cvelist/2019/3xxx/CVE-2019-3863.json

{
    "data_type": "CVE",
    "data_format": "MITRE",
    "data_version": "4.0",
    "CVE_data_meta": {
        "ID": "CVE-2019-3863",
        "ASSIGNER": "secalert@redhat.com",
        "STATE": "PUBLIC"
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "vendor_name": "The libssh2 Project",
                    "product": {
                        "product_data": [
                            {
                                "product_name": "libssh2",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_value": "1.8.1"
                                        }
                                    ]
                                }
                            }
                        ]
                    }
                }
            ]
        }
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "CWE-190"
                    }
                ]
            },
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "CWE-787"
                    }
                ]
            }
        ]
    },
    "references": {
        "reference_data": [
            {
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3863",
                "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3863",
                "refsource": "CONFIRM"
            },
            {
                "url": "https://www.libssh2.org/CVE-2019-3863.html",
                "refsource": "MISC",
                "name": "https://www.libssh2.org/CVE-2019-3863.html"
            },
            {
                "refsource": "MLIST",
                "name": "[debian-lts-announce] 20190326 [SECURITY] [DLA 1730-1] libssh2 security update",
                "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html"
            },
            {
                "refsource": "CONFIRM",
                "name": "https://security.netapp.com/advisory/ntap-20190327-0005/",
                "url": "https://security.netapp.com/advisory/ntap-20190327-0005/"
            },
            {
                "refsource": "REDHAT",
                "name": "RHSA-2019:0679",
                "url": "https://access.redhat.com/errata/RHSA-2019:0679"
            },
            {
                "refsource": "SUSE",
                "name": "openSUSE-SU-2019:1075",
                "url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html"
            },
            {
                "refsource": "SUSE",
                "name": "openSUSE-SU-2019:1109",
                "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html"
            },
            {
                "refsource": "FEDORA",
                "name": "FEDORA-2019-3348cb4934",
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/"
            },
            {
                "refsource": "DEBIAN",
                "name": "DSA-4431",
                "url": "https://www.debian.org/security/2019/dsa-4431"
            },
            {
                "refsource": "BUGTRAQ",
                "name": "20190415 [SECURITY] [DSA 4431-1] libssh2 security update",
                "url": "https://seclists.org/bugtraq/2019/Apr/25"
            },
            {
                "refsource": "REDHAT",
                "name": "RHSA-2019:1175",
                "url": "https://access.redhat.com/errata/RHSA-2019:1175"
            },
            {
                "refsource": "REDHAT",
                "name": "RHSA-2019:1652",
                "url": "https://access.redhat.com/errata/RHSA-2019:1652"
            },
            {
                "refsource": "REDHAT",
                "name": "RHSA-2019:1791",
                "url": "https://access.redhat.com/errata/RHSA-2019:1791"
            },
            {
                "refsource": "REDHAT",
                "name": "RHSA-2019:1943",
                "url": "https://access.redhat.com/errata/RHSA-2019:1943"
            },
            {
                "refsource": "REDHAT",
                "name": "RHSA-2019:2399",
                "url": "https://access.redhat.com/errata/RHSA-2019:2399"
            },
            {
                "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
                "refsource": "MISC",
                "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
            }
        ]
    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "A flaw was found in libssh2 before 1.8.1. A server could send a multiple keyboard interactive response messages whose total length are greater than unsigned char max characters. This value is used as an index to copy memory causing in an out of bounds memory write error."
