mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-29 17:50:34 +00:00
25 lines
1.1 KiB
Markdown
25 lines
1.1 KiB
Markdown
|
### [CVE-2019-3862](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3862)
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
### Description
|
||
|
|
|
||
|
|
An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit status message and no payload are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.
|
||
|
|
|
||
|
|
### POC
|
||
|
|
|
||
|
|
#### Reference
|
||
|
|
- http://packetstormsecurity.com/files/152136/Slackware-Security-Advisory-libssh2-Updates.html
|
||
|
|
- https://www.oracle.com/security-alerts/cpujan2020.html
|
||
|
|
- https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
|
||
|
|
|
||
|
|
#### Github
|
||
|
|
- https://github.com/KorayAgaya/TrivyWeb
|
||
|
|
- https://github.com/Mohzeela/external-secret
|
||
|
|
- https://github.com/siddharthraopotukuchi/trivy
|
||
|
|
- https://github.com/simiyo/trivy
|
||
|
|
- https://github.com/t31m0/Vulnerability-Scanner-for-Containers
|
||
|
|
- https://github.com/umahari/security
|
||
|
|
|