:8.3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:xcode:9.0:*:*:*:*:*:*:*
    cpe:2.3:a:apple:xcode:9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:xcode:9.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:apple:xcode:9.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:xcode:9.1:*:*:*:*:*:*:*
    cpe:2.3:a:apple:xcode:9.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:xcode:9.2:*:*:*:*:*:*:*
    cpe:2.3:a:apple:xcode:9.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:xcode:9.3:*:*:*:*:*:*:*
    cpe:2.3:a:apple:xcode:9.3:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:xcode:9.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:apple:xcode:9.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:xcode:9.4:*:*:*:*:*:*:*
    cpe:2.3:a:apple:xcode:9.4:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:xcode:9.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:apple:xcode:9.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:xcode:10:*:*:*:*:*:*:*
    cpe:2.3:a:apple:xcode:10:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*
CVSS
Base: 9.3 (as of 15-10-2020 - 13:42)
Impact:
Exploitability:
CWE CWE-190
CAPEC
  • Forced Integer Overflow
    This attack forces an integer variable to go out of range. The integer variable is often used as an offset such as size of memory allocation or similarly. The attacker would typically control the value of such variable and try to get it out of range. For instance the integer in question is incremented past the maximum possible value, it may wrap to become a very small, or negative number, therefore providing a very incorrect value which can lead to unexpected behavior. At worst the attacker can execute arbitrary code.
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:M/Au:N/C:C/I:C/A:C
redhat via4
advisories
  • rhsa
    id RHSA-2019:0679
  • rhsa
    id RHSA-2019:1175
  • rhsa
    id RHSA-2019:1652
  • rhsa
    id RHSA-2019:1791
  • rhsa
    id RHSA-2019:1943
  • rhsa
    id RHSA-2019:2399
rpms
  • libssh2-0:1.4.3-12.el7_6.2
  • libssh2-debuginfo-0:1.4.3-12.el7_6.2
  • libssh2-devel-0:1.4.3-12.el7_6.2
  • libssh2-docs-0:1.4.3-12.el7_6.2
  • SLOF-0:20171214-5.gitfa98132.module+el8.0.0+3075+09be6b65
  • hivex-0:1.3.15-6.module+el8.0.0+3075+09be6b65
  • hivex-debuginfo-0:1.3.15-6.module+el8.0.0+3075+09be6b65
  • hivex-debugsource-0:1.3.15-6.module+el8.0.0+3075+09be6b65
  • hivex-devel-0:1.3.15-6.module+el8.0.0+3075+09be6b65
  • libguestfs-1:1.38.4-10.module+el8.0.0+3075+09be6b65
  • libguestfs-bash-completion-1:1.38.4-10.module+el8.0.0+3075+09be6b65
  • libguestfs-benchmarking-1:1.38.4-10.module+el8.0.0+3075+09be6b65
  • libguestfs-benchmarking-debuginfo-1:1.38.4-10.module+el8.0.0+3075+09be6b65
  • libguestfs-debuginfo-1:1.38.4-10.module+el8.0.0+3075+09be6b65
  • libguestfs-debugsource-1:1.38.4-10.module+el8.0.0+3075+09be6b65
  • libguestfs-devel-1:1.38.4-10.module+el8.0.0+3075+09be6b65
  • libguestfs-gfs2-1:1.38.4-10.module+el8.0.0+3075+09be6b65
