var-201903-0388
Vulnerability from variot
An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server. libssh2 Contains an integer overflow vulnerability.Information is obtained and service operation is interrupted (DoS) There is a possibility of being put into a state. libssh2 is prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code, perform unauthorized actions, cause denial-of-service conditions, retrieve sensitive information; other attacks may also be possible. It can execute remote commands and file transfers, and at the same time provide a secure transmission channel for remote programs. An integer overflow vulnerability exists in libssh2. The vulnerability is caused by the '_libssh2_transport_read()' function not properly checking the packet_length value from the server. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2019-9-26-7 Xcode 11.0
Xcode 11.0 addresses the following:
IDE SCM Available for: macOS Mojave 10.14.4 and later Impact: Multiple issues in libssh2 Description: Multiple issues were addressed by updating to version 2.16. CVE-2019-3855: Chris Coulson
ld64 Available for: macOS Mojave 10.14.4 and later Impact: Compiling code without proper input validation could lead to arbitrary code execution with user privilege Description: Multiple issues in ld64 in the Xcode toolchains were addressed by updating to version ld64-507.4. CVE-2019-8721: Pan ZhenPeng of Qihoo 360 Nirvan Team CVE-2019-8722: Pan ZhenPeng of Qihoo 360 Nirvan Team CVE-2019-8723: Pan ZhenPeng of Qihoo 360 Nirvan Team CVE-2019-8724: Pan ZhenPeng of Qihoo 360 Nirvan Team
otool Available for: macOS Mojave 10.14.4 and later Impact: Processing a maliciously crafted file may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2019-8738: Pan ZhenPeng (@Peterpan0927) of Qihoo 360 Nirvan Team CVE-2019-8739: Pan ZhenPeng (@Peterpan0927) of Qihoo 360 Nirvan Team
Installation note:
Xcode 11.0 may be obtained from:
https://developer.apple.com/xcode/downloads/
To check that the Xcode has been updated:
- Select Xcode in the menu bar
- Select About Xcode
-
The version after applying this update will be "11.0". 6) - i386, x86_64
-
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: libssh2 security update Advisory ID: RHSA-2019:0679-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:0679 Issue date: 2019-03-28 CVE Names: CVE-2019-3855 CVE-2019-3856 CVE-2019-3857 CVE-2019-3863 ==================================================================== 1. Summary:
An update for libssh2 is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - aarch64, ppc64le, s390x Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - aarch64, noarch, ppc64le, s390x
- Description:
The libssh2 packages provide a library that implements the SSH2 protocol.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing these updated packages, all running applications using libssh2 must be restarted for this update to take effect.
- Package List:
Red Hat Enterprise Linux Client (v. 7):
Source: libssh2-1.4.3-12.el7_6.2.src.rpm
x86_64: libssh2-1.4.3-12.el7_6.2.i686.rpm libssh2-1.4.3-12.el7_6.2.x86_64.rpm libssh2-debuginfo-1.4.3-12.el7_6.2.i686.rpm libssh2-debuginfo-1.4.3-12.el7_6.2.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
noarch: libssh2-docs-1.4.3-12.el7_6.2.noarch.rpm
x86_64: libssh2-debuginfo-1.4.3-12.el7_6.2.i686.rpm libssh2-debuginfo-1.4.3-12.el7_6.2.x86_64.rpm libssh2-devel-1.4.3-12.el7_6.2.i686.rpm libssh2-devel-1.4.3-12.el7_6.2.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source: libssh2-1.4.3-12.el7_6.2.src.rpm
x86_64: libssh2-1.4.3-12.el7_6.2.i686.rpm libssh2-1.4.3-12.el7_6.2.x86_64.rpm libssh2-debuginfo-1.4.3-12.el7_6.2.i686.rpm libssh2-debuginfo-1.4.3-12.el7_6.2.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
noarch: libssh2-docs-1.4.3-12.el7_6.2.noarch.rpm
x86_64: libssh2-debuginfo-1.4.3-12.el7_6.2.i686.rpm libssh2-debuginfo-1.4.3-12.el7_6.2.x86_64.rpm libssh2-devel-1.4.3-12.el7_6.2.i686.rpm libssh2-devel-1.4.3-12.el7_6.2.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: libssh2-1.4.3-12.el7_6.2.src.rpm
