Rapid7 Vulnerability & Exploit Database

Red Hat: CVE-2019-3863: CVE-2019-3863 libssh2: Integer overflow in user authenticate keyboard interactive allows out-of-bounds writes (Multiple Advisories)

Free InsightVM Trial No Credit Card Necessary

Watch Demo See how it all works

Back to Search

Red Hat: CVE-2019-3863: CVE-2019-3863 libssh2: Integer overflow in user authenticate keyboard interactive allows out-of-bounds writes (Multiple Advisories)

Severity

CVSS

(AV:N/AC:M/Au:N/C:P/I:P/A:P)

Published

03/25/2019

Created

04/22/2019

Added

03/29/2019

Modified

12/15/2023

Description

A flaw was found in libssh2 before 1.8.1. A server could send a multiple keyboard interactive response messages whose total length are greater than unsigned char max characters. This value is used as an index to copy memory causing in an out of bounds memory write error.

Solution(s)

redhat-upgrade-hivex
redhat-upgrade-hivex-debuginfo
redhat-upgrade-hivex-debugsource
redhat-upgrade-hivex-devel
redhat-upgrade-libguestfs
redhat-upgrade-libguestfs-bash-completion
redhat-upgrade-libguestfs-benchmarking
redhat-upgrade-libguestfs-benchmarking-debuginfo
redhat-upgrade-libguestfs-debuginfo
redhat-upgrade-libguestfs-debugsource
redhat-upgrade-libguestfs-devel
redhat-upgrade-libguestfs-gfs2
redhat-upgrade-libguestfs-gobject
redhat-upgrade-libguestfs-gobject-debuginfo
redhat-upgrade-libguestfs-gobject-devel
redhat-upgrade-libguestfs-inspect-icons
redhat-upgrade-libguestfs-java
redhat-upgrade-libguestfs-java-debuginfo
redhat-upgrade-libguestfs-java-devel
redhat-upgrade-libguestfs-javadoc
redhat-upgrade-libguestfs-man-pages-ja
redhat-upgrade-libguestfs-man-pages-uk
redhat-upgrade-libguestfs-rescue
redhat-upgrade-libguestfs-rsync
redhat-upgrade-libguestfs-tools
redhat-upgrade-libguestfs-tools-c
redhat-upgrade-libguestfs-tools-c-debuginfo
redhat-upgrade-libguestfs-winsupport
redhat-upgrade-libguestfs-xfs
redhat-upgrade-libiscsi
redhat-upgrade-libiscsi-debuginfo
redhat-upgrade-libiscsi-debugsource
redhat-upgrade-libiscsi-devel
redhat-upgrade-libiscsi-utils
redhat-upgrade-libiscsi-utils-debuginfo
redhat-upgrade-libssh2
redhat-upgrade-libssh2-debuginfo
redhat-upgrade-libssh2-debugsource
redhat-upgrade-libssh2-devel
redhat-upgrade-libssh2-docs
redhat-upgrade-libvirt
redhat-upgrade-libvirt-admin
redhat-upgrade-libvirt-admin-debuginfo
redhat-upgrade-libvirt-bash-completion
redhat-upgrade-libvirt-client
redhat-upgrade-libvirt-client-debuginfo
redhat-upgrade-libvirt-daemon
redhat-upgrade-libvirt-daemon-config-network
redhat-upgrade-libvirt-daemon-config-nwfilter
redhat-upgrade-libvirt-daemon-debuginfo
redhat-upgrade-libvirt-daemon-driver-interface
redhat-upgrade-libvirt-daemon-driver-interface-debuginfo
redhat-upgrade-libvirt-daemon-driver-network
redhat-upgrade-libvirt-daemon-driver-network-debuginfo
redhat-upgrade-libvirt-daemon-driver-nodedev
redhat-upgrade-libvirt-daemon-driver-nodedev-debuginfo
redhat-upgrade-libvirt-daemon-driver-nwfilter
redhat-upgrade-libvirt-daemon-driver-nwfilter-debuginfo
redhat-upgrade-libvirt-daemon-driver-qemu
redhat-upgrade-libvirt-daemon-driver-qemu-debuginfo
redhat-upgrade-libvirt-daemon-driver-secret
redhat-upgrade-libvirt-daemon-driver-secret-debuginfo
redhat-upgrade-libvirt-daemon-driver-storage
redhat-upgrade-libvirt-daemon-driver-storage-core
redhat-upgrade-libvirt-daemon-driver-storage-core-debuginfo
redhat-upgrade-libvirt-daemon-driver-storage-disk
redhat-upgrade-libvirt-daemon-driver-storage-disk-debuginfo
redhat-upgrade-libvirt-daemon-driver-storage-gluster
redhat-upgrade-libvirt-daemon-driver-storage-gluster-debuginfo
redhat-upgrade-libvirt-daemon-driver-storage-iscsi
redhat-upgrade-libvirt-daemon-driver-storage-iscsi-debuginfo
redhat-upgrade-libvirt-daemon-driver-storage-logical
redhat-upgrade-libvirt-daemon-driver-storage-logical-debuginfo
redhat-upgrade-libvirt-daemon-driver-storage-mpath
redhat-upgrade-libvirt-daemon-driver-storage-mpath-debuginfo
redhat-upgrade-libvirt-daemon-driver-storage-rbd
redhat-upgrade-libvirt-daemon-driver-storage-rbd-debuginfo