  • libguestfs-gobject-1:1.38.4-10.module+el8.0.0+3075+09be6b65
  • libguestfs-gobject-debuginfo-1:1.38.4-10.module+el8.0.0+3075+09be6b65
  • libguestfs-gobject-devel-1:1.38.4-10.module+el8.0.0+3075+09be6b65
  • libguestfs-inspect-icons-1:1.38.4-10.module+el8.0.0+3075+09be6b65
  • libguestfs-java-1:1.38.4-10.module+el8.0.0+3075+09be6b65
  • libguestfs-java-debuginfo-1:1.38.4-10.module+el8.0.0+3075+09be6b65
  • libguestfs-java-devel-1:1.38.4-10.module+el8.0.0+3075+09be6b65
  • libguestfs-javadoc-1:1.38.4-10.module+el8.0.0+3075+09be6b65
  • libguestfs-man-pages-ja-1:1.38.4-10.module+el8.0.0+3075+09be6b65
  • libguestfs-man-pages-uk-1:1.38.4-10.module+el8.0.0+3075+09be6b65
  • libguestfs-rescue-1:1.38.4-10.module+el8.0.0+3075+09be6b65
  • libguestfs-rsync-1:1.38.4-10.module+el8.0.0+3075+09be6b65
  • libguestfs-tools-1:1.38.4-10.module+el8.0.0+3075+09be6b65
  • libguestfs-tools-c-1:1.38.4-10.module+el8.0.0+3075+09be6b65
  • libguestfs-tools-c-debuginfo-1:1.38.4-10.module+el8.0.0+3075+09be6b65
  • libguestfs-winsupport-0:8.0-2.module+el8.0.0+3075+09be6b65
  • libguestfs-xfs-1:1.38.4-10.module+el8.0.0+3075+09be6b65
  • libiscsi-0:1.18.0-6.module+el8.0.0+3075+09be6b65
  • libiscsi-debuginfo-0:1.18.0-6.module+el8.0.0+3075+09be6b65
  • libiscsi-debugsource-0:1.18.0-6.module+el8.0.0+3075+09be6b65
  • libiscsi-devel-0:1.18.0-6.module+el8.0.0+3075+09be6b65
  • libiscsi-utils-0:1.18.0-6.module+el8.0.0+3075+09be6b65
  • libiscsi-utils-debuginfo-0:1.18.0-6.module+el8.0.0+3075+09be6b65
  • libssh2-0:1.8.0-7.module+el8.0.0+3075+09be6b65.1
  • libssh2-debuginfo-0:1.8.0-7.module+el8.0.0+3075+09be6b65.1
  • libssh2-debugsource-0:1.8.0-7.module+el8.0.0+3075+09be6b65.1
  • libvirt-0:4.5.0-23.1.module+el8.0.0+3151+3ba813f9
  • libvirt-admin-0:4.5.0-23.1.module+el8.0.0+3151+3ba813f9
  • libvirt-admin-debuginfo-0:4.5.0-23.1.module+el8.0.0+3151+3ba813f9
  • libvirt-bash-completion-0:4.5.0-23.1.module+el8.0.0+3151+3ba813f9
  • libvirt-client-0:4.5.0-23.1.module+el8.0.0+3151+3ba813f9
  • libvirt-client-debuginfo-0:4.5.0-23.1.module+el8.0.0+3151+3ba813f9
  • libvirt-daemon-0:4.5.0-23.1.module+el8.0.0+3151+3ba813f9
  • libvirt-daemon-config-network-0:4.5.0-23.1.module+el8.0.0+3151+3ba813f9
  • libvirt-daemon-config-nwfilter-0:4.5.0-23.1.module+el8.0.0+3151+3ba813f9
  • libvirt-daemon-debuginfo-0:4.5.0-23.1.module+el8.0.0+3151+3ba813f9
  • libvirt-daemon-driver-interface-0:4.5.0-23.1.module+el8.0.0+3151+3ba813f9
  • libvirt-daemon-driver-interface-debuginfo-0:4.5.0-23.1.module+el8.0.0+3151+3ba813f9
  • libvirt-daemon-driver-network-0:4.5.0-23.1.module+el8.0.0+3151+3ba813f9
  • libvirt-daemon-driver-network-debuginfo-0:4.5.0-23.1.module+el8.0.0+3151+3ba813f9
  • libvirt-daemon-driver-nodedev-0:4.5.0-23.1.module+el8.0.0+3151+3ba813f9
  • libvirt-daemon-driver-nodedev-debuginfo-0:4.5.0-23.1.module+el8.0.0+3151+3ba813f9
  • libvirt-daemon-driver-nwfilter-0:4.5.0-23.1.module+el8.0.0+3151+3ba813f9
  • libvirt-daemon-driver-nwfilter-debuginfo-0:4.5.0-23.1.module+el8.0.0+3151+3ba813f9