ppc64: libssh2-1.4.3-12.el7_6.2.ppc.rpm libssh2-1.4.3-12.el7_6.2.ppc64.rpm libssh2-debuginfo-1.4.3-12.el7_6.2.ppc.rpm libssh2-debuginfo-1.4.3-12.el7_6.2.ppc64.rpm
ppc64le: libssh2-1.4.3-12.el7_6.2.ppc64le.rpm libssh2-debuginfo-1.4.3-12.el7_6.2.ppc64le.rpm
s390x: libssh2-1.4.3-12.el7_6.2.s390.rpm libssh2-1.4.3-12.el7_6.2.s390x.rpm libssh2-debuginfo-1.4.3-12.el7_6.2.s390.rpm libssh2-debuginfo-1.4.3-12.el7_6.2.s390x.rpm
x86_64: libssh2-1.4.3-12.el7_6.2.i686.rpm libssh2-1.4.3-12.el7_6.2.x86_64.rpm libssh2-debuginfo-1.4.3-12.el7_6.2.i686.rpm libssh2-debuginfo-1.4.3-12.el7_6.2.x86_64.rpm
Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7):
Source: libssh2-1.4.3-12.el7_6.2.src.rpm
aarch64: libssh2-1.4.3-12.el7_6.2.aarch64.rpm libssh2-debuginfo-1.4.3-12.el7_6.2.aarch64.rpm
ppc64le: libssh2-1.4.3-12.el7_6.2.ppc64le.rpm libssh2-debuginfo-1.4.3-12.el7_6.2.ppc64le.rpm
s390x: libssh2-1.4.3-12.el7_6.2.s390.rpm libssh2-1.4.3-12.el7_6.2.s390x.rpm libssh2-debuginfo-1.4.3-12.el7_6.2.s390.rpm libssh2-debuginfo-1.4.3-12.el7_6.2.s390x.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
noarch: libssh2-docs-1.4.3-12.el7_6.2.noarch.rpm
ppc64: libssh2-debuginfo-1.4.3-12.el7_6.2.ppc.rpm libssh2-debuginfo-1.4.3-12.el7_6.2.ppc64.rpm libssh2-devel-1.4.3-12.el7_6.2.ppc.rpm libssh2-devel-1.4.3-12.el7_6.2.ppc64.rpm
ppc64le: libssh2-debuginfo-1.4.3-12.el7_6.2.ppc64le.rpm libssh2-devel-1.4.3-12.el7_6.2.ppc64le.rpm
s390x: libssh2-debuginfo-1.4.3-12.el7_6.2.s390.rpm libssh2-debuginfo-1.4.3-12.el7_6.2.s390x.rpm libssh2-devel-1.4.3-12.el7_6.2.s390.rpm libssh2-devel-1.4.3-12.el7_6.2.s390x.rpm
x86_64: libssh2-debuginfo-1.4.3-12.el7_6.2.i686.rpm libssh2-debuginfo-1.4.3-12.el7_6.2.x86_64.rpm libssh2-devel-1.4.3-12.el7_6.2.i686.rpm libssh2-devel-1.4.3-12.el7_6.2.x86_64.rpm
Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7):
aarch64: libssh2-debuginfo-1.4.3-12.el7_6.2.aarch64.rpm libssh2-devel-1.4.3-12.el7_6.2.aarch64.rpm
noarch: libssh2-docs-1.4.3-12.el7_6.2.noarch.rpm
ppc64le: libssh2-debuginfo-1.4.3-12.el7_6.2.ppc64le.rpm libssh2-devel-1.4.3-12.el7_6.2.ppc64le.rpm
s390x: libssh2-debuginfo-1.4.3-12.el7_6.2.s390.rpm libssh2-debuginfo-1.4.3-12.el7_6.2.s390x.rpm libssh2-devel-1.4.3-12.el7_6.2.s390.rpm libssh2-devel-1.4.3-12.el7_6.2.s390x.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: libssh2-1.4.3-12.el7_6.2.src.rpm
x86_64: libssh2-1.4.3-12.el7_6.2.i686.rpm libssh2-1.4.3-12.el7_6.2.x86_64.rpm libssh2-debuginfo-1.4.3-12.el7_6.2.i686.rpm libssh2-debuginfo-1.4.3-12.el7_6.2.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
noarch: libssh2-docs-1.4.3-12.el7_6.2.noarch.rpm
x86_64: libssh2-debuginfo-1.4.3-12.el7_6.2.i686.rpm libssh2-debuginfo-1.4.3-12.el7_6.2.x86_64.rpm libssh2-devel-1.4.3-12.el7_6.2.i686.rpm libssh2-devel-1.4.3-12.el7_6.2.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2019-3855 https://access.redhat.com/security/cve/CVE-2019-3856 https://access.redhat.com/security/cve/CVE-2019-3857 https://access.redhat.com/security/cve/CVE-2019-3863 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBXJznXNzjgjWX9erEAQiaLQ/+NOZQa78T9tZT0qw516dUqmfm8y03YJDd LDgRcAbSQIlYF59kO4SxBZ13APCc8ippJXzSeBS49AeQLdesjaj3bYnWXeAiDwIE wE2zqYhjBH3YUW8vmoP26sC4Ov8rijsevHQcn7PcRiTrR/gSdzU59LkxouyWokAC nFVzke+D7aQMFv6mo9EbEEH1Q85/WIfJKKB4XuCHM13L1ohLuVVQnsjxwZtq8hev FCQp1moLuyyvDGjEa0lhp05gqIoDGPccpAzlcbz/HWgkb/6nGOQeTsGkN4MPCqbA O5YilLdgg3/HASMhtWopCgLQucDI6UEdA4sqAmQFJT5sB19kfJVRDQYSKIim8Tno 7DICVw0x5p4YzexurImz5tORwsAhTsKt52Z32KEgaVfZLqBwdJP+l3mQaS4H9wZ7 z4hSB+EPaK6UbKJVq5D5/vhYJlQsSd8sDkLcz30UqNpY0o3LwqBK/8m8apikjxCu cdM0ykUZJsccAB0zwuteBP9dEvyUHFhSkpQgWDZIqHgOuE2jpCnIRpl3aRDgB+ND XkktDObjALWmIqg1Zs6+vLIDhGKG08ZNSpwaLZQrvFK59aGA/2BTDgupJh607Tv4 D/l/yO/KxEaUQa5zsFpej2gIfIFElzZc82/ZmWaViyALtpjJ/kKdC4Fzb5PlVIuH tLzz6XhldNU=R5e5 -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . 8) - aarch64, noarch, ppc64le, s390x, x86_64
- Description:
Kernel-based Virtual Machine (KVM) offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtualized systems.
