{"id":"MGASA-2019-0139","summary":"Updated libssh2 packages fix security vulnerability","details":"Possible integer overflow in transport read allows out-of-bounds write.\n(CVE-2019-3855)\n\nPossible integer overflow in keyboard interactive handling allows\nout-of-bounds write. (CVE-2019-3856)\n\nPossible integer overflow leading to zero-byte allocation and\nout-of-bounds write. (CVE-2019-3857)\n\nPossible zero-byte allocation leading to an out-of-bounds read.\n(CVE-2019-3858)\n\nOut-of-bounds reads with specially crafted payloads due to unchecked use\nof `_libssh2_packet_require` and `_libssh2_packet_requirev`.\n(CVE-2019-3859)\n\nOut-of-bounds reads with specially crafted SFTP packets. (CVE-2019-3860)\n\nOut-of-bounds reads with specially crafted SSH packets. (CVE-2019-3861)\n\nOut-of-bounds memory comparison. (CVE-2019-3862)\n\nInteger overflow in user authenicate keyboard interactive allows\nout-of-bounds writes. (CVE-2019-3863)\n","modified":"2026-04-16T04:42:03.242869070Z","published":"2019-04-10T21:25:19Z","upstream":["CVE-2019-3855","CVE-2019-3856","CVE-2019-3857","CVE-2019-3858","CVE-2019-3859","CVE-2019-3860","CVE-2019-3861","CVE-2019-3862","CVE-2019-3863"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2019-0139.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=24532"},{"type":"WEB","url":"https://www.openwall.com/lists/oss-security/2019/03/18/3"},{"type":"WEB","url":"http://lists.suse.com/pipermail/sle-security-updates/2019-March/005203.html"}],"affected":[{"package":{"name":"libssh2","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/libssh2?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.7.0-2.1.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2019-0139.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}