            }
        ]
    },
    "impact": {
        "cvss": [
            [
                {
                    "vectorString": "7.5/CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
                    "version": "3.0"
                }
            ]
        ]
    }
}
- Synchronized data. 2019-01-03 14:05:09 -05:00			`{`
"-Synchronized-Data." 2019-10-16 18:01:15 +00:00			`"data_type": "CVE",`
			`"data_format": "MITRE",`
			`"data_version": "4.0",`
			`"CVE_data_meta": {`
			`"ID": "CVE-2019-3863",`
			`"ASSIGNER": "secalert@redhat.com",`
			`"STATE": "PUBLIC"`
CVE-2019-3863 2019-03-19 12:57:26 -03:00			`},`
"-Synchronized-Data." 2019-10-16 18:01:15 +00:00			`"affects": {`
			`"vendor": {`
			`"vendor_data": [`
CVE-2019-3863 2019-03-19 12:57:26 -03:00			`{`
"-Synchronized-Data." 2019-10-16 18:01:15 +00:00			`"vendor_name": "The libssh2 Project",`
			`"product": {`
			`"product_data": [`
CVE-2019-3863 2019-03-19 12:57:26 -03:00			`{`
"-Synchronized-Data." 2019-10-16 18:01:15 +00:00			`"product_name": "libssh2",`
			`"version": {`
			`"version_data": [`
CVE-2019-3863 2019-03-19 12:57:26 -03:00			`{`
"-Synchronized-Data." 2019-10-16 18:01:15 +00:00			`"version_value": "1.8.1"`
CVE-2019-3863 2019-03-19 12:57:26 -03:00			`}`
			`]`
			`}`
			`}`
			`]`
			`}`
			`}`
			`]`
			`}`
			`},`
"-Synchronized-Data." 2019-10-16 18:01:15 +00:00			`"problemtype": {`
			`"problemtype_data": [`
CVE-2019-3863 2019-03-19 12:57:26 -03:00			`{`
"-Synchronized-Data." 2019-10-16 18:01:15 +00:00			`"description": [`
CVE-2019-3863 2019-03-19 12:57:26 -03:00			`{`
"-Synchronized-Data." 2019-10-16 18:01:15 +00:00			`"lang": "eng",`
			`"value": "CWE-190"`
CVE-2019-3863 2019-03-19 12:57:26 -03:00			`}`
			`]`
			`},`
			`{`
"-Synchronized-Data." 2019-10-16 18:01:15 +00:00			`"description": [`
CVE-2019-3863 2019-03-19 12:57:26 -03:00			`{`
"-Synchronized-Data." 2019-10-16 18:01:15 +00:00			`"lang": "eng",`
			`"value": "CWE-787"`
CVE-2019-3863 2019-03-19 12:57:26 -03:00			`}`
			`]`
			`}`
			`]`
			`},`
"-Synchronized-Data." 2019-10-16 18:01:15 +00:00			`"references": {`
			`"reference_data": [`
CVE-2019-3863 2019-03-19 12:57:26 -03:00			`{`
"-Synchronized-Data." 2019-10-16 18:01:15 +00:00			`"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3863",`
			`"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3863",`
			`"refsource": "CONFIRM"`
CVE-2019-3863 2019-03-19 12:57:26 -03:00			`},`
			`{`
"-Synchronized-Data." 2019-10-16 18:01:15 +00:00			`"url": "https://www.libssh2.org/CVE-2019-3863.html",`
			`"refsource": "MISC",`
			`"name": "https://www.libssh2.org/CVE-2019-3863.html"`
"-Synchronized-Data." 2019-03-26 16:00:46 +00:00			`},`
			`{`
"-Synchronized-Data." 2019-10-16 18:01:15 +00:00			`"refsource": "MLIST",`
			`"name": "[debian-lts-announce] 20190326 [SECURITY] [DLA 1730-1] libssh2 security update",`
			`"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html"`
"-Synchronized-Data." 2019-03-27 19:00:45 +00:00			`},`
			`{`
"-Synchronized-Data." 2019-10-16 18:01:15 +00:00			`"refsource": "CONFIRM",`
			`"name": "https://security.netapp.com/advisory/ntap-20190327-0005/",`
			`"url": "https://security.netapp.com/advisory/ntap-20190327-0005/"`
"-Synchronized-Data." 2019-03-28 19:00:49 +00:00			`},`
			`{`
"-Synchronized-Data." 2019-10-16 18:01:15 +00:00			`"refsource": "REDHAT",`
			`"name": "RHSA-2019:0679",`
			`"url": "https://access.redhat.com/errata/RHSA-2019:0679"`
"-Synchronized-Data." 2019-03-28 22:00:45 +00:00			`},`
			`{`
"-Synchronized-Data." 2019-10-16 18:01:15 +00:00			`"refsource": "SUSE",`
			`"name": "openSUSE-SU-2019:1075",`
			`"url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html"`
"-Synchronized-Data." 2019-04-02 18:00:52 +00:00			`},`
			`{`
"-Synchronized-Data." 2019-10-16 18:01:15 +00:00			`"refsource": "SUSE",`