Security Fix(es):
-
A flaw was found in the implementation of the "fill buffer", a mechanism used by modern CPUs when a cache-miss is made on L1 CPU cache. If an attacker can generate a load operation that would create a page fault, the execution will continue speculatively with incorrect data from the fill buffer while the data is fetched from higher level caches. This response time can be measured to infer data in the fill buffer. (CVE-2018-12130)
-
Modern Intel microprocessors implement hardware-level micro-optimizations to improve the performance of writing data back to CPU caches. The write operation is split into STA (STore Address) and STD (STore Data) sub-operations. These sub-operations allow the processor to hand-off address generation logic into these sub-operations for optimized writes. Both of these sub-operations write to a shared distributed processor structure called the 'processor store buffer'. As a result, an unprivileged attacker could use this flaw to read private data resident within the CPU's processor store buffer. (CVE-2018-12126)
-
Microprocessors use a ‘load port’ subcomponent to perform load operations from memory or IO. During a load operation, the load port receives data from the memory or IO subsystem and then provides the data to the CPU registers and operations in the CPU’s pipelines. Stale load operations results are stored in the 'load port' table until overwritten by newer operations. Certain load-port operations triggered by an attacker can be used to reveal data about previous stale requests leaking data back to the attacker via a timing side-channel. (CVE-2018-12127)
-
Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201903-0388",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "libssh2",
"scope": "lt",
"trust": 1.8,
"vendor": "libssh2",
"version": "1.8.1"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "28"
},
{
"model": "ontap select deploy administration utility",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "8.0"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.0"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.6"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "29"
},
{
"model": "xcode",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "11.0"
},
{
"model": "leap",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "42.3"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.57"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.56"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.6"
},
{
"model": "enterprise linux server eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.6"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "30"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "fedora",
"scope": "eq",
"trust": 0.8,
"vendor": "fedora",
"version": "29"
},
{
"model": "ontap select deploy administration utility",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "enterprise linux desktop",
"scope": null,
"trust": 0.8,
"vendor": "red hat",
"version": null
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "none"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "aus"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "eus"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "tus"
},
{
"model": "enterprise linux workstation",
"scope": null,
"trust": 0.8,
"vendor": "red hat",
"version": null
},
{
"model": "virtualization",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "libssh2",
"scope": "eq",
"trust": 0.3,
"vendor": "libssh2",
"version": "1.8"
},
{
"model": "libssh2",
"scope": "eq",
"trust": 0.3,
"vendor": "libssh2",
"version": "1.7"
},
{
"model": "libssh2",
"scope": "eq",
"trust": 0.3,
"vendor": "libssh2",
"version": "1.6"
},
{
"model": "libssh2",
"scope": "eq",
"trust": 0.3,
"vendor": "libssh2",
"version": "1.5"
},
{
"model": "libssh2",
"scope": "eq",
"trust": 0.3,
"vendor": "libssh2",
"version": "1.4.3"
},
{
"model": "libssh2",
"scope": "eq",
"trust": 0.3,
"vendor": "libssh2",
"version": "1.4.2"
},
{
"model": "libssh2",
"scope": "eq",
"trust": 0.3,
"vendor": "libssh2",
"version": "1.4.1"
},
{
"model": "libssh2",
"scope": "eq",
"trust": 0.3,
"vendor": "libssh2",
"version": "1.4"
},
{
"model": "libssh2",
"scope": "eq",
"trust": 0.3,
"vendor": "libssh2",
"version": "1.3"
},
{
"model": "libssh2",
"scope": "eq",
"trust": 0.3,
"vendor": "libssh2",
"version": "1.2.8"
},
{
"model": "libssh2",
"scope": "eq",
"trust": 0.3,
"vendor": "libssh2",
"version": "1.1"
},
{
"model": "libssh2",
"scope": "eq",
"trust": 0.3,
"vendor": "libssh2",
"version": "0.3"
},
{
"model": "libssh2",
"scope": "eq",
"trust": 0.3,
"vendor": "libssh2",
"version": "0.15"
},
{
"model": "libssh2",
"scope": "eq",
"trust": 0.3,
"vendor": "libssh2",
"version": "0.11"
},
{
"model": "libssh2",
"scope": "eq",
"trust": 0.3,
"vendor": "libssh2",
"version": "0.1"
},
{
"model": "libssh2",
"scope": "ne",
"trust": 0.3,
"vendor": "libssh2",
"version": "1.8.1"
}
],
"sources": [
{
"db": "BID",
"id": "107485"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002832"
},
{
"db": "NVD",