  • libvirt-daemon-driver-qemu-0:4.5.0-23.1.module+el8.0.0+3151+3ba813f9
  • libvirt-daemon-driver-qemu-debuginfo-0:4.5.0-23.1.module+el8.0.0+3151+3ba813f9
  • libvirt-daemon-driver-secret-0:4.5.0-23.1.module+el8.0.0+3151+3ba813f9
  • libvirt-daemon-driver-secret-debuginfo-0:4.5.0-23.1.module+el8.0.0+3151+3ba813f9
  • libvirt-daemon-driver-storage-0:4.5.0-23.1.module+el8.0.0+3151+3ba813f9
  • libvirt-daemon-driver-storage-core-0:4.5.0-23.1.module+el8.0.0+3151+3ba813f9
  • libvirt-daemon-driver-storage-core-debuginfo-0:4.5.0-23.1.module+el8.0.0+3151+3ba813f9
  • libvirt-daemon-driver-storage-disk-0:4.5.0-23.1.module+el8.0.0+3151+3ba813f9
  • libvirt-daemon-driver-storage-disk-debuginfo-0:4.5.0-23.1.module+el8.0.0+3151+3ba813f9
  • libvirt-daemon-driver-storage-gluster-0:4.5.0-23.1.module+el8.0.0+3151+3ba813f9
  • libvirt-daemon-driver-storage-gluster-debuginfo-0:4.5.0-23.1.module+el8.0.0+3151+3ba813f9
  • libvirt-daemon-driver-storage-iscsi-0:4.5.0-23.1.module+el8.0.0+3151+3ba813f9
  • libvirt-daemon-driver-storage-iscsi-debuginfo-0:4.5.0-23.1.module+el8.0.0+3151+3ba813f9
  • libvirt-daemon-driver-storage-logical-0:4.5.0-23.1.module+el8.0.0+3151+3ba813f9
  • libvirt-daemon-driver-storage-logical-debuginfo-0:4.5.0-23.1.module+el8.0.0+3151+3ba813f9
  • libvirt-daemon-driver-storage-mpath-0:4.5.0-23.1.module+el8.0.0+3151+3ba813f9
  • libvirt-daemon-driver-storage-mpath-debuginfo-0:4.5.0-23.1.module+el8.0.0+3151+3ba813f9
  • libvirt-daemon-driver-storage-rbd-0:4.5.0-23.1.module+el8.0.0+3151+3ba813f9
  • libvirt-daemon-driver-storage-rbd-debuginfo-0:4.5.0-23.1.module+el8.0.0+3151+3ba813f9
  • libvirt-daemon-driver-storage-scsi-0:4.5.0-23.1.module+el8.0.0+3151+3ba813f9
  • libvirt-daemon-driver-storage-scsi-debuginfo-0:4.5.0-23.1.module+el8.0.0+3151+3ba813f9
  • libvirt-daemon-kvm-0:4.5.0-23.1.module+el8.0.0+3151+3ba813f9
  • libvirt-dbus-0:1.2.0-2.module+el8.0.0+3075+09be6b65
  • libvirt-dbus-debuginfo-0:1.2.0-2.module+el8.0.0+3075+09be6b65
  • libvirt-dbus-debugsource-0:1.2.0-2.module+el8.0.0+3075+09be6b65
  • libvirt-debuginfo-0:4.5.0-23.1.module+el8.0.0+3151+3ba813f9
  • libvirt-debugsource-0:4.5.0-23.1.module+el8.0.0+3151+3ba813f9
  • libvirt-devel-0:4.5.0-23.1.module+el8.0.0+3151+3ba813f9
  • libvirt-docs-0:4.5.0-23.1.module+el8.0.0+3151+3ba813f9
  • libvirt-libs-0:4.5.0-23.1.module+el8.0.0+3151+3ba813f9
  • libvirt-libs-debuginfo-0:4.5.0-23.1.module+el8.0.0+3151+3ba813f9
  • libvirt-lock-sanlock-0:4.5.0-23.1.module+el8.0.0+3151+3ba813f9
  • libvirt-lock-sanlock-debuginfo-0:4.5.0-23.1.module+el8.0.0+3151+3ba813f9
  • libvirt-nss-0:4.5.0-23.1.module+el8.0.0+3151+3ba813f9
  • libvirt-nss-debuginfo-0:4.5.0-23.1.module+el8.0.0+3151+3ba813f9
  • lua-guestfs-1:1.38.4-10.module+el8.0.0+3075+09be6b65
  • lua-guestfs-debuginfo-1:1.38.4-10.module+el8.0.0+3075+09be6b65
  • nbdkit-0:1.4.2-4.module+el8.0.0+3075+09be6b65
  • nbdkit-bash-completion-0:1.4.2-4.module+el8.0.0+3075+09be6b65
  • nbdkit-basic-plugins-0:1.4.2-4.module+el8.0.0+3075+09be6b65
