VuXML: libssh2 -- multiple issues

Affected packages

libssh2

1.8.1,3

linux-c6-libssh2

1.4.2_7

linux-c7-libssh2

1.4.3_3

Details

VuXML ID	6e58e1e9-2636-413e-9f84-4c0e21143628
Discovery	2019-03-14
Entry	2019-04-18
Modified	2019-07-07

VuXML ID

6e58e1e9-2636-413e-9f84-4c0e21143628

Discovery

2019-03-14

Entry

2019-04-18

Modified

2019-07-07

libssh2 developers report:

Defend against possible integer overflows in comp_method_zlib_decomp.

Defend against writing beyond the end of the payload in _libssh2_transport_read().

Sanitize padding_length - _libssh2_transport_read().

This prevents an underflow resulting in a potential out-of-bounds read if a server sends a too-large padding_length, possibly with malicious intent.

Prevent zero-byte allocation in sftp_packet_read() which could lead to an out-of-bounds read.

Check the length of data passed to sftp_packet_add() to prevent out-of-bounds reads.

Add a required_size parameter to sftp_packet_require et. al. to require callers of these functions to handle packets that are too short.

Additional length checks to prevent out-of-bounds reads and writes in _libssh2_packet_add().

[source]

CVE Name	CVE-2019-3855
CVE Name	CVE-2019-3856
CVE Name	CVE-2019-3857
CVE Name	CVE-2019-3858
CVE Name	CVE-2019-3859
CVE Name	CVE-2019-3860
CVE Name	CVE-2019-3861
CVE Name	CVE-2019-3862
CVE Name	CVE-2019-3863
URL	https://github.com/libssh2/libssh2/releases/tag/libssh2-1.8.1
URL	https://libssh2.org/CVE-2019-3855.html
URL	https://libssh2.org/CVE-2019-3856.html
URL	https://libssh2.org/CVE-2019-3857.html
URL	https://libssh2.org/CVE-2019-3858.html
URL	https://libssh2.org/CVE-2019-3859.html
URL	https://libssh2.org/CVE-2019-3860.html
URL	https://libssh2.org/CVE-2019-3861.html
URL	https://libssh2.org/CVE-2019-3862.html
URL	https://libssh2.org/CVE-2019-3863.html

libssh2 -- multiple issues

Details

References