"id": "CVE-2019-3855"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:debian:debian_linux",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:fedoraproject:fedora",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:libssh2:libssh2",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:netapp:ontap_select_administration_utility",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:redhat:enterprise_linux_desktop",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:redhat:enterprise_linux_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:redhat:enterprise_linux_workstation",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-002832"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Chris Coulson of Canonical Ltd.,Slackware Security Team",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201903-634"
}
],
"trust": 0.6
},
"cve": "CVE-2019-3855",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CVE-2019-3855",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "VHN-155290",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2019-3855",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "secalert@redhat.com",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.6,
"id": "CVE-2019-3855",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-3855",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-3855",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "secalert@redhat.com",
"id": "CVE-2019-3855",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2019-3855",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201903-634",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-155290",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-155290"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002832"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-634"
},
{
"db": "NVD",
"id": "CVE-2019-3855"
},
{
"db": "NVD",
"id": "CVE-2019-3855"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server. libssh2 Contains an integer overflow vulnerability.Information is obtained and service operation is interrupted (DoS) There is a possibility of being put into a state. libssh2 is prone to multiple security vulnerabilities. \nAttackers can exploit these issues to execute arbitrary code, perform unauthorized actions, cause denial-of-service conditions, retrieve sensitive information; other attacks may also be possible. It can execute remote commands and file transfers, and at the same time provide a secure transmission channel for remote programs. An integer overflow vulnerability exists in libssh2. The vulnerability is caused by the \u0027_libssh2_transport_read()\u0027 function not properly checking the packet_length value from the server. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2019-9-26-7 Xcode 11.0\n\nXcode 11.0 addresses the following:\n\nIDE SCM\nAvailable for: macOS Mojave 10.14.4 and later\nImpact: Multiple issues in libssh2\nDescription: Multiple issues were addressed by updating to version\n2.16. \nCVE-2019-3855: Chris Coulson\n\nld64\nAvailable for: macOS Mojave 10.14.4 and later\nImpact: Compiling code without proper input validation could lead to\narbitrary code execution with user privilege\nDescription: Multiple issues in ld64 in the Xcode toolchains were\naddressed by updating to version ld64-507.4. \nCVE-2019-8721: Pan ZhenPeng of Qihoo 360 Nirvan Team\nCVE-2019-8722: Pan ZhenPeng of Qihoo 360 Nirvan Team\nCVE-2019-8723: Pan ZhenPeng of Qihoo 360 Nirvan Team\nCVE-2019-8724: Pan ZhenPeng of Qihoo 360 Nirvan Team\n\notool\nAvailable for: macOS Mojave 10.14.4 and later\nImpact: Processing a maliciously crafted file may lead to arbitrary\ncode execution\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2019-8738: Pan ZhenPeng (@Peterpan0927) of Qihoo 360 Nirvan Team\nCVE-2019-8739: Pan ZhenPeng (@Peterpan0927) of Qihoo 360 Nirvan Team\n\nInstallation note:\n\nXcode 11.0 may be obtained from:\n\nhttps://developer.apple.com/xcode/downloads/\n\nTo check that the Xcode has been updated:\n\n* Select Xcode in the menu bar\n* Select About Xcode\n* The version after applying this update will be \"11.0\". 6) - i386, x86_64\n\n3. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: libssh2 security update\nAdvisory ID: RHSA-2019:0679-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2019:0679\nIssue date: 2019-03-28\nCVE Names: CVE-2019-3855 CVE-2019-3856 CVE-2019-3857\n CVE-2019-3863\n====================================================================\n1. Summary:\n\nAn update for libssh2 is now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - aarch64, ppc64le, s390x\nRed Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - aarch64, noarch, ppc64le, s390x\n\n3. Description:\n\nThe libssh2 packages provide a library that implements the SSH2 protocol. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing these updated packages, all running applications using\nlibssh2 must be restarted for this update to take effect. \n\n5. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nlibssh2-1.4.3-12.el7_6.2.src.rpm\n\nx86_64:\nlibssh2-1.4.3-12.el7_6.2.i686.rpm\nlibssh2-1.4.3-12.el7_6.2.x86_64.rpm\nlibssh2-debuginfo-1.4.3-12.el7_6.2.i686.rpm\nlibssh2-debuginfo-1.4.3-12.el7_6.2.