			`"name": "openSUSE-SU-2019:1109",`
			`"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html"`
"-Synchronized-Data." 2019-04-05 05:00:46 +00:00			`},`
			`{`
"-Synchronized-Data." 2019-10-16 18:01:15 +00:00			`"refsource": "FEDORA",`
			`"name": "FEDORA-2019-3348cb4934",`
			`"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/"`
"-Synchronized-Data." 2019-04-13 19:00:41 +00:00			`},`
			`{`
"-Synchronized-Data." 2019-10-16 18:01:15 +00:00			`"refsource": "DEBIAN",`
			`"name": "DSA-4431",`
			`"url": "https://www.debian.org/security/2019/dsa-4431"`
"-Synchronized-Data." 2019-04-15 09:00:43 +00:00			`},`
			`{`
"-Synchronized-Data." 2019-10-16 18:01:15 +00:00			`"refsource": "BUGTRAQ",`
			`"name": "20190415 [SECURITY] [DSA 4431-1] libssh2 security update",`
			`"url": "https://seclists.org/bugtraq/2019/Apr/25"`
"-Synchronized-Data." 2019-05-14 21:00:47 +00:00			`},`
			`{`
"-Synchronized-Data." 2019-10-16 18:01:15 +00:00			`"refsource": "REDHAT",`
			`"name": "RHSA-2019:1175",`
			`"url": "https://access.redhat.com/errata/RHSA-2019:1175"`
"-Synchronized-Data." 2019-07-02 15:00:54 +00:00			`},`
			`{`
"-Synchronized-Data." 2019-10-16 18:01:15 +00:00			`"refsource": "REDHAT",`
			`"name": "RHSA-2019:1652",`
			`"url": "https://access.redhat.com/errata/RHSA-2019:1652"`
"-Synchronized-Data." 2019-07-16 17:00:47 +00:00			`},`
			`{`
"-Synchronized-Data." 2019-10-16 18:01:15 +00:00			`"refsource": "REDHAT",`
			`"name": "RHSA-2019:1791",`
			`"url": "https://access.redhat.com/errata/RHSA-2019:1791"`
"-Synchronized-Data." 2019-07-30 13:01:00 +00:00			`},`
			`{`
"-Synchronized-Data." 2019-10-16 18:01:15 +00:00			`"refsource": "REDHAT",`
			`"name": "RHSA-2019:1943",`
			`"url": "https://access.redhat.com/errata/RHSA-2019:1943"`
"-Synchronized-Data." 2019-08-07 14:00:49 +00:00			`},`
			`{`
"-Synchronized-Data." 2019-10-16 18:01:15 +00:00			`"refsource": "REDHAT",`
			`"name": "RHSA-2019:2399",`
			`"url": "https://access.redhat.com/errata/RHSA-2019:2399"`
Bill Situ <Bill.Situ@Oracle.com> Update 3rd party CVEs for 2019 Oracl CPU October On branch cna/Oracle/CPU2019Oct Changes to be committed: modified: 2015/5xxx/CVE-2015-5180.json modified: 2015/9xxx/CVE-2015-9251.json modified: 2016/0xxx/CVE-2016-0729.json modified: 2016/1000xxx/CVE-2016-1000031.json modified: 2016/4xxx/CVE-2016-4000.json modified: 2016/5xxx/CVE-2016-5425.json modified: 2016/6xxx/CVE-2016-6814.json modified: 2016/7xxx/CVE-2016-7103.json modified: 2016/8xxx/CVE-2016-8610.json modified: 2017/12xxx/CVE-2017-12626.json modified: 2017/16xxx/CVE-2017-16531.json modified: 2017/17xxx/CVE-2017-17558.json modified: 2017/5xxx/CVE-2017-5645.json modified: 2017/6xxx/CVE-2017-6056.json modified: 2017/7xxx/CVE-2017-7656.json modified: 2017/7xxx/CVE-2017-7657.json modified: 2017/7xxx/CVE-2017-7658.json modified: 2017/9xxx/CVE-2017-9735.json modified: 2018/0xxx/CVE-2018-0732.json modified: 2018/1000xxx/CVE-2018-1000007.json modified: 2018/1000xxx/CVE-2018-1000120.json modified: 2018/1000xxx/CVE-2018-1000873.json modified: 2018/11xxx/CVE-2018-11784.json modified: 2018/11xxx/CVE-2018-11798.json modified: 2018/12xxx/CVE-2018-12384.json modified: 2018/12xxx/CVE-2018-12404.json modified: 2018/12xxx/CVE-2018-12536.json modified: 2018/12xxx/CVE-2018-12538.json modified: 2018/12xxx/CVE-2018-12545.json modified: 2018/14xxx/CVE-2018-14718.json modified: 2018/14xxx/CVE-2018-14719.json modified: 2018/14xxx/CVE-2018-14720.json modified: 2018/14xxx/CVE-2018-14721.json modified: 2018/15xxx/CVE-2018-15756.json modified: 2018/16xxx/CVE-2018-16842.json modified: 2018/18xxx/CVE-2018-18065.json modified: 2018/18xxx/CVE-2018-18066.json modified: 2018/19xxx/CVE-2018-19360.json modified: 2018/19xxx/CVE-2018-19361.json modified: 2018/19xxx/CVE-2018-19362.json