Merge pull request #1722 from RedHatProductSecurity/CVE-2019-3863

CVE-2019-3863
2025-08-04 08:44:25 +00:00 · 2019-03-25 13:52:16 -04:00 · 2019-03-25 13:52:16 -04:00 · 85ed950477
commit 85ed950477
parent 30fa289d25 a521aaf1e8
1 changed files with 72 additions and 8 deletions
--- a/2019/3xxx/CVE-2019-3863.json
+++ b/2019/3xxx/CVE-2019-3863.json
@ -1,18 +1,82 @@
 {
-    "CVE_data_meta": {
-        "ASSIGNER": "cve@mitre.org",
-        "ID": "CVE-2019-3863",
-        "STATE": "RESERVED"
-    },
-    "data_format": "MITRE",
    "data_type": "CVE",
+    "data_format": "MITRE",
    "data_version": "4.0",
+    "CVE_data_meta": {
+        "ID": "CVE-2019-3863",
+        "ASSIGNER": "psampaio@redhat.com"
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "vendor_name": "The libssh2 Project",
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "libssh2",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "1.8.1"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    }
+                }
+            ]
+        }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "CWE-190"
+                    }
+                ]
+            },
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "CWE-787"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3863",
+                "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3863",
+                "refsource": "CONFIRM"
+            },
+            {
+                "url": "https://www.libssh2.org/CVE-2019-3863.html"
+            }
+        ]
+    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "A flaw was found in libssh2 before 1.8.1. A server could send a multiple keyboard interactive response messages whose total length are greater than unsigned char max characters. This value is used as an index to copy memory causing in an out of bounds memory write error."
            }
        ]
+    },
+    "impact": {
+        "cvss": [
+            [
+                {
+                    "vectorString": "7.5/CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
+                    "version": "3.0"
+                }
+            ]
+        ]
    }
-}
+}