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nnoarch:\nlibssh2-docs-1.4.3-12.el7_6.2.noarch.rpm\n\nx86_64:\nlibssh2-debuginfo-1.4.3-12.el7_6.2.i686.rpm\nlibssh2-debuginfo-1.4.3-12.el7_6.2.x86_64.rpm\nlibssh2-devel-1.4.3-12.el7_6.2.i686.rpm\nlibssh2-devel-1.4.3-12.el7_6.2.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nlibssh2-1.4.3-12.el7_6.2.src.rpm\n\nx86_64:\nlibssh2-1.4.3-12.el7_6.2.i686.rpm\nlibssh2-1.4.3-12.el7_6.2.x86_64.rpm\nlibssh2-debuginfo-1.4.3-12.el7_6.2.i686.rpm\nlibssh2-debuginfo-1.4.3-12.el7_6.2.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nnoarch:\nlibssh2-docs-1.4.3-12.el7_6.2.noarch.rpm\n\nx86_64:\nlibssh2-debuginfo-1.4.3-12.el7_6.2.i686.rpm\nlibssh2-debuginfo-1.4.3-12.el7_6.2.x86_64.rpm\nlibssh2-devel-1.4.3-12.el7_6.2.i686.rpm\nlibssh2-devel-1.4.3-12.el7_6.2.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nlibssh2-1.4.3-12.el7_6.2.src.rpm\n\nppc64:\nlibssh2-1.4.3-12.el7_6.2.ppc.rpm\nlibssh2-1.4.3-12.el7_6.2.ppc64.rpm\nlibssh2-debuginfo-1.4.3-12.el7_6.2.ppc.rpm\nlibssh2-debuginfo-1.4.3-12.el7_6.2.ppc64.rpm\n\nppc64le:\nlibssh2-1.4.3-12.el7_6.2.ppc64le.rpm\nlibssh2-debuginfo-1.4.3-12.el7_6.2.ppc64le.rpm\n\ns390x:\nlibssh2-1.4.3-12.el7_6.2.s390.rpm\nlibssh2-1.4.3-12.el7_6.2.s390x.rpm\nlibssh2-debuginfo-1.4.3-12.el7_6.2.s390.rpm\nlibssh2-debuginfo-1.4.3-12.el7_6.2.s390x.rpm\n\nx86_64:\nlibssh2-1.4.3-12.el7_6.2.i686.rpm\nlibssh2-1.4.3-12.el7_6.2.x86_64.rpm\nlibssh2-debuginfo-1.4.3-12.el7_6.2.i686.rpm\nlibssh2-debuginfo-1.4.3-12.el7_6.2.x86_64.rpm\n\nRed Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7):\n\nSource:\nlibssh2-1.4.3-12.el7_6.2.src.rpm\n\naarch64:\nlibssh2-1.4.3-12.el7_6.2.aarch64.rpm\nlibssh2-debuginfo-1.4.3-12.el7_6.2.aarch64.rpm\n\nppc64le:\nlibssh2-1.4.3-12.el7_6.2.ppc64le.rpm\nlibssh2-debuginfo-1.4.3-12.el7_6.2.ppc64le.rpm\n\ns390x:\nlibssh2-1.4.3-12.el7_6.2.s390.rpm\nlibssh2-1.4.3-12.el7_6.2.s390x.rpm\nlibssh2-debuginfo-1.4.3-12.el7_6.2.s390.rpm\nlibssh2-debuginfo-1.4.3-12.el7_6.2.s390x.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nnoarch:\nlibssh2-docs-1.4.3-12.el7_6.2.noarch.rpm\n\nppc64:\nlibssh2-debuginfo-1.4.3-12.el7_6.2.ppc.rpm\nlibssh2-debuginfo-1.4.3-12.el7_6.2.ppc64.rpm\nlibssh2-devel-1.4.3-12.el7_6.2.ppc.rpm\nlibssh2-devel-1.4.3-12.el7_6.2.ppc64.rpm\n\nppc64le:\nlibssh2-debuginfo-1.4.3-12.el7_6.2.ppc64le.rpm\nlibssh2-devel-1.4.3-12.el7_6.2.ppc64le.rpm\n\ns390x:\nlibssh2-debuginfo-1.4.3-12.el7_6.2.s390.rpm\nlibssh2-debuginfo-1.4.3-12.el7_6.2.s390x.rpm\nlibssh2-devel-1.4.3-12.el7_6.2.s390.rpm\nlibssh2-devel-1.4.3-12.el7_6.2.s390x.rpm\n\nx86_64:\nlibssh2-debuginfo-1.4.3-12.el7_6.2.i686.rpm\nlibssh2-debuginfo-1.4.3-12.el7_6.2.x86_64.rpm\nlibssh2-devel-1.4.3-12.el7_6.2.i686.rpm\nlibssh2-devel-1.4.3-12.el7_6.2.x86_64.rpm\n\nRed Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7):\n\naarch64:\nlibssh2-debuginfo-1.4.3-12.el7_6.2.aarch64.rpm\nlibssh2-devel-1.4.3-12.el7_6.2.aarch64.rpm\n\nnoarch:\nlibssh2-docs-1.4.3-12.el7_6.2.noarch.rpm\n\nppc64le:\nlibssh2-debuginfo-1.4.3-12.el7_6.2.ppc64le.rpm\nlibssh2-devel-1.4.3-12.el7_6.2.ppc64le.rpm\n\ns390x:\nlibssh2-debuginfo-1.4.3-12.el7_6.2.s390.rpm\nlibssh2-debuginfo-1.4.3-12.el7_6.2.s390x.rpm\nlibssh2-devel-1.4.3-12.el7_6.2.s390.rpm\nlibssh2-devel-1.4.3-12.el7_6.2.s390x.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nlibssh2-1.4.3-12.el7_6.2.src.rpm\n\nx86_64:\nlibssh2-1.4.3-12.el7_6.2.i686.rpm\nlibssh2-1.4.3-12.el7_6.2.x86_64.rpm\nlibssh2-debuginfo-1.4.3-12.el7_6.2.i686.rpm\nlibssh2-debuginfo-1.4.3-12.el7_6.2.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nnoarch:\nlibssh2-docs-1.4.3-12.el7_6.2.noarch.rpm\n\nx86_64:\nlibssh2-debuginfo-1.4.3-12.el7_6.2.i686.rpm\nlibssh2-debuginfo-1.4.3-12.el7_6.2.x86_64.rpm\nlibssh2-devel-1.4.3-12.el7_6.2.i686.rpm\nlibssh2-devel-1.4.3-12.el7_6.2.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2019-3855\nhttps://access.redhat.com/security/cve/CVE-2019-3856\nhttps://access.redhat.com/security/cve/CVE-2019-3857\nhttps://access.redhat.com/security/cve/CVE-2019-3863\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2019 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXJznXNzjgjWX9erEAQiaLQ/+NOZQa78T9tZT0qw516dUqmfm8y03YJDd\nLDgRcAbSQIlYF59kO4SxBZ13APCc8ippJXzSeBS49AeQLdesjaj3bYnWXeAiDwIE\nwE2zqYhjBH3YUW8vmoP26sC4Ov8rijsevHQcn7PcRiTrR/gSdzU59LkxouyWokAC\nnFVzke+D7aQMFv6mo9EbEEH1Q85/WIfJKKB4XuCHM13L1ohLuVVQnsjxwZtq8hev\nFCQp1moLuyyvDGjEa0lhp05gqIoDGPccpAzlcbz/HWgkb/6nGOQeTsGkN4MPCqbA\nO5YilLdgg3/HASMhtWopCgLQucDI6UEdA4sqAmQFJT5sB19kfJVRDQYSKIim8Tno\n7DICVw0x5p4YzexurImz5tORwsAhTsKt52Z32KEgaVfZLqBwdJP+l3mQaS4H9wZ7\nz4hSB+EPaK6UbKJVq5D5/vhYJlQsSd8sDkLcz30UqNpY0o3LwqBK/8m8apikjxCu\ncdM0ykUZJsccAB0zwuteBP9dEvyUHFhSkpQgWDZIqHgOuE2jpCnIRpl3aRDgB+ND\nXkktDObjALWmIqg1Zs6+vLIDhGKG08ZNSpwaLZQrvFK59aGA/2BTDgupJh607Tv4\nD/l/yO/KxEaUQa5zsFpej2gIfIFElzZc82/ZmWaViyALtpjJ/kKdC4Fzb5PlVIuH\ntLzz6XhldNU=R5e5\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. 