modified: 2018/1xxx/CVE-2018-1320.json modified: 2018/20xxx/CVE-2018-20685.json modified: 2018/7xxx/CVE-2018-7185.json modified: 2018/8xxx/CVE-2018-8032.json modified: 2018/8xxx/CVE-2018-8034.json modified: 2018/8xxx/CVE-2018-8037.json modified: 2019/0xxx/CVE-2019-0188.json modified: 2019/0xxx/CVE-2019-0196.json modified: 2019/0xxx/CVE-2019-0197.json modified: 2019/0xxx/CVE-2019-0211.json modified: 2019/0xxx/CVE-2019-0215.json modified: 2019/0xxx/CVE-2019-0217.json modified: 2019/0xxx/CVE-2019-0220.json modified: 2019/0xxx/CVE-2019-0227.json modified: 2019/0xxx/CVE-2019-0232.json modified: 2019/10xxx/CVE-2019-10072.json modified: 2019/10xxx/CVE-2019-10081.json modified: 2019/10xxx/CVE-2019-10082.json modified: 2019/10xxx/CVE-2019-10092.json modified: 2019/10xxx/CVE-2019-10097.json modified: 2019/10xxx/CVE-2019-10098.json modified: 2019/10xxx/CVE-2019-10241.json modified: 2019/10xxx/CVE-2019-10246.json modified: 2019/10xxx/CVE-2019-10247.json modified: 2019/11xxx/CVE-2019-11068.json modified: 2019/11xxx/CVE-2019-11358.json modified: 2019/12xxx/CVE-2019-12086.json modified: 2019/12xxx/CVE-2019-12384.json modified: 2019/12xxx/CVE-2019-12814.json modified: 2019/14xxx/CVE-2019-14379.json modified: 2019/14xxx/CVE-2019-14439.json modified: 2019/14xxx/CVE-2019-14540.json modified: 2019/16xxx/CVE-2019-16335.json modified: 2019/17xxx/CVE-2019-17091.json modified: 2019/1xxx/CVE-2019-1543.json modified: 2019/1xxx/CVE-2019-1547.json modified: 2019/1xxx/CVE-2019-1549.json modified: 2019/1xxx/CVE-2019-1552.json modified: 2019/1xxx/CVE-2019-1559.json modified: 2019/1xxx/CVE-2019-1563.json modified: 2019/3xxx/CVE-2019-3855.json modified: 2019/3xxx/CVE-2019-3856.json modified: 2019/3xxx/CVE-2019-3857.json modified: 2019/3xxx/CVE-2019-3858.json modified: 2019/3xxx/CVE-2019-3859.json modified: 2019/3xxx/CVE-2019-3860.json modified: 2019/3xxx/CVE-2019-3861.json modified: 2019/3xxx/CVE-2019-3862.json modified: 2019/3xxx/CVE-2019-3863.json modified: 2019/5xxx/CVE-2019-5435.json modified: 2019/5xxx/CVE-2019-5436.json modified: 2019/5xxx/CVE-2019-5443.json modified: 2019/6xxx/CVE-2019-6109.json modified: 2019/6xxx/CVE-2019-6111.json modified: 2019/8xxx/CVE-2019-8457.json modified: 2019/9xxx/CVE-2019-9511.json modified: 2019/9xxx/CVE-2019-9517.json modified: 2019/9xxx/CVE-2019-9936.json modified: 2019/9xxx/CVE-2019-9937.json 2019-10-15 13:33:48 -07:00			`},`
			`{`
"-Synchronized-Data." 2019-10-16 18:01:15 +00:00			`"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",`
			`"refsource": "MISC",`
			`"name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"`
CVE-2019-3863 2019-03-19 12:57:26 -03:00			`}`
			`]`
"-Synchronized-Data." 2019-03-18 07:06:31 +00:00			`},`
"-Synchronized-Data." 2019-10-16 18:01:15 +00:00			`"description": {`
			`"description_data": [`
"-Synchronized-Data." 2019-03-18 07:06:31 +00:00			`{`
"-Synchronized-Data." 2019-10-16 18:01:15 +00:00			`"lang": "eng",`
			`"value": "A flaw was found in libssh2 before 1.8.1. A server could send a multiple keyboard interactive response messages whose total length are greater than unsigned char max characters. This value is used as an index to copy memory causing in an out of bounds memory write error."`
"-Synchronized-Data." 2019-03-18 07:06:31 +00:00			`}`
			`]`
CVE-2019-3863 2019-03-19 12:57:26 -03:00			`},`
"-Synchronized-Data." 2019-10-16 18:01:15 +00:00			`"impact": {`
			`"cvss": [`
CVE-2019-3863 2019-03-19 12:57:26 -03:00			`[`
			`{`
"-Synchronized-Data." 2019-10-16 18:01:15 +00:00			`"vectorString": "7.5/CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",`
			`"version": "3.0"`
CVE-2019-3863 2019-03-19 12:57:26 -03:00			`}`
			`]`
			`]`
"-Synchronized-Data." 2019-03-18 07:06:31 +00:00			`}`
"-Synchronized-Data." 2019-03-25 18:00:53 +00:00			`}`