  • nbdkit-basic-plugins-debuginfo-0:1.4.2-4.module+el8.0.0+3075+09be6b65
  • nbdkit-debuginfo-0:1.4.2-4.module+el8.0.0+3075+09be6b65
  • nbdkit-debugsource-0:1.4.2-4.module+el8.0.0+3075+09be6b65
  • nbdkit-devel-0:1.4.2-4.module+el8.0.0+3075+09be6b65
  • nbdkit-example-plugins-0:1.4.2-4.module+el8.0.0+3075+09be6b65
  • nbdkit-example-plugins-debuginfo-0:1.4.2-4.module+el8.0.0+3075+09be6b65
  • nbdkit-plugin-gzip-0:1.4.2-4.module+el8.0.0+3075+09be6b65
  • nbdkit-plugin-gzip-debuginfo-0:1.4.2-4.module+el8.0.0+3075+09be6b65
  • nbdkit-plugin-python-common-0:1.4.2-4.module+el8.0.0+3075+09be6b65
  • nbdkit-plugin-python3-0:1.4.2-4.module+el8.0.0+3075+09be6b65
  • nbdkit-plugin-python3-debuginfo-0:1.4.2-4.module+el8.0.0+3075+09be6b65
  • nbdkit-plugin-vddk-0:1.4.2-4.module+el8.0.0+3075+09be6b65
  • nbdkit-plugin-vddk-debuginfo-0:1.4.2-4.module+el8.0.0+3075+09be6b65
  • nbdkit-plugin-xz-0:1.4.2-4.module+el8.0.0+3075+09be6b65
  • nbdkit-plugin-xz-debuginfo-0:1.4.2-4.module+el8.0.0+3075+09be6b65
  • netcf-0:0.2.8-10.module+el8.0.0+3075+09be6b65
  • netcf-debuginfo-0:0.2.8-10.module+el8.0.0+3075+09be6b65
  • netcf-debugsource-0:0.2.8-10.module+el8.0.0+3075+09be6b65
  • netcf-devel-0:0.2.8-10.module+el8.0.0+3075+09be6b65
  • netcf-libs-0:0.2.8-10.module+el8.0.0+3075+09be6b65
  • netcf-libs-debuginfo-0:0.2.8-10.module+el8.0.0+3075+09be6b65
  • perl-Sys-Guestfs-1:1.38.4-10.module+el8.0.0+3075+09be6b65
  • perl-Sys-Guestfs-debuginfo-1:1.38.4-10.module+el8.0.0+3075+09be6b65
  • perl-Sys-Virt-0:4.5.0-4.module+el8.0.0+3075+09be6b65
  • perl-Sys-Virt-debuginfo-0:4.5.0-4.module+el8.0.0+3075+09be6b65
  • perl-Sys-Virt-debugsource-0:4.5.0-4.module+el8.0.0+3075+09be6b65
  • perl-hivex-0:1.3.15-6.module+el8.0.0+3075+09be6b65
  • perl-hivex-debuginfo-0:1.3.15-6.module+el8.0.0+3075+09be6b65
  • python3-hivex-0:1.3.15-6.module+el8.0.0+3075+09be6b65
  • python3-hivex-debuginfo-0:1.3.15-6.module+el8.0.0+3075+09be6b65
  • python3-libguestfs-1:1.38.4-10.module+el8.0.0+3075+09be6b65
  • python3-libguestfs-debuginfo-1:1.38.4-10.module+el8.0.0+3075+09be6b65
  • python3-libvirt-0:4.5.0-1.module+el8.0.0+3075+09be6b65
  • python3-libvirt-debuginfo-0:4.5.0-1.module+el8.0.0+3075+09be6b65
  • qemu-guest-agent-15:2.12.0-64.module+el8.0.0+3180+d6a3561d.2
  • qemu-guest-agent-debuginfo-15:2.12.0-64.module+el8.0.0+3180+d6a3561d.2
  • qemu-img-15:2.12.0-64.module+el8.0.0+3180+d6a3561d.2
  • qemu-img-debuginfo-15:2.12.0-64.module+el8.0.0+3180+d6a3561d.2
  • qemu-kvm-15:2.12.0-64.module+el8.0.0+3180+d6a3561d.2
  • qemu-kvm-block-curl-15:2.12.0-64.module+el8.0.0+3180+d6a3561d.2
  • qemu-kvm-block-curl-debuginfo-15:2.12.0-64.module+el8.0.0+3180+d6a3561d.2
  • qemu-kvm-block-gluster-15:2.12.0-64.module+el8.0.0+3180+d6a3561d.2
  • qemu-kvm-block-gluster-debuginfo-15:2.12.0-64.module+el8.0.0+3180+d6a3561d.2
  • qemu-kvm-block-iscsi-15:2.12.0-64.module+el8.0.0+3180+d6a3561d.2
  • qemu-kvm-block-iscsi-debuginfo-15:2.12.0-64.module+el8.0.0+3180+d6a3561d.2
  • qemu-kvm-block-rbd-15:2.12.0-64.module+el8.0.0+3180+d6a3561d.2