8) - aarch64, noarch, ppc64le, s390x, x86_64\n\n3. Description:\n\nKernel-based Virtual Machine (KVM) offers a full virtualization solution\nfor Linux on numerous hardware platforms. The virt:rhel module contains\npackages which provide user-space components used to run virtual machines\nusing KVM. The packages also provide APIs for managing and interacting with\nthe virtualized systems. \n\nSecurity Fix(es):\n\n* A flaw was found in the implementation of the \"fill buffer\", a mechanism\nused by modern CPUs when a cache-miss is made on L1 CPU cache. If an\nattacker can generate a load operation that would create a page fault, the\nexecution will continue speculatively with incorrect data from the fill\nbuffer while the data is fetched from higher level caches. This response\ntime can be measured to infer data in the fill buffer. (CVE-2018-12130)\n\n* Modern Intel microprocessors implement hardware-level micro-optimizations\nto improve the performance of writing data back to CPU caches. The write\noperation is split into STA (STore Address) and STD (STore Data)\nsub-operations. These sub-operations allow the processor to hand-off\naddress generation logic into these sub-operations for optimized writes. \nBoth of these sub-operations write to a shared distributed processor\nstructure called the \u0027processor store buffer\u0027. As a result, an\nunprivileged attacker could use this flaw to read private data resident\nwithin the CPU\u0027s processor store buffer. (CVE-2018-12126)\n\n* Microprocessors use a \u2018load port\u2019 subcomponent to perform load operations\nfrom memory or IO. During a load operation, the load port receives data\nfrom the memory or IO subsystem and then provides the data to the CPU\nregisters and operations in the CPU\u2019s pipelines. Stale load operations\nresults are stored in the \u0027load port\u0027 table until overwritten by newer\noperations. Certain load-port operations triggered by an attacker can be\nused to reveal data about previous stale requests leaking data back to the\nattacker via a timing side-channel. (CVE-2018-12127)\n\n* Uncacheable memory on some microprocessors utilizing speculative\nexecution may allow an authenticated user to potentially enable information\ndisclosure via a side channel with local access",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-3855"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002832"
},
{
"db": "BID",
"id": "107485"
},
{
"db": "VULHUB",
"id": "VHN-155290"
},
{
"db": "PACKETSTORM",
"id": "154655"
},
{
"db": "PACKETSTORM",
"id": "153510"
},
{
"db": "PACKETSTORM",
"id": "152282"
},
{
"db": "PACKETSTORM",
"id": "152874"
},
{
"db": "PACKETSTORM",
"id": "153654"
},
{
"db": "PACKETSTORM",
"id": "153811"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-3855",
"trust": 3.4
},
{
"db": "BID",
"id": "107485",
"trust": 2.0
},
{
"db": "PACKETSTORM",
"id": "152136",
"trust": 1.7
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2019/03/18/3",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002832",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201903-634",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2019.4341",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2340",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.4083",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.1274",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4479.2",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.0911",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.4226",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.0996",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.0894",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "153654",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "154655",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "153510",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "152282",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "153811",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "152509",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "153969",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-155290",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "152874",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-155290"
},
{
"db": "BID",
"id": "107485"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002832"
},
{
"db": "PACKETSTORM",
"id": "154655"
},
{
"db": "PACKETSTORM",
"id": "153510"
},
{
"db": "PACKETSTORM",
"id": "152282"
},
{
"db": "PACKETSTORM",
"id": "152874"
},
{
"db": "PACKETSTORM",
"id": "153654"
},
{
"db": "PACKETSTORM",
"id": "153811"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-634"
},
{
"db": "NVD",
"id": "CVE-2019-3855"
}
]
},
"id": "VAR-201903-0388",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-155290"
}
],
"trust": 0.01
},
"last_update_date": "2024-09-19T21:31:57.688000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "[SECURITY] [DLA 1730-1] libssh2 security update",
"trust": 0.8,
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html"
},
{
"title": "DSA-4431",
"trust": 0.8,
"url": "https://www.debian.org/security/2019/dsa-4431"
},
{
"title": "FEDORA-2019-f31c14682f",
