ASA-2019-00144 – libssh2: Possible integer overflow in keyboard interactive handling allows out-of-bounds write


Allele Security Alert

ASA-2019-00144

Identifier(s)

ASA-2019-00144, CVE-2019-3856

Title

Possible integer overflow in keyboard interactive handling allows out-of-bounds write

Vendor(s)

The libssh2 project

Product(s)

libssh2

Affected version(s)

libssh2 all versions to and including 1.8.0

Fixed version(s)

libssh2 1.8.1

Proof of concept

Unknown

Description

A server could send a value approaching unsigned int max number of keyboard prompt requests which could result in an unchecked integer overflow. The value would then be used to allocate memory causing a possible memory write out of bounds error (CWE-130).

Technical details

Unknown

Credits

Chris Coulson (Canonical Ltd)

Reference(s)

libssh2 Security Advisory: CVE-2019-3856
https://www.libssh2.org/CVE-2019-3856.html

[SECURITY ADVISORIES] libssh2
https://seclists.org/oss-sec/2019/q1/184

Security fixes (#315) · libssh2/libssh2@dc109a7
https://github.com/libssh2/libssh2/commit/dc109a7f518757741590bb993c0c8412928ccec2

Security fixes by willco007 · Pull Request #315 · libssh2/libssh2
https://github.com/libssh2/libssh2/pull/315

CVE-2019-3856 - Red Hat Customer Portal
https://access.redhat.com/security/cve/CVE-2019-3856

CVE-2019-3856
https://security-tracker.debian.org/tracker/CVE-2019-3856

CVE-2019-3856 in Ubuntu
https://people.canonical.com/~ubuntu-security/cve/CVE-2019-3856.html

CVE-2019-3856 | SUSE
https://www.suse.com/security/cve/CVE-2019-3856

CVE-2019-3856
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3856

CVE-2019-3856
https://nvd.nist.gov/vuln/detail/CVE-2019-3856

If there is any error in this alert or you wish a comprehensive analysis, let us know.

Last modified: March 19, 2019

We are not responsible for any data loss, device corruption or any other type of issue due to the use of any information mentioned in our security alerts.