[3.9] libssh2: Multiple vulnerabilities (CVE-2019-3855, CVE-2019-3856, CVE-2019-3857, CVE-2019-3858, CVE-2019-3859, CVE-2019-3860, CVE-2019-3861, CVE-2019-3862, CVE-2019-3863)
CVE-2019-3855: Possible integer overflow in transport read allows out-of-bounds write
Affected versions: all versions to and including 1.8.0
Not affected versions: libssh2 >= 1.8.1
References:
https://www.libssh2.org/CVE-2019-3855.html
https://www.openwall.com/lists/oss-security/2019/03/18/3
Patch:
https://libssh2.org/1.8.0-CVE/CVE-2019-3855.patch
CVE-2019-3856: Possible integer overflow in keyboard interactive handling allows out-of-bounds write
Affected versions: all versions to and including 1.8.0
Not affected versions: libssh2 >= 1.8.1
References:
https://www.libssh2.org/CVE-2019-3856.html
https://www.openwall.com/lists/oss-security/2019/03/18/3
Patch:
https://libssh2.org/1.8.0-CVE/CVE-2019-3856.patch
CVE-2019-3857: Possible integer overflow leading to zero-byte allocation and out-of-bounds write
Affected versions: versions 1.2.8 up to and including 1.8.0
Not affected versions: libssh2 >= 1.8.1
References:
https://www.libssh2.org/CVE-2019-3857.html
https://www.openwall.com/lists/oss-security/2019/03/18/3
Patch:
https://libssh2.org/1.8.0-CVE/CVE-2019-3857.patch
CVE-2019-3858: Possible zero-byte allocation leading to an out-of-bounds read
Affected versions: versions 0.3 up to and including 1.8.0
Not affected versions: libssh2 >= 1.8.1
References:
https://www.libssh2.org/CVE-2019-3858.html
https://www.openwall.com/lists/oss-security/2019/03/18/3
Patch:
https://libssh2.org/1.8.0-CVE/CVE-2019-3858.patch
CVE-2019-3859: Out-of-bounds reads with specially crafted payloads due to unchecked use of `_libssh2_packet_require` and `_libssh2_packet_requirev`
Affected versions: versions 0.1 up to and including 1.8.0
Not affected versions: libssh2 >= 1.8.1
References:
https://www.libssh2.org/CVE-2019-3859.html
https://www.openwall.com/lists/oss-security/2019/03/18/3
Patch:
https://libssh2.org/1.8.0-CVE/CVE-2019-3859.patch
*CVE-2019-386*0: Out-of-bounds reads with specially crafted SFTP packets
Affected versions: versions 0.3 up to and including 1.8.0
Not affected versions: libssh2 >= 1.9.0
References:
https://www.libssh2.org/CVE-2019-3860.html
https://www.openwall.com/lists/oss-security/2019/03/18/3
Patch:
https://libssh2.org/1.8.0-CVE/CVE-2019-3860.patch
CVE-2019-3861: Out-of-bounds reads with specially crafted SSH packets
Affected versions: versions 0.15 up to and including 1.8.0
Not affected versions: libssh2 >= 1.8.1
References:
https://www.libssh2.org/CVE-2019-3861.html
https://www.openwall.com/lists/oss-security/2019/03/18/3
Patch:
https://libssh2.org/1.8.0-CVE/CVE-2019-3861.patch
CVE-2019-3862: Out-of-bounds memory comparison
Affected versions: versions 0.11 up to and including 1.8.0
Not affected versions: libssh2 >= 1.8.1
References:
https://www.libssh2.org/CVE-2019-3862.html
https://www.openwall.com/lists/oss-security/2019/03/18/3
Patch:
https://libssh2.org/1.8.0-CVE/CVE-2019-3862.patch
CVE-2019-3863: Integer overflow in user authenicate keyboard interactive allows out-of-bounds writes
Affected versions: versions 0.1 up to and including 1.8.0
Not affected versions: libssh2 >= 1.8.1
References:
https://www.libssh2.org/CVE-2019-3863.html
https://www.openwall.com/lists/oss-security/2019/03/18/3
Patch:
https://libssh2.org/1.8.0-CVE/CVE-2019-3863.txt
(from redmine: issue id 10129, created on 2019-03-19, closed on 2019-03-21)
- Relations:
- parent #10127 (closed)
- Changesets:
- Revision d60ef1f3 by Francesco Colista on 2019-03-19T21:48:52Z:
main/libssh2: security upgrade to 1.8.1
- CVE-2019-3855
- CVE-2019-3856
- CVE-2019-3857
- CVE-2019-3858
- CVE-2019-3859
- CVE-2019-3860
- CVE-2019-3861
- CVE-2019-3862
- CVE-2019-3863
Fixes #10129