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XCWEA5ZCLKRDUK62QVVYMFWLWKOPX3LO/"
},
{
"title": "Possible integer overflow in transport read allows out-of-bounds write",
"trust": 0.8,
"url": "https://www.libssh2.org/CVE-2019-3855.html"
},
{
"title": "NTAP-20190327-0005",
"trust": 0.8,
"url": "https://security.netapp.com/advisory/ntap-20190327-0005/"
},
{
"title": "Bug 1687303",
"trust": 0.8,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3855"
},
{
"title": "RHSA-2019:0679",
"trust": 0.8,
"url": "https://access.redhat.com/errata/RHSA-2019:0679"
},
{
"title": "libssh2 Fixes for digital error vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=90196"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-002832"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-634"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-190",
"trust": 1.9
},
{
"problemtype": "CWE-787",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-155290"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002832"
},
{
"db": "NVD",
"id": "CVE-2019-3855"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.9,
"url": "http://packetstormsecurity.com/files/152136/slackware-security-advisory-libssh2-updates.html"
},
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/107485"
},
{
"trust": 2.3,
"url": "https://www.debian.org/security/2019/dsa-4431"
},
{
"trust": 2.0,
"url": "https://www.libssh2.org/cve-2019-3855.html"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3855"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2019:0679"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2019:1175"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2019:1652"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2019:1791"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2019:1943"
},
{
"trust": 1.7,
"url": "https://seclists.org/bugtraq/2019/mar/25"
},
{
"trust": 1.7,
"url": "https://seclists.org/bugtraq/2019/apr/25"
},
{
"trust": 1.7,
"url": "https://seclists.org/bugtraq/2019/sep/49"
},
{
"trust": 1.7,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=cve-2019-3855"
},
{
"trust": 1.7,
"url": "https://security.netapp.com/advisory/ntap-20190327-0005/"
},
{
"trust": 1.7,
"url": "https://support.apple.com/kb/ht210609"
},
{
"trust": 1.7,
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-767"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2019/sep/42"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"trust": 1.7,
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html"
},
{
"trust": 1.7,
"url": "http://www.openwall.com/lists/oss-security/2019/03/18/3"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2019:2399"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5dk6vo2ceutajfyikwnzkekymyr3no2o/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6lunhpw64igcasz4jq2j5kdxnzn53dww/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/m7if3lnhoa75o4wzwihjlirma5ljued3/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/xcwea5zclkrduk62qvvymfwlwkopx3lo/"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2019-3855"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2019-3856"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2019-3857"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2019-3863"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3855\\"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5dk6vo2ceutajfyikwnzkekymyr3no2o/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/m7if3lnhoa75o4wzwihjlirma5ljued3/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6lunhpw64igcasz4jq2j5kdxnzn53dww/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/xcwea5zclkrduk62qvvymfwlwkopx3lo/"
},
{
"trust": 0.6,
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20190655-1.html"
},
{
"trust": 0.6,
"url": "https://fortiguard.com/psirt/fg-ir-19-099"
},
{
"trust": 0.6,
"url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00028.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1115655"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1115643"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1115649"
},
{
"trust": 0.6,
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-201913982-1.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6520674"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/libssh2-multiple-vulnerabilities-28768"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/77838"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1120209"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht210609"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1116357"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2340/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.4226/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1170634"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/79010"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4341/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/77478"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/77406"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4479.2/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-integrated-management-module-ii-imm2-is-affected-by-multiple-vulnerabilities-in-libssh2/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.4083"
