ASA-2019-00151 – libssh2: Integer overflow in user authenticate keyboard interactive allows out-of-bounds writes


Allele Security Alert

ASA-2019-00151

Identifier(s)

ASA-2019-00151, CVE-2019-3863

Title

Integer overflow in user authenticate keyboard interactive allows out-of-bounds writes

Vendor(s)

The libssh2 project

Product(s)

libssh2

Affected version(s)

libssh2 versions 0.1 up to and including 1.8.0

Fixed version(s)

libssh2 1.8.1

Proof of concept

Unknown

Description

A server could send a multiple keyboard interactive response messages whose total length are greater than unsigned char max characters. This value is used as an index to copy memory causing in an out of bounds memory write error. (CWE-130).

Technical details

Unknown

Credits

Chris Coulson (Canonical Ltd)

Reference(s)

libssh2 Security Advisory: CVE-2019-3863
https://www.libssh2.org/CVE-2019-3863.html

[SECURITY ADVISORIES] libssh2
https://seclists.org/oss-sec/2019/q1/184

Security fixes (#315) · libssh2/libssh2@dc109a7
https://github.com/libssh2/libssh2/commit/dc109a7f518757741590bb993c0c8412928ccec2

Security fixes by willco007 · Pull Request #315 · libssh2/libssh2
https://github.com/libssh2/libssh2/pull/315

CVE-2019-3863 - Red Hat Customer Portal
https://access.redhat.com/security/cve/CVE-2019-3863

CVE-2019-3863
https://security-tracker.debian.org/tracker/CVE-2019-3863

CVE-2019-3863 in Ubuntu
https://people.canonical.com/~ubuntu-security/cve/CVE-2019-3863.html

CVE-2019-3863 | SUSE
https://www.suse.com/security/cve/CVE-2019-3863

CVE-2019-3863
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3863

CVE-2019-3863
https://nvd.nist.gov/vuln/detail/CVE-2019-3863

If there is any error in this alert or you wish a comprehensive analysis, let us know.

Last modified: March 19, 2019

We are not responsible for any data loss, device corruption or any other type of issue due to the use of any information mentioned in our security alerts.