CVE-2019-3859

CVE Database · CVE-2019-3859

CVE-2019-3859

· CRITICALModified

CVSS v3.1

9.1

EPSS

6.28%

Published

Mar 21, 2019

Modified

Dec 18, 2025

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the _libssh2_packet_require and _libssh2_packet_requirev functions. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Weaknesses (CWE)

CWE-125CWE-125CWE-125

Affected Products (8)

libssh2 · libssh2 (up to 1.8.1)vulnerable

fedoraproject · fedoravulnerable

debian · debian_linuxvulnerable

netapp · ontap_select_deploy_administration_utilityvulnerable

opensuse · leapvulnerable

References (20)

http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html