},
{
"trust": 0.5,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3856"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3857"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3863"
},
{
"trust": 0.5,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.3,
"url": "http://www.libssh2.org/"
},
{
"trust": 0.3,
"url": "https://www.libssh2.org/changes.html"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-3858"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-3859"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-3860"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-3861"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-3862"
},
{
"trust": 0.3,
"url": "https://www.libssh2.org/cve-2019-3856.html"
},
{
"trust": 0.3,
"url": "https://www.libssh2.org/cve-2019-3857.html"
},
{
"trust": 0.3,
"url": "https://www.libssh2.org/cve-2019-3858.html"
},
{
"trust": 0.3,
"url": "https://www.libssh2.org/cve-2019-3859.html"
},
{
"trust": 0.3,
"url": "https://www.libssh2.org/cve-2019-3860.html"
},
{
"trust": 0.3,
"url": "https://www.libssh2.org/cve-2019-3861.html"
},
{
"trust": 0.3,
"url": "https://www.libssh2.org/cve-2019-3862.html"
},
{
"trust": 0.3,
"url": "https://www.libssh2.org/cve-2019-3863.html"
},
{
"trust": 0.1,
"url": "https://support.apple.com/kb/ht201222"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8724"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8723"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8738"
},
{
"trust": 0.1,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.1,
"url": "https://developer.apple.com/xcode/downloads/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8722"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8721"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8739"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11091"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20815"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-12126"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-12127"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-12126"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-11091"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-12130"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-20815"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-12127"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-12130"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-155290"
},
{
"db": "BID",
"id": "107485"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002832"
},
{
"db": "PACKETSTORM",
"id": "154655"
},
{
"db": "PACKETSTORM",
"id": "153510"
},
{
"db": "PACKETSTORM",
"id": "152282"
},
{
"db": "PACKETSTORM",
"id": "152874"
},
{
"db": "PACKETSTORM",
"id": "153654"
},
{
"db": "PACKETSTORM",
"id": "153811"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-634"
},
{
"db": "NVD",
"id": "CVE-2019-3855"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-155290"
},
{
"db": "BID",
"id": "107485"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002832"
},
{
"db": "PACKETSTORM",
"id": "154655"
},
{
"db": "PACKETSTORM",
"id": "153510"
},
{
"db": "PACKETSTORM",
"id": "152282"
},
{
"db": "PACKETSTORM",
"id": "152874"
},
{
"db": "PACKETSTORM",
"id": "153654"
},
{
"db": "PACKETSTORM",
"id": "153811"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-634"
},
{
"db": "NVD",
"id": "CVE-2019-3855"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-03-21T00:00:00",
"db": "VULHUB",
"id": "VHN-155290"
},
{
"date": "2019-03-18T00:00:00",
"db": "BID",
"id": "107485"
},
{
"date": "2019-04-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-002832"
},
{
"date": "2019-09-29T10:11:11",
"db": "PACKETSTORM",
"id": "154655"
},
{
"date": "2019-07-02T14:08:10",
"db": "PACKETSTORM",
"id": "153510"
},
{
"date": "2019-03-28T16:23:48",
"db": "PACKETSTORM",
"id": "152282"
},
{
"date": "2019-05-15T14:55:50",
"db": "PACKETSTORM",
"id": "152874"
},
{
"date": "2019-07-16T20:10:44",
"db": "PACKETSTORM",
"id": "153654"
},
{
"date": "2019-07-30T18:13:57",
"db": "PACKETSTORM",
"id": "153811"
},
{
"date": "2019-03-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201903-634"
},
{
"date": "2019-03-21T21:29:00.433000",
"db": "NVD",
"id": "CVE-2019-3855"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-10-15T00:00:00",
"db": "VULHUB",
"id": "VHN-155290"
},
{
"date": "2019-03-18T00:00:00",
"db": "BID",
"id": "107485"
},
{
"date": "2019-04-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-002832"
},
{
"date": "2021-12-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201903-634"
},
{
"date": "2023-11-07T03:10:14.793000",
"db": "NVD",
"id": "CVE-2019-3855"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201903-634"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "libssh2 Integer overflow vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-002832"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201903-634"
}
],
"trust": 0.6
}
}
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.