  • qemu-kvm-block-rbd-debuginfo-15:2.12.0-64.module+el8.0.0+3180+d6a3561d.2
  • qemu-kvm-block-ssh-15:2.12.0-64.module+el8.0.0+3180+d6a3561d.2
  • qemu-kvm-block-ssh-debuginfo-15:2.12.0-64.module+el8.0.0+3180+d6a3561d.2
  • qemu-kvm-common-15:2.12.0-64.module+el8.0.0+3180+d6a3561d.2
  • qemu-kvm-common-debuginfo-15:2.12.0-64.module+el8.0.0+3180+d6a3561d.2
  • qemu-kvm-core-15:2.12.0-64.module+el8.0.0+3180+d6a3561d.2
  • qemu-kvm-core-debuginfo-15:2.12.0-64.module+el8.0.0+3180+d6a3561d.2
  • qemu-kvm-debuginfo-15:2.12.0-64.module+el8.0.0+3180+d6a3561d.2
  • qemu-kvm-debugsource-15:2.12.0-64.module+el8.0.0+3180+d6a3561d.2
  • ruby-hivex-0:1.3.15-6.module+el8.0.0+3075+09be6b65
  • ruby-hivex-debuginfo-0:1.3.15-6.module+el8.0.0+3075+09be6b65
  • ruby-libguestfs-1:1.38.4-10.module+el8.0.0+3075+09be6b65
  • ruby-libguestfs-debuginfo-1:1.38.4-10.module+el8.0.0+3075+09be6b65
  • seabios-0:1.11.1-3.module+el8.0.0+3075+09be6b65
  • seabios-bin-0:1.11.1-3.module+el8.0.0+3075+09be6b65
  • seavgabios-bin-0:1.11.1-3.module+el8.0.0+3075+09be6b65
  • sgabios-1:0.20170427git-2.module+el8.0.0+3075+09be6b65
  • sgabios-bin-1:0.20170427git-2.module+el8.0.0+3075+09be6b65
  • supermin-0:5.1.19-8.module+el8.0.0+3075+09be6b65
  • supermin-debuginfo-0:5.1.19-8.module+el8.0.0+3075+09be6b65
  • supermin-debugsource-0:5.1.19-8.module+el8.0.0+3075+09be6b65
  • supermin-devel-0:5.1.19-8.module+el8.0.0+3075+09be6b65
  • virt-dib-1:1.38.4-10.module+el8.0.0+3075+09be6b65
  • virt-dib-debuginfo-1:1.38.4-10.module+el8.0.0+3075+09be6b65
  • virt-p2v-maker-1:1.38.4-10.module+el8.0.0+3075+09be6b65
  • virt-v2v-1:1.38.4-10.module+el8.0.0+3075+09be6b65
  • virt-v2v-debuginfo-1:1.38.4-10.module+el8.0.0+3075+09be6b65
  • libssh2-0:1.4.2-3.el6_10.1
  • libssh2-debuginfo-0:1.4.2-3.el6_10.1
  • libssh2-devel-0:1.4.2-3.el6_10.1
  • libssh2-docs-0:1.4.2-3.el6_10.1
  • libssh2-0:1.4.3-11.el7_5.1
  • libssh2-debuginfo-0:1.4.3-11.el7_5.1
  • libssh2-devel-0:1.4.3-11.el7_5.1
  • libssh2-docs-0:1.4.3-11.el7_5.1
  • libssh2-0:1.4.3-11.el7_4.1
  • libssh2-debuginfo-0:1.4.3-11.el7_4.1
  • libssh2-devel-0:1.4.3-11.el7_4.1
  • libssh2-docs-0:1.4.3-11.el7_4.1
  • libssh2-0:1.4.3-11.el7_3.1
  • libssh2-debuginfo-0:1.4.3-11.el7_3.1
  • libssh2-devel-0:1.4.3-11.el7_3.1
  • libssh2-docs-0:1.4.3-11.el7_3.1
refmap via4
bid 107485
bugtraq
  • 20190319 [slackware-security] libssh2 (SSA:2019-077-01)
  • 20190415 [SECURITY] [DSA 4431-1] libssh2 security update
  • 20190927 APPLE-SA-2019-9-26-7 Xcode 11.0
confirm
debian DSA-4431
fedora
  • FEDORA-2019-3348cb4934
  • FEDORA-2019-5885663621
  • FEDORA-2019-9d85600fc7
  • FEDORA-2019-f31c14682f
fulldisc 20190927 APPLE-SA-2019-9-26-7 Xcode 11.0
misc
mlist
  • [debian-lts-announce] 20190326 [SECURITY] [DLA 1730-1] libssh2 security update
  • [oss-security] 20190318 [SECURITY ADVISORIES] libssh2
suse
  • openSUSE-SU-2019:1075
  • openSUSE-SU-2019:1109
Last major update 15-10-2020 - 13:42
Published 21-03-2019 - 21:29
Last modified 15-10-2020 - 13:42
Back to Top