redhat-upgrade-libvirt-daemon-driver-storage-scsi
redhat-upgrade-libvirt-daemon-driver-storage-scsi-debuginfo
redhat-upgrade-libvirt-daemon-kvm
redhat-upgrade-libvirt-dbus
redhat-upgrade-libvirt-dbus-debuginfo
redhat-upgrade-libvirt-dbus-debugsource
redhat-upgrade-libvirt-debuginfo
redhat-upgrade-libvirt-debugsource
redhat-upgrade-libvirt-devel
redhat-upgrade-libvirt-docs
redhat-upgrade-libvirt-libs
redhat-upgrade-libvirt-libs-debuginfo
redhat-upgrade-libvirt-lock-sanlock
redhat-upgrade-libvirt-lock-sanlock-debuginfo
redhat-upgrade-libvirt-nss
redhat-upgrade-libvirt-nss-debuginfo
redhat-upgrade-lua-guestfs
redhat-upgrade-lua-guestfs-debuginfo
redhat-upgrade-nbdkit
redhat-upgrade-nbdkit-bash-completion
redhat-upgrade-nbdkit-basic-plugins
redhat-upgrade-nbdkit-basic-plugins-debuginfo
redhat-upgrade-nbdkit-debuginfo
redhat-upgrade-nbdkit-debugsource
redhat-upgrade-nbdkit-devel
redhat-upgrade-nbdkit-example-plugins
redhat-upgrade-nbdkit-example-plugins-debuginfo
redhat-upgrade-nbdkit-plugin-gzip
redhat-upgrade-nbdkit-plugin-gzip-debuginfo
redhat-upgrade-nbdkit-plugin-python-common
redhat-upgrade-nbdkit-plugin-python3
redhat-upgrade-nbdkit-plugin-python3-debuginfo
redhat-upgrade-nbdkit-plugin-vddk
redhat-upgrade-nbdkit-plugin-vddk-debuginfo
redhat-upgrade-nbdkit-plugin-xz
redhat-upgrade-nbdkit-plugin-xz-debuginfo
redhat-upgrade-netcf
redhat-upgrade-netcf-debuginfo
redhat-upgrade-netcf-debugsource
redhat-upgrade-netcf-devel
redhat-upgrade-netcf-libs
redhat-upgrade-netcf-libs-debuginfo
redhat-upgrade-perl-hivex
redhat-upgrade-perl-hivex-debuginfo
redhat-upgrade-perl-sys-guestfs
redhat-upgrade-perl-sys-guestfs-debuginfo
redhat-upgrade-perl-sys-virt
redhat-upgrade-perl-sys-virt-debuginfo
redhat-upgrade-perl-sys-virt-debugsource
redhat-upgrade-python3-hivex
redhat-upgrade-python3-hivex-debuginfo
redhat-upgrade-python3-libguestfs
redhat-upgrade-python3-libguestfs-debuginfo
redhat-upgrade-python3-libvirt
redhat-upgrade-python3-libvirt-debuginfo
redhat-upgrade-qemu-guest-agent
redhat-upgrade-qemu-guest-agent-debuginfo
redhat-upgrade-qemu-img
redhat-upgrade-qemu-img-debuginfo
redhat-upgrade-qemu-kvm
redhat-upgrade-qemu-kvm-block-curl
redhat-upgrade-qemu-kvm-block-curl-debuginfo
redhat-upgrade-qemu-kvm-block-gluster
redhat-upgrade-qemu-kvm-block-gluster-debuginfo
redhat-upgrade-qemu-kvm-block-iscsi
redhat-upgrade-qemu-kvm-block-iscsi-debuginfo
redhat-upgrade-qemu-kvm-block-rbd
redhat-upgrade-qemu-kvm-block-rbd-debuginfo
redhat-upgrade-qemu-kvm-block-ssh
redhat-upgrade-qemu-kvm-block-ssh-debuginfo
redhat-upgrade-qemu-kvm-common
redhat-upgrade-qemu-kvm-common-debuginfo
redhat-upgrade-qemu-kvm-core
redhat-upgrade-qemu-kvm-core-debuginfo
redhat-upgrade-qemu-kvm-debuginfo
redhat-upgrade-qemu-kvm-debugsource
redhat-upgrade-ruby-hivex
redhat-upgrade-ruby-hivex-debuginfo
redhat-upgrade-ruby-libguestfs
redhat-upgrade-ruby-libguestfs-debuginfo
redhat-upgrade-seabios
redhat-upgrade-seabios-bin
redhat-upgrade-seavgabios-bin
redhat-upgrade-sgabios
redhat-upgrade-sgabios-bin
redhat-upgrade-slof
redhat-upgrade-supermin
redhat-upgrade-supermin-debuginfo
redhat-upgrade-supermin-debugsource
redhat-upgrade-supermin-devel
redhat-upgrade-virt-dib
redhat-upgrade-virt-dib-debuginfo
redhat-upgrade-virt-p2v-maker
redhat-upgrade-virt-v2v
redhat-upgrade-virt-v2v-debuginfo

References

DSA-4431
CVE-2019-3863
RHSA-2019:0679
RHSA-2019:1175
RHSA-2019:1652
RHSA-2019:1791
RHSA-2019:1943
RHSA-2019:2399

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;

Rapid7 Vulnerability & Exploit Database

Red Hat: CVE-2019-3863: CVE-2019-3863 libssh2: Integer overflow in user authenticate keyboard interactive allows out-of-bounds writes (Multiple Advisories)

Red Hat: CVE-2019-3863: CVE-2019-3863 libssh2: Integer overflow in user authenticate keyboard interactive allows out-of-bounds writes (Multiple Advisories)

Description

Solution(s)

References

Success! Thank you for submission. We will be in touch shortly.

Oops! There was a problem in submission. Please try again.

Submit your information